Renamed README to CUSTOMIZING, removed details from qhelp and referenced md doc instead

aegilops · aegilops · commit 1ecd72727dda · 2024-06-19T17:59:43.000+01:00
diff --git a/javascript/ql/src/Security/CWE-693/CUSTOMIZING.md b/javascript/ql/src/Security/CWE-693/CUSTOMIZING.md
@@ -1,6 +1,6 @@
 # Insecure Helmet Configuration - customizations
 
-You can extend the required [Helmet security settings](https://helmetjs.github.io/) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/).
+You can extend the required [Helmet security settings](https://helmetjs.github.io/) using [data extensions](https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/) in a [CodeQL model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack).
 
 They are defaulted to just `frameguard` and `contentSecurityPolicy`, but you can add more using this method, to require them not to be set to `false` (which explicitly disables them) in the Helmet configuration.
 
@@ -18,7 +18,7 @@ extensions:
 
 Note: Using `frameguard` and `contentSecurityPolicy` is an example: the query already enforces these, so it is not necessary to add it with your own data extension.
 
-A suitable model pack might be:
+A suitable [model pack](https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack) might be:
 
 ```yaml
 name: my-org/javascript-helmet-insecure-config-model-pack
diff --git a/javascript/ql/src/Security/CWE-693/InsecureHelmet.qhelp b/javascript/ql/src/Security/CWE-693/InsecureHelmet.qhelp
@@ -19,18 +19,7 @@
         </p>
 
         <p>
-            Users of the query can extend the set of required Helmet features by adding additional checks for them, using CodeQL <a href="https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/">data extensions</a>.
-        </p>
-
-        <pre>extensions:
-  - addsTo:
-      pack: codeql/javascript-all
-      extensible: requiredHelmetSecuritySetting
-data:
-    - ["frameguard"]</pre>
-
-        <p>
-            Note: <code>frameguard</code> is an example: the query already enforces this setting, so it is not necessary to add it to the data extension. 
+            Users of the query can extend the set of required Helmet features by adding additional checks for them, using CodeQL <a href="https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-javascript/">data extensions</a> in a <a href="https://docs.github.com/en/code-security/codeql-cli/using-the-advanced-functionality-of-the-codeql-cli/creating-and-working-with-codeql-packs#creating-a-codeql-model-pack">CodeQL model pack</a>. See `CUSTOMIZING.md` in the query source for more information.
         </p>
 
     </overview>
