Apply suggestions from code review (documentation)

geoffw0 · hubwriter · web-flow · commit 5698638d1f90 · 2022-04-19T13:38:00.000+01:00
Co-authored-by: hubwriter &lt;hubwriter@github.com&gt;
diff --git a/cpp/ql/src/Security/CWE/CWE-611/XXE.qhelp b/cpp/ql/src/Security/CWE/CWE-611/XXE.qhelp
@@ -4,7 +4,7 @@
 <overview>
 <p>
 Parsing untrusted XML files with a weakly configured XML parser may lead to an
-XML External Entity (XXE) attack. This type of attack uses external entity references
+XML external entity (XXE) attack. This type of attack uses external entity references
 to access arbitrary files on a system, carry out denial-of-service (DoS) attacks, or server-side
 request forgery. Even when the result of parsing is not returned to the user, DoS attacks are still possible
 and out-of-band data retrieval techniques may allow attackers to steal sensitive data.
diff --git a/cpp/ql/src/Security/CWE/CWE-611/XXE.ql b/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -1,5 +1,5 @@
 /**
- * @name External Entity Expansion
+ * @name XML external entity expansion
  * @description Parsing user-controlled XML documents and allowing expansion of
  *              external entity references may lead to disclosure of
  *              confidential data or denial of service.
@@ -208,5 +208,5 @@ class XXEConfiguration extends DataFlow::Configuration {
 from XXEConfiguration conf, DataFlow::PathNode source, DataFlow::PathNode sink
 where conf.hasFlowPath(source, sink)
 select sink, source, sink,
-  "This $@ is not configured to prevent an External Entity Expansion (XXE) attack.", source,
+  "This $@ is not configured to prevent an XML external entity (XXE) attack.", source,
   "XML parser"
