Apply suggestions from code review

Co-authored-by: Michael B. Gale <[email protected]>

Author: owen-mc

go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll

@@ -258,9 +258,8 @@ private module ConversionWithoutBoundsCheckConfig implements DataFlow::StateConf
 }
 
 /**
- * Tracks taint flow from an integer obtained from parsing a string flows to a
- * type conversion to a smaller integer type, which could cause unexpected
- * values.
+ * Tracks taint flow from an integer obtained from parsing a string that flows
+ * to a type conversion to a smaller integer type, which could cause data loss.
  */
 module Flow = TaintTracking::GlobalWithState<ConversionWithoutBoundsCheckConfig>;
 

go/ql/lib/semmle/go/security/InsecureRandomness.qll

@@ -47,8 +47,8 @@ module InsecureRandomness {
   }
 
   /**
-   * Tracks taint flow for reasoning about random values that are not
-   * cryptographically secure.
+   * Tracks taint flow from randomly generated values which are not
+   * cryptographically secure to cryptographic applications.
    */
   module Flow = TaintTracking::Global<Config>;
 }

go/ql/lib/semmle/go/security/OpenUrlRedirect.qll

@@ -104,6 +104,6 @@ module OpenUrlRedirect {
     }
   }
 
-  /** Tracks taint flow for reasoning about unvalidated URL redirections. */
+  /** Tracks taint flow from unvalidated, untrusted data to URL redirections. */
   module Flow = DataFlow::Global<Config>;
 }

go/ql/lib/semmle/go/security/ReflectedXss.qll

@@ -46,6 +46,6 @@ module ReflectedXss {
     predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
   }
 
-  /** Tracks taint flow for reasoning about XSS. */
+  /** Tracks taint flow from untrusted data to XSS attack vectors. */
   module Flow = TaintTracking::Global<Config>;
 }

go/ql/lib/semmle/go/security/RequestForgery.qll

@@ -67,6 +67,6 @@ module RequestForgery {
     }
   }
 
-  /** Tracks taint flow for reasoning about request forgery. */
+  /** Tracks taint flow from untrusted data to request forgery attack vectors. */
   module Flow = TaintTracking::Global<Config>;
 }

go/ql/lib/semmle/go/security/StringBreak.qll

@@ -50,8 +50,9 @@ module StringBreak {
   }
 
   /**
-   * Tracks taint flow for reasoning about unsafe-quoting vulnerabilities,
-   * parameterized with the type of quote being tracked.
+   * Tracks taint flow from untrusted data which may contain single or double
+   * quotes to uses where those quotes need to be escaped. The type of quote
+   * is accessible through the `Sink`.
    */
   module Flow = TaintTracking::GlobalWithState<Config>;
 }

go/ql/lib/semmle/go/security/UnsafeUnzipSymlink.qll

@@ -14,7 +14,7 @@ module UnsafeUnzipSymlink {
   import UnsafeUnzipSymlinkCustomizations::UnsafeUnzipSymlink
 
   /**
-   * DEPRECATED: Use a copy of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
+   * DEPRECATED: Use copies of `EvalSymlinksConfig` and `EvalSymlinksFlow` instead.
    *
    * A taint-flow configuration tracking archive header fields flowing to a `path/filepath.EvalSymlinks` call.
    */