Apply suggestions from code review

gagliardetto · intrigus-lgtm · web-flow · commit ee4356501aad · 2020-07-16T18:36:40.000+03:00
Co-authored-by: intrigus-lgtm &lt;60750685+intrigus-lgtm@users.noreply.github.com&gt;
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2State.qhelp b/ql/src/experimental/CWE-352/ConstantOauth2State.qhelp
@@ -4,8 +4,8 @@
 <qhelp>
     <overview>
         <p>
-            Oauth2 clients must implement CSRF protection for the redirection URI, which is typically accomplished by including a "state" value that binds the request to
-            the user's authenticated state. The Go Oauth2 library allows to specify a "state" value which is then included in the auth code URL, and then provided back by the remote authentication server in the redirect callback, from where it must be validated; failure to do so makes the client susceptible to an CSRF attack.
+            OAuth 2.0 clients must implement CSRF protection for the redirection URI, which is typically accomplished by including a "state" value that binds the request to
+            the user's authenticated state. The Go OAuth 2.0 library allows to specify a "state" value which is then included in the auth code URL, and then provided back by the remote authentication server in the redirect callback, from where it must be validated; failure to do so makes the client susceptible to an CSRF attack.
         </p>
     </overview>
     <recommendation>
@@ -23,4 +23,4 @@
         </p>
         <sample src="ConstantOauth2StateBetter.go" />
     </example>
-</qhelp>
+</qhelp>
diff --git a/ql/src/experimental/CWE-352/ConstantOauth2State.ql b/ql/src/experimental/CWE-352/ConstantOauth2State.ql
@@ -1,6 +1,6 @@
 /**
- * @name Use of constant `state` value in Oauth2 URL.
- * @description Using a constant value for the `state` in the oauth2 URL makes the application
+ * @name Use of constant `state` value in OAuth 2.0 URL.
+ * @description Using a constant value for the `state` in the OAuth 2.0 URL makes the application
  *              susceptible to CSRF attacks.
  * @kind path-problem
  * @problem.severity error
@@ -14,7 +14,7 @@ import DataFlow::PathGraph
 
 /**
  * A method that creates a new URL that will send the user
- * to the oauth2 authorization dialog of the provider.
+ * to the OAuth 2.0 authorization dialog of the provider.
  */
 class AuthCodeURL extends Method {
   AuthCodeURL() { this.hasQualifiedName("golang.org/x/oauth2", "Config", "AuthCodeURL") }
