update alert-messages based on review feedback

2026-05-01 11:45:14 +02:00 · 2022-09-23 14:53:40 +02:00
parent edd03020c2
commit 96b46de7c8
8 changed files with 19 additions and 19 deletions
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
@@ -87,4 +87,4 @@ class ExploitableUserModePtrParam extends SystemCallSource {
 }

 from ExploitableUserModePtrParam p
-select p, "'unsafe_put_user' write user-mode pointer $@ without check.", p, p.toString()
+select p, "This 'unsafe_put_user' writes a user-mode pointer without a security check."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -58,4 +58,4 @@ class ReallocCallLeak extends FunctionCall {

 from ReallocCallLeak rcl
 where not rcl.mayHandleByTermination()
-select rcl, "Possible loss of original pointer on unsuccessful call realloc."
+select rcl, "Possible loss of original pointer on unsuccessful call to 'realloc'."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
@@ -26,5 +26,5 @@ where
  DataFlow::localFlow(DataFlow::parameterNode(p), sink) and
  p.getUnspecifiedType().getSize() < 8
 select call,
-  "This call passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@.",
+  "This call passes an unsigned int to a function that requires a signed int: $@. It's then used in pointer arithmetic: $@.",
  f, f.toString(), sink, sink.toString()