Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll

erik-krogh · asgerf · web-flow · commit c49d5081cc8e · 2020-10-28T11:45:58.000+01:00
Co-authored-by: Asger F &lt;asgerf@github.com&gt;
diff --git a/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll b/javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
@@ -792,7 +792,7 @@ private module Redis {
      * Thereby the method is vulnerable if parameter `argIndex` is unexpectedly an array instead of a string, as an attacker can control arguments to Redis that the attacker was not supposed to control.
      *
      * Only setters and similar methods are included.
-     * For getter like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
+     * For getter-like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
      * it is at most possible to get a Redis call to return more results than expected (e.g. by adding more members to [`geohash`](https://redis.io/commands/geohash)).
      */
     bindingset[argIndex]

Original file line number	Diff line number	Diff line change
`@@ -792,7 +792,7 @@ private module Redis {`
`792`	`792`	* Thereby the method is vulnerable if parameter `argIndex` is unexpectedly an array instead of a string, as an attacker can control arguments to Redis that the attacker was not supposed to control.
`793`	`793`	`*`
`794`	`794`	`* Only setters and similar methods are included.`
`795`		`- * For getter like methods it is not generally possible to gain access "outside" of where you are supposed to have access,`
	`795`	`+ * For getter-like methods it is not generally possible to gain access "outside" of where you are supposed to have access,`
`796`	`796`	* it is at most possible to get a Redis call to return more results than expected (e.g. by adding more members to [`geohash`](https://redis.io/commands/geohash)).
`797`	`797`	`*/`
`798`	`798`	`bindingset[argIndex]`