JS: address review comments

Author: Esben Sparre Andreasen

javascript/ql/src/semmle/javascript/frameworks/NodeJSLib.qll

@@ -379,7 +379,7 @@ module NodeJSLib {
    *
    * We determine this by looking for an externs declaration for
    * `fs.methodName` where the `i`th parameter's name is `data` or
-   * `buffer` or a 'callback'.
+   * `buffer` or a `callback`.
    */
   private predicate fsDataParam(string methodName, int i, string n) {
     exists (ExternalMemberDecl decl, Function f, JSDocParamTag p |

javascript/ql/src/semmle/javascript/security/dataflow/FileAccessToHttp.qll

@@ -42,13 +42,8 @@ module FileAccessToHttp {
       node instanceof Sanitizer
     }
 
-    /** additional taint step that taints an object wrapping a source */
     override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) {
-      (
-          pred = DataFlow::valueNode(_) or
-          pred = DataFlow::parameterNode(_) or
-          pred instanceof DataFlow::PropRead
-      ) and
+      // taint entire object on property write
       exists (DataFlow::PropWrite pwr |
         succ = pwr.getBase() and
         pred = pwr.getRhs()