github · geoffw0 · Nov 5, 2019 · Oct 30, 2019
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.qhelp b/cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.qhelp
@@ -14,7 +14,7 @@ byte order function, such as <code>ntohl</code>.
 The use of a network-to-host byte order function is therefore a good indicator that the returned
 value is unvalidated data retrieved from the network, and should not be used without further
 validation. In particular, the returned value should not be used as an array index or array length
-value without validation, which may result in a buffer overflow vulnerability.
+value without validation, as this could result in a buffer overflow vulnerability.
 </p>
 </overview>
 

diff --git a/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.qhelp b/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.qhelp
@@ -37,7 +37,7 @@ which is then subsequently accessed to fetch properties of the device. However,
 check the return value from the function call to <code>initDeviceConfig</code>. If the
 device number passed to the <code>notify</code> function was invalid, the
 <code>initDeviceConfig</code> function will leave the <code>config</code> variable uninitialized,
-which would result in the <code>notify</code> function accessing uninitialized memory.</p>
+which will result in the <code>notify</code> function accessing uninitialized memory.</p>
 
 <sample src="ConditionallyUninitializedVariableBad.c" />
 

diff --git a/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql b/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
@@ -2,7 +2,7 @@
  * @name Conditionally uninitialized variable
  * @description When an initialization function is used to initialize a local variable, but the
  *              returned status code is not checked, the variable may be left in an uninitialized
- *              state, and reading the variable may result in undefined behaviour.
+ *              state, and reading the variable may result in undefined behavior.
  * @kind problem
  * @problem.severity warning
  * @opaque-id SM02313

diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.qhelp b/csharp/ql/src/Security Features/CWE-091/XMLInjection.qhelp
@@ -36,10 +36,10 @@ which ensures the content is appropriately escaped.</p>
 
 <references>
   <li>
-    <a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection">XML Injection</a> (The Web Application Security Consortium).
+    Web Application Security Consortium: <a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection">XML Injection</a>.
   </li>
   <li>
-    <a href="https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmlwriter.writeraw?view=netframework-4.8">WriteRaw</a> (Microsoft documentation).
+    Microsoft Docs: <a href="https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmlwriter.writeraw?view=netframework-4.8">WriteRaw</a>.
   </li>
 </references>
 </qhelp>
diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.qhelp b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.qhelp
@@ -14,7 +14,7 @@ was not intended to be loaded, and executing arbitrary code.
 <p>
 Avoid loading assemblies based on user provided input. If this is not possible, ensure that the path
 is validated before being used with <code>Assembly</code>. For example, compare the provided input
-against a whitelist of known safe assemblies, or confirm that path is restricted to a single
+against a whitelist of known safe assemblies, or confirm that the path is restricted to a single
 directory which only contains safe assemblies.
 </p>
 </recommendation>
@@ -30,8 +30,8 @@ is only loaded if the user input matches one of those options.</p>
 </example>
 
 <references>
-  <li>
-    <a href="https://docs.microsoft.com/en-us/dotnet/api/system.reflection.assembly?view=netframework-4.8">System.Reflection.Assembly</a> (Microsoft documentation).
+  <li>Microsoft: 
+    <a href="https://docs.microsoft.com/en-us/dotnet/api/system.reflection.assembly?view=netframework-4.8">System.Reflection.Assembly</a>.
   </li>
 </references>
 </qhelp>
diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
@@ -1,6 +1,6 @@
 /**
- * @name Do not use hard-coded encryption keys.
- * @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hardcoded value.
+ * @name Hard-coded encryption key
+ * @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hard-coded value.
  * @kind problem
  * @id cs/hardcoded-key
  * @problem.severity error

diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.qhelp b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.qhelp
@@ -3,7 +3,6 @@
   "qhelp.dtd">
 <qhelp>
 <overview>
-<p>Finds uses of insecure SQL Connections string by not enabling the <code>Encrypt</code> option.</p>
 
   <p>
     SQL Server connections where the client is not enforcing the encryption in transit are susceptible to multiple attacks, including a man-in-the-middle, that would potentially compromise the user credentials and/or the TDS session.
@@ -29,18 +28,17 @@
 
 </example>
 <references>
-
-  <li>
-    <a href="https://blogs.msdn.microsoft.com/sql_protocols/2009/10/19/selectively-using-secure-connection-to-sql-server/">Selectively using secure connection to SQL Server</a>
+  <li>Microsoft, SQL Protocols blog: 
+    <a href="https://blogs.msdn.microsoft.com/sql_protocols/2009/10/19/selectively-using-secure-connection-to-sql-server/">Selectively using secure connection to SQL Server</a>.
+  </li>
+  <li>Microsoft:
+    <a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=vs.110).aspx">SqlConnection.ConnectionString Property</a>.
+  </li>
+  <li>Microsoft: 
+    <a href="https://msdn.microsoft.com/en-us/library/ms130822.aspx">Using Connection String Keywords with SQL Server Native Client</a>.
   </li>
-  <li>
-    <a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=vs.110).aspx">Net SqlClient (ADO .Net)</a>
+  <li>Microsoft: 
+    <a href="https://msdn.microsoft.com/en-us/library/ms378988(v=sql.110).aspx">Setting the connection properties</a>.
   </li>
-  <li><a href="https://msdn.microsoft.com/en-us/library/ms130822.aspx">SQL native driver (SNAC)</a>
-</li>
-  <li>
-    <a href="https://msdn.microsoft.com/en-us/library/ms378988(v=sql.110).aspx">JDBC driver</a>
-</li>
-
 </references>
 </qhelp>
diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
@@ -1,6 +1,6 @@
 /**
  * @name Insecure SQL connection
- * @description TODO.
+ * @description Using an SQL Server connection without enforcing encryption is a security vulnerability.
  * @kind path-problem
  * @id cs/insecure-sql-connection
  * @problem.severity error