Apply code review suggestions.

atorralba · asgerf · atorralba · commit 3c4d938cf1c9 · 2023-06-19T10:20:19.000+02:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/csharp/ql/src/Security Features/CWE-022/ZipSlip.qhelp b/csharp/ql/src/Security Features/CWE-022/ZipSlip.qhelp
@@ -3,10 +3,9 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
-archive paths.</p>
+<p>Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
diff --git a/go/ql/src/Security/CWE-022/ZipSlip.qhelp b/go/ql/src/Security/CWE-022/ZipSlip.qhelp
@@ -5,9 +5,9 @@
 
 <overview>
 <p>
-Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
+Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.
 archive paths.
 </p>
 
diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp b/java/ql/src/Security/CWE/CWE-022/ZipSlip.qhelp
@@ -3,10 +3,9 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
-archive paths.</p>
+<p>Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.qhelp b/javascript/ql/src/Security/CWE-022/ZipSlip.qhelp
@@ -4,9 +4,9 @@
 <qhelp>
 
 <overview>
-<p>Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
+<p>Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.
 archive paths.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
diff --git a/python/ql/src/experimental/Security/CWE-022/ZipSlip.qhelp b/python/ql/src/experimental/Security/CWE-022/ZipSlip.qhelp
@@ -4,10 +4,9 @@
 <qhelp>
 
 <overview>
-<p>Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
-archive paths.</p>
+<p>Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.</p>
 
 <p>Zip archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
diff --git a/ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.qhelp b/ruby/ql/src/experimental/cwe-022-zipslip/ZipSlip.qhelp
@@ -4,10 +4,9 @@
 <qhelp>
 
 <overview>
-<p>Accessing filesystem paths built from the name of an archive entry without validating that the
-destination file path is within the destination directory can allow an attacker to access 
-unexpected resources, due to the possible presence of directory traversal elements (<code>..</code>) in
-archive paths.</p>
+<p>Extracting files from a malicious zip file, or similar type of archive,
+is at risk of directory traversal attacks if filenames from the archive are
+not properly validated.</p>
 
 <p>Tar archives contain archive entries representing each file in the archive. These entries
 include a file path for the entry, but these file paths are not restricted and may contain
