From 96b46de7c8a790ebf72ae5bb918c98226f87b171 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Fri, 23 Sep 2022 14:53:40 +0200
Subject: [PATCH] update alert-messages based on review feedback

---
 .../CWE/CWE-129/ImproperArrayIndexValidation.ql  |  2 +-
 .../CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql    |  2 +-
 .../CWE-401/MemoryLeakOnFailedCallToRealloc.ql   |  2 +-
 .../CWE/CWE-787/UnsignedToSignedPointerArith.ql  |  2 +-
 .../NoCheckBeforeUnsafePutUser.expected          |  6 +++---
 .../MemoryLeakOnFailedCallToRealloc.expected     | 16 ++++++++--------
 .../ImproperArrayIndexValidation.expected        |  2 +-
 .../ImproperArrayIndexValidation.expected        |  6 +++---
 8 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
index dfc20ad53dd..33a6ee1d5f5 100644
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -127,5 +127,5 @@ where
   conf.hasFlowPath(source, sink) and
   isFlowSource(source.getNode(), sourceType)
 select sink.getNode(), source, sink,
-  "An array indexing expression depends on a $@ that might be outside the bounds of the array.",
+  "An array indexing expression depends on $@ that might be outside the bounds of the array.",
   source.getNode(), lowerFirst(sourceType)
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
index 8bcc433b18c..f01a7cb1ed0 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
@@ -87,4 +87,4 @@ class ExploitableUserModePtrParam extends SystemCallSource {
 }
 
 from ExploitableUserModePtrParam p
-select p, "'unsafe_put_user' write user-mode pointer $@ without check.", p, p.toString()
+select p, "This 'unsafe_put_user' writes a user-mode pointer without a security check."
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
index 19b0088959c..ce991a42a68 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -58,4 +58,4 @@ class ReallocCallLeak extends FunctionCall {
 
 from ReallocCallLeak rcl
 where not rcl.mayHandleByTermination()
-select rcl, "Possible loss of original pointer on unsuccessful call realloc."
+select rcl, "Possible loss of original pointer on unsuccessful call to 'realloc'."
diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
index b6e8e750513..4327d6e364e 100644
--- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
@@ -26,5 +26,5 @@ where
   DataFlow::localFlow(DataFlow::parameterNode(p), sink) and
   p.getUnspecifiedType().getSize() < 8
 select call,
-  "This call passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@.",
+  "This call passes an unsigned int to a function that requires a signed int: $@. It's then used in pointer arithmetic: $@.",
   f, f.toString(), sink, sink.toString()
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected
index 4ed87c58faf..69985fd2791 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected
@@ -1,3 +1,3 @@
-| test.cpp:20:21:20:22 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:20:21:20:22 | ref arg & ... | ref arg & ... |
-| test.cpp:41:21:41:22 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:41:21:41:22 | ref arg & ... | ref arg & ... |
-| test.cpp:69:21:69:27 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:69:21:69:27 | ref arg & ... | ref arg & ... |
+| test.cpp:20:21:20:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
+| test.cpp:41:21:41:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
+| test.cpp:69:21:69:27 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
diff --git a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
index 3b4bcba0b0c..140434974a1 100644
--- a/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
+++ b/cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected
@@ -1,8 +1,8 @@
-| test.c:34:29:34:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:63:29:63:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:139:29:139:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:186:29:186:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:282:29:282:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:299:26:299:32 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:328:29:328:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:342:29:342:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
+| test.c:34:29:34:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:63:29:63:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:139:29:139:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:186:29:186:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:282:29:282:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:299:26:299:32 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:328:29:328:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:342:29:342:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
index 57be1554031..35d6e58f458 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -5,4 +5,4 @@ nodes
 | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data |
 subpaths
 #select
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | An array indexing expression depends on a $@ that might be outside the bounds of the array. | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | string read by fgets |
+| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | An array indexing expression depends on $@ that might be outside the bounds of the array. | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | string read by fgets |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
index ca288cdbcae..d0cdade3128 100644
--- a/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
+++ b/cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
@@ -21,6 +21,6 @@ nodes
 | test1.c:53:15:53:15 | j | semmle.label | j |
 subpaths
 #select
-| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |