Reveiw suggestions: Spelling/grammar fixes

joefarebrother · tausbn · joefarebrother · commit 6e16ed52e886 · 2024-12-09T19:56:59.000Z
Co-authored-by: Taus &lt;tausbn@github.com&gt;
diff --git a/python/ql/src/Security/CWE-074/TemplateInjection.qhelp b/python/ql/src/Security/CWE-074/TemplateInjection.qhelp
@@ -18,7 +18,7 @@
         <p>The following is an example of a string that could be used to cause remote code execution when interpreted as a template:</p>
         <sample src="examples/template_exploit.txt" />
 
-        <p>In the following case, user input is not used to construct the template; rather is only used for as the parameters to render the template, which is safe.</p>
+        <p>In the following case, user input is not used to construct the template; rather it is only used as the parameters to render the template, which is safe.</p>
         <sample src="examples/JinjaGoodParam.py" />
         
         <p>In the following case, a <code>SandboxedEnvironment</code> is used, preventing remote code execution.</p>
diff --git a/python/ql/src/Security/CWE-074/TemplateInjection.ql b/python/ql/src/Security/CWE-074/TemplateInjection.ql
@@ -16,5 +16,5 @@ import TemplateInjectionFlow::PathGraph
 
 from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink
 where TemplateInjectionFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "This Template construction depends on $@.", source.getNode(),
+select sink.getNode(), source, sink, "This template construction depends on a $@.", source.getNode(),
   "user-provided value"
diff --git a/python/ql/src/change-notes/2024-11-21-template-injection.md b/python/ql/src/change-notes/2024-11-21-template-injection.md
@@ -1,4 +1,4 @@
 ---
 category: newQuery
 ---
-* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the ain query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
+* The Server Side Template Injection query (`py/template-injection`), originally contributed to the experimental query pack by @porcupineyhairs, has been promoted to the main query suite. This query finds instances of templates for a template engine such as Jinja being constructed with user input.
