Added missing doc comments

atorralba · atorralba · commit ee269fbc6917 · 2021-05-06T09:18:48.000+02:00
diff --git a/java/ql/src/semmle/code/java/security/XPath.qll b/java/ql/src/semmle/code/java/security/XPath.qll
@@ -1,10 +1,16 @@
+/** Provides classes to reason about XPath vulnerabilities. */
+
+import java
 import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.dataflow.TaintTracking
 
 /**
  * An abstract type representing a call to interpret XPath expressions.
  */
 class XPathSink extends MethodAccess {
+  /**
+   * Gets the argument representing the XPath expressions to be evaluated.
+   */
   abstract Expr getSink();
 }
 
@@ -44,10 +50,12 @@ class NodeSelectNodes extends XPathSink {
   override Expr getSink() { result = this.getArgument(0) }
 }
 
+/** A sink that represents a method that interprets XPath expressions. */
 class XPathInjectionSink extends DataFlow::ExprNode {
   XPathInjectionSink() { exists(XPathSink sink | this.getExpr() = sink.getSink()) }
 }
 
+/** A configuration that tracks data from a remote input source to a XPath evaluation sink. */
 class XPathInjectionConfiguration extends TaintTracking::Configuration {
   XPathInjectionConfiguration() { this = "XPathInjection" }
 
