small changes based on review feedback

erik-krogh · erik-krogh · commit b5a57986c6e4 · 2019-11-26T15:57:31.000+01:00
diff --git a/change-notes/1.24/analysis-javascript.md b/change-notes/1.24/analysis-javascript.md
@@ -10,7 +10,7 @@
 
 | **Query**                                                                       | **Tags**                                                          | **Purpose**                                                                                                                                                                            |
 |---------------------------------------------------------------------------------|-------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Client-side cross-site scripting through exception (`js/xss-through-exception`) | security, external/cwe/cwe-079, external/cwe/cwe-116              | Highlights potential XSS vulnerabilities where an exception is written to the DOM. Results are not shown on LGTM by default. |
+| Cross-site scripting through exception (`js/xss-through-exception`) | security, external/cwe/cwe-079, external/cwe/cwe-116              | Highlights potential XSS vulnerabilities where an exception is written to the DOM. Results are not shown on LGTM by default. |
 
 ## Changes to existing queries
 
diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql
@@ -1,5 +1,5 @@
 /**
- * @name Client-side cross-site scripting through exception
+ * @name Cross-site scripting through exception
  * @description User input being part of an exception allows for 
  *              cross-site scripting if that exception is written
  *              to the DOM.  
diff --git a/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll b/javascript/ql/src/semmle/javascript/security/dataflow/ExceptionXss.qll
@@ -12,9 +12,9 @@ module ExceptionXss {
   import Xss as Xss
   
   /**
-   * Holds if `node` cannot cause an exception containing sensitive information to be thrown.
+   * Holds if `node` is unlikely to cause an exception containing sensitive information to be thrown.
    */
-  predicate canDefinitelyNotThrowSensitiveInformation(DataFlow::Node node) {
+  private predicate isUnlikelyToThrowSensitiveInformation(DataFlow::Node node) {
     node = any(DataFlow::CallNode call | call.getCalleeName() = "getElementById").getAnArgument()
     or
     node = any(DataFlow::CallNode call | call.getCalleeName() = "indexOf").getAnArgument()
@@ -28,7 +28,7 @@ module ExceptionXss {
    * Holds if `node` can possibly cause an exception containing sensitive information to be thrown.
    */
   predicate canThrowSensitiveInformation(DataFlow::Node node) {
-    not canDefinitelyNotThrowSensitiveInformation(node) and 
+    not isUnlikelyToThrowSensitiveInformation(node) and 
     (
       // in the case of reflective calls the below ensures that both InvokeNodes have no known callee.
       forex(DataFlow::InvokeNode call | node = call.getAnArgument() | not exists(call.getACallee()))
