Apply suggestions from code review

erik-krogh · asgerf · web-flow · commit b71919299bf0 · 2020-05-19T14:03:03.000+02:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.qhelp b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.qhelp
@@ -22,7 +22,7 @@
 
 	<p>
 		If possible, provide the dynamic arguments to the shell as an array 
-		using e.g. the <code>child_process.execFile</code> API to avoid
+		using a safe API such as <code>child_process.execFile</code> to avoid
 		interpretation by the shell.
 	</p>
 
@@ -49,7 +49,7 @@
 	</p>
 
 	<p>
-		Even worse, although less likely, a client might pass in user-controlled
+		Even worse, a client might pass in user-controlled
 		data not knowing that the input is interpreted as a shell command. 
 		This could allow a malicious user to provide the input <code>http://example.org; cat /etc/passwd</code>
 		in order to execute the command <code>cat /etc/passwd</code>.
diff --git a/javascript/ql/test/library-tests/PackageExports/index.js b/javascript/ql/test/library-tests/PackageExports/index.js
@@ -1 +1 @@
-module.exports = function notExporterAnyWhere() {} 
+module.exports = function notExportedAnyWhere() {} 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-module.exports = function notExporterAnyWhere() {}`
	`1`	`+module.exports = function notExportedAnyWhere() {}`