C++: Improve query output

cpp/ql/src/experimental/Security/CWE/CWE-409/DecompressionBombs.ql

@@ -14,14 +14,16 @@ import cpp
 import semmle.code.cpp.security.FlowSources
 import DecompressionBomb
 
+predicate isSink(FunctionCall fc, DataFlow::Node sink) {
+  exists(DecompressionFunction f | fc.getTarget() = f |
+    fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
+  )
+}
+
 module DecompressionTaintConfig implements DataFlow::ConfigSig {
   predicate isSource(DataFlow::Node source) { source instanceof FlowSource }
 
-  predicate isSink(DataFlow::Node sink) {
-    exists(FunctionCall fc, DecompressionFunction f | fc.getTarget() = f |
-      fc.getArgument(f.getArchiveParameterIndex()) = [sink.asExpr(), sink.asIndirectExpr()]
-    )
-  }
+  predicate isSink(DataFlow::Node sink) { isSink(_, sink) }
 
   predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
     any(DecompressionFlowStep f).isAdditionalFlowStep(node1, node2) or
@@ -33,7 +35,7 @@ module DecompressionTaint = TaintTracking::Global<DecompressionTaintConfig>;
 
 import DecompressionTaint::PathGraph
 
-from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink
-where DecompressionTaint::flowPath(source, sink)
-select sink.getNode(), source, sink, "This Decompression output $@.", source.getNode(),
-  "is not limited"
+from DecompressionTaint::PathNode source, DecompressionTaint::PathNode sink, FunctionCall fc
+where DecompressionTaint::flowPath(source, sink) and isSink(fc, sink.getNode())
+select sink.getNode(), source, sink, "The decompression output of $@ is not limited", fc,
+  fc.getTarget().getName()