JS: polish HttpToFileAccess.qll

Esben Sparre Andreasen · Esben Sparre Andreasen · commit 64b0d3939007 · 2018-10-10T12:12:54.000+02:00
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccess.qll b/javascript/ql/src/semmle/javascript/security/dataflow/HttpToFileAccess.qll
@@ -1,30 +1,33 @@
-/** 
- * Provides taint tracking configuration for reasoning about files created from untrusted http downloads.  
+/**
+ * Provides a taint tracking configuration for reasoning about user-controlled data in files.
  */
 import javascript
 import semmle.javascript.security.dataflow.RemoteFlowSources
 
-module HttpToFileAccessFlow {
+module HttpToFileAccess {
+
   /**
-   * A data flow source from untrusted http request to file access taint tracking configuration.
+   * A data flow source for user-controlled data in files.
    */
   abstract class Source extends DataFlow::Node { }
 
   /**
-   * A data flow sink for untrusted http request to file access taint tracking configuration.
+   * A data flow sink for user-controlled data in files.
    */
   abstract class Sink extends DataFlow::Node { }
 
   /**
-   * A sanitizer for untrusted http request to file access taint tracking configuration.
+   * A sanitizer for user-controlled data in files.
    */
   abstract class Sanitizer extends DataFlow::Node { }
 
   /**
-   * A taint-tracking configuration for reasoning about file access from untrusted http response body.
+   * A taint tracking configuration for user-controlled data in files.
    */
   class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "HttpToFileAccessFlow" }
+    Configuration() {
+      this = "HttpToFileAccess"
+    }
 
     override predicate isSource(DataFlow::Node source) {
       source instanceof Source
@@ -39,12 +42,12 @@ module HttpToFileAccessFlow {
       node instanceof Sanitizer
     }
   }
-  
-  /** A source of remote data, considered as a flow source for untrusted http data to file system access. */
+
+  /** A source of remote user input, considered as a flow source for user-controlled data in files. */
   class RemoteFlowSourceAsSource extends Source {
     RemoteFlowSourceAsSource() { this instanceof RemoteFlowSource }
   }
-  
+
   /** A sink that represents file access method (write, append) argument */
   class FileAccessAsSink extends Sink {
     FileAccessAsSink () {
