Doc changes

maikypedia · jorgectf · web-flow · commit 70103967efad · 2023-09-17T18:47:19.000+02:00
Co-authored-by: Jorge &lt;46056498+jorgectf@users.noreply.github.com&gt;
diff --git a/python/ql/lib/semmle/python/frameworks/Joblib.qll b/python/ql/lib/semmle/python/frameworks/Joblib.qll
@@ -17,15 +17,6 @@ private module Joblib {
    * A call to `joblib.load`
    * See https://pypi.org/project/joblib/
    *
-   * Claiming there is decoding of the input to `joblib.load` is a bit questionable, since
-   * it's not the filename, but the contents of the file that is decoded.
-   *
-   * However, we definitely want to be able to alert if a user is able to control what
-   * file is used, since that can lead to code execution (even if that file is free of
-   * path injection).
-   *
-   * So right now the best way we have of modeling this seems to be to treat the filename
-   * argument as being deserialized...
    */
   private class PandasReadPickleCall extends Decoding::Range, DataFlow::CallCfgNode {
     PandasReadPickleCall() { this = API::moduleImport("joblib").getMember("load").getACall() }
diff --git a/python/ql/lib/semmle/python/frameworks/Numpy.qll b/python/ql/lib/semmle/python/frameworks/Numpy.qll
@@ -18,15 +18,6 @@ private module Numpy {
    * A call to `numpy.load`
    * See https://pypi.org/project/numpy/
    *
-   * Claiming there is decoding of the input to `numpy.load` is a bit questionable, since
-   * it's not the filename, but the contents of the file that is decoded.
-   *
-   * However, we definitely want to be able to alert if a user is able to control what
-   * file is used, since that can lead to code execution (even if that file is free of
-   * path injection).
-   *
-   * So right now the best way we have of modeling this seems to be to treat the filename
-   * argument as being deserialized...
    */
   private class PandasReadPickleCall extends Decoding::Range, DataFlow::CallCfgNode {
     PandasReadPickleCall() {
diff --git a/python/ql/lib/semmle/python/frameworks/Pandas.qll b/python/ql/lib/semmle/python/frameworks/Pandas.qll
@@ -17,7 +17,7 @@ private module Pandas {
   /**
    * A call to `pandas.read_pickle`
    * See https://pypi.org/project/pandas/
-   * https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html)
+   * See https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html
    */
   private class PandasReadPickleCall extends Decoding::Range, DataFlow::CallCfgNode {
     PandasReadPickleCall() {
