apply suggestions from doc review

github · Jan 25, 2024 · 05a59d2 · 05a59d2
1 parent 158ff0d
commit 05a59d2
Showing 1 changed file with 8 additions and 10 deletions.
diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp b/java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp
@@ -7,21 +7,20 @@
 can result in sensitive information being revealed or deleted, or an attacker being able to influence
 behavior by modifying unexpected files.</p>
 
-<p>Paths that are naively constructed from data controlled by a user may be absolute paths or contain
-unexpected special characters, such as "..". Such a path may potentially point anywhere on the file system.</p>
+<p>Paths that are naively constructed from data controlled by a user may be absolute paths, or may contain
+unexpected special characters such as "..". Such a path could point anywhere on the file system.</p>
 
 </overview>
 <recommendation>
 
 <p>Validate user input before using it to construct a file path.</p>
 
 <p>Common validation methods include checking that the normalized path is relative and does not contain
-any ".." components, or that the path is contained within a safe folder. The validation method to use depends
-on how the path is used in the application and whether the path is supposed to be a single path component.
-</p>
+any ".." components, or checking that the path is contained within a safe folder. The method you should use depends 
+on how the path is used in the application, and whether the path should be a single path component.
 
-<p>If the path is supposed to be a single path component (such as a file name) you can check for the existence
-of any path separators ("/" or "\") or ".." sequences in the input, and reject the input if any are found.
+<p>If the path should be a single path component (such as a file name), you can check for the existence 
+of any path separators ("/" or "\"), or ".." sequences in the input, and reject the input if any are found.
 </p>
 
 <p>
@@ -43,14 +42,13 @@ such as "/etc/passwd" or "../../../etc/passwd".</p>
 <sample src="examples/TaintedPath.java" />
 
 <p>
-If the input is just supposed to be a file name, you can check that it doesn't contain any path separators
-or ".." sequences.
+If the input should only be a file name, you can check that it doesn't contain any path separators or ".." sequences.
 </p>
 
 <sample src="examples/TaintedPathGoodNormalize.java" />
 
 <p>
-If the input is supposed to be found within a specific directory, you can check that the resolved path 
+If the input should be within a specific directory, you can check that the resolved path 
 is still contained within that directory.
 </p>