Update swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp

atorralba · subatoi · web-flow · commit 6e7c7c245b20 · 2022-12-05T08:47:18.000+01:00
Co-authored-by: Ben Ahmady &lt;32935794+subatoi@users.noreply.github.com&gt;
diff --git a/swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp b/swift/ql/src/queries/Security/CWE-022/PathInjection.qhelp
@@ -26,28 +26,29 @@ such as <code>..</code>. Such a path could point to any directory on the file sy
 
 <example>
 <p>
-In the first example, a file name is read from an HTTP request and then used to access a file.
-However, a malicious response could include a file name that is an absolute path, such as
+The following code shows two bad examples. 
+
+<sample src="PathInjectionBad.swift" />
+
+In the first, a file name is read from an HTTP request and then used to access a file. In this case, a malicious response could include a file name that is an absolute path, such as
 <code>"/Applications/(current_application)/Documents/sensitive.data"</code>.
 </p>
 
 <p>
-In the second example, it appears that the user is restricted to opening a file within the
-<code>"/Library/Caches"</code> home directory. However, a malicious response could contain a file name containing
+In the second bad example, it appears that the user is restricted to opening a file within the
+<code>"/Library/Caches"</code> home directory. In this case, a malicious response could contain a file name containing
 special characters. For example, the string <code>"../../Documents/sensitive.data"</code> will result in the code
 reading the file located at <code>"/Applications/(current_application)/Library/Caches/../../Documents/sensitive.data"</code>, 
-which contains users' sensitive data. This file may then be made accesible to an attacker, giving them access to all this data.
+which contains users' sensitive data. This file may then be made accessible to an attacker, giving them access to all this data.
 </p>
 
-<sample src="PathInjectionBad.swift" />
-
 <p>
-In the third example, the path used to access the file system is normalized <em>before</em> being checked against a
+In the following (good) example, the path used to access the file system is normalized <em>before</em> being checked against a
 known prefix. This ensures that regardless of the user input, the resulting path is safe.
 </p>
 
 <sample src="PathInjectionGood.swift" />
-
+```suggestion
 </example>
 
 <references>
