Ruby: Minor changes to InsecureDownload

hmac · hmac · commit 992cc517a862 · 2022-04-27T18:04:21.000+12:00
diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadCustomizations.qll
@@ -71,7 +71,7 @@ module InsecureDownload {
   }
 
   /**
-   * A HTTP or FTP url.
+   * A HTTP or FTP URL.
    */
   class InsecureUrl extends DataFlow::Node {
     string str;
@@ -99,8 +99,8 @@ module InsecureDownload {
    * A string containing a sensitive file extension,
    * seen as a source for downloads of sensitive files through an insecure connection.
    */
-  class SensitiveFileUrl extends Source {
-    SensitiveFileUrl() { hasUnsafeExtension(this.asExpr().getConstantValue().getString()) }
+  class SensitiveFileName extends Source {
+    SensitiveFileName() { hasUnsafeExtension(this.asExpr().getConstantValue().getString()) }
 
     override DataFlow::FlowState getALabel() { result instanceof Label::Sensitive }
   }
diff --git a/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll b/ruby/ql/lib/codeql/ruby/security/InsecureDownloadQuery.qll
@@ -1,5 +1,5 @@
 /**
- * Provides a taint tracking configuration for reasoning about download of sensitive file through insecure connection.
+ * Provides a dataflow configuration for reasoning about the download of sensitive file through insecure connection.
  *
  * Note, for performance reasons: only import this file if
  * `InsecureDownload::Configuration` is needed, otherwise

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/**`
`2`		`- * Provides a taint tracking configuration for reasoning about download of sensitive file through insecure connection.`
	`2`	`+ * Provides a dataflow configuration for reasoning about the download of sensitive file through insecure connection.`
`3`	`3`	`*`
`4`	`4`	`* Note, for performance reasons: only import this file if`
`5`	`5`	* `InsecureDownload::Configuration` is needed, otherwise