apply suggestions from doc review

Author: erik-krogh

javascript/ql/src/Security/CWE-078/CommandInjection.ql

@@ -28,5 +28,5 @@ where
     else highlight = sink.getNode()
   ) and
   sourceNode = source.getNode()
-select highlight, source, sink, "This command line depends on $@.", source.getNode(),
+select highlight, source, sink, "Command line depends on $@.", source.getNode(),
   "a user-provided value"

javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql

@@ -21,4 +21,4 @@ from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink
 where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode()
 select sinkNode.getAlertLocation(), source, sink, "$@ which depends on $@ is later used in $@.",
   sinkNode.getAlertLocation(), sinkNode.getSinkType(), source.getNode(), "library input",
-  sinkNode.getCommandExecution(), "shell command"
+  sinkNode.getCommandExecution(), "a shell command"

javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Invocation of method derived from $@ may lead to remote code execution.", source.getNode(),
+  "This method is invoked using $@, which may allow remote code execution.", source.getNode(),
   "a user-controlled value"

javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql

@@ -19,4 +19,4 @@ import DataFlow::PathGraph
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on $@.",
-  source.getNode(), "user-provided value"
+  source.getNode(), "a user-provided value"

javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql

@@ -19,5 +19,5 @@ import DataFlow::PathGraph
 from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink
 where dataflow.hasFlowPath(source, sink)
 select sink, source, sink,
-  "Iterating over user-controlled object with a potentially unbounded .length property from $@.",
+  "Iteration over a user-controlled object with a potentially unbounded .length property from $@.",
   source, "a user-provided value"

javascript/ql/test/query-tests/Security/CWE-078/CommandInjection.expected

@@ -72,9 +72,9 @@ edges
 | tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name |
 | tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name |
 #select
-| example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | Invocation of method derived from $@ may lead to remote code execution. | example.js:9:37:9:38 | ev | a user-controlled value |
-| tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | Invocation of method derived from $@ may lead to remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
-| tst.js:6:9:6:28 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:6:9:6:28 | window[message.name] | Invocation of method derived from $@ may lead to remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
-| tst.js:11:5:11:19 | f[message.name] | tst.js:3:37:3:38 | ev | tst.js:11:5:11:19 | f[message.name] | Invocation of method derived from $@ may lead to remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
-| tst.js:15:5:15:14 | window[ev] | tst.js:3:37:3:38 | ev | tst.js:15:5:15:14 | window[ev] | Invocation of method derived from $@ may lead to remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
-| tst.js:21:5:21:29 | window[ ... e.name] | tst.js:3:37:3:38 | ev | tst.js:21:5:21:29 | window[ ... e.name] | Invocation of method derived from $@ may lead to remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
+| example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | a user-controlled value |
+| tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
+| tst.js:6:9:6:28 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:6:9:6:28 | window[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
+| tst.js:11:5:11:19 | f[message.name] | tst.js:3:37:3:38 | ev | tst.js:11:5:11:19 | f[message.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
+| tst.js:15:5:15:14 | window[ev] | tst.js:3:37:3:38 | ev | tst.js:15:5:15:14 | window[ev] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |
+| tst.js:21:5:21:29 | window[ ... e.name] | tst.js:3:37:3:38 | ev | tst.js:21:5:21:29 | window[ ... e.name] | This method is invoked using $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | a user-controlled value |

javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction.expected

@@ -33,8 +33,8 @@ edges
 | tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
 | tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal |
 #select
-| tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
-| tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
-| tst.js:14:31:14:34 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:14:31:14:34 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
-| tst.js:16:10:16:13 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:16:10:16:13 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value |
-| tstNonExpr.js:8:17:8:23 | userVal | tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:8:17:8:23 | userVal | A header name depends on $@. | tstNonExpr.js:5:17:5:23 | req.url | user-provided value |
+| tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | a user-provided value |
+| tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | a user-provided value |
+| tst.js:14:31:14:34 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:14:31:14:34 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | a user-provided value |
+| tst.js:16:10:16:13 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:16:10:16:13 | prop | A property name to write to depends on $@. | tst.js:8:28:8:51 | req.que ... trolled | a user-provided value |
+| tstNonExpr.js:8:17:8:23 | userVal | tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:8:17:8:23 | userVal | A header name depends on $@. | tstNonExpr.js:5:17:5:23 | req.url | a user-provided value |

javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected

@@ -82,12 +82,12 @@ edges
 | LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val |
 | LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val |
 #select
-| LoopBoundInjectionBad.js:20:25:20:27 | val | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:20:25:20:27 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:8:13:8:20 | req.body | a user-provided value |
-| LoopBoundInjectionBad.js:29:16:29:18 | val | LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:29:16:29:18 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:10:15:10:22 | req.body | a user-provided value |
-| LoopBoundInjectionBad.js:38:15:38:17 | val | LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:38:15:38:17 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:12:25:12:32 | req.body | a user-provided value |
-| LoopBoundInjectionBad.js:51:25:51:27 | val | LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:51:25:51:27 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:14:19:14:26 | req.body | a user-provided value |
-| LoopBoundInjectionExitBad.js:20:22:20:24 | val | LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:20:22:20:24 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | a user-provided value |
-| LoopBoundInjectionExitBad.js:34:22:34:24 | val | LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:34:22:34:24 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | a user-provided value |
-| LoopBoundInjectionExitBad.js:49:22:49:24 | val | LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:49:22:49:24 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | a user-provided value |
-| LoopBoundInjectionExitBad.js:60:8:60:10 | val | LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:60:8:60:10 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | a user-provided value |
-| LoopBoundInjectionLodash.js:13:13:13:15 | val | LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:13:13:13:15 | val | Iterating over user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionLodash.js:9:13:9:20 | req.body | a user-provided value |
+| LoopBoundInjectionBad.js:20:25:20:27 | val | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:20:25:20:27 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:8:13:8:20 | req.body | a user-provided value |
+| LoopBoundInjectionBad.js:29:16:29:18 | val | LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:29:16:29:18 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:10:15:10:22 | req.body | a user-provided value |
+| LoopBoundInjectionBad.js:38:15:38:17 | val | LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:38:15:38:17 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:12:25:12:32 | req.body | a user-provided value |
+| LoopBoundInjectionBad.js:51:25:51:27 | val | LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:51:25:51:27 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionBad.js:14:19:14:26 | req.body | a user-provided value |
+| LoopBoundInjectionExitBad.js:20:22:20:24 | val | LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:20:22:20:24 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | a user-provided value |
+| LoopBoundInjectionExitBad.js:34:22:34:24 | val | LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:34:22:34:24 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | a user-provided value |
+| LoopBoundInjectionExitBad.js:49:22:49:24 | val | LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:49:22:49:24 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | a user-provided value |
+| LoopBoundInjectionExitBad.js:60:8:60:10 | val | LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:60:8:60:10 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | a user-provided value |
+| LoopBoundInjectionLodash.js:13:13:13:15 | val | LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:13:13:13:15 | val | Iteration over a user-controlled object with a potentially unbounded .length property from $@. | LoopBoundInjectionLodash.js:9:13:9:20 | req.body | a user-provided value |