make the alert messages of taint-tracking queries more consistent

2026-04-30 11:15:13 +02:00 · 2022-09-02 22:50:59 +02:00
parent 1fe9b3f4bd
commit aa56ca37ae
69 changed files with 783 additions and 785 deletions
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionCustomizations.qll
@@ -19,7 +19,7 @@ module CodeInjection {
    /**
     * Gets the substitute for `X` in the message `User-provided value flows to X`.
     */
-    string getMessageSuffix() { result = "here and is interpreted as code" }
+    string getMessageSuffix() { result = "this location and is interpreted as code" }
  }

  /**
@@ -126,7 +126,8 @@ module CodeInjection {
    }

    override string getMessageSuffix() {
-      result = "here and is interpreted by " + templateType + ", which may evaluate it as code"
+      result =
+        "this location and is interpreted by " + templateType + ", which may evaluate it as code"
    }
  }

@@ -289,7 +290,7 @@ module CodeInjection {
  /** A sink for code injection via template injection. */
  abstract private class TemplateSink extends Sink {
    override string getMessageSuffix() {
-      result = "here and is interpreted as a template, which may contain code"
+      result = "this location and is interpreted as a template, which may contain code"
    }
  }

--- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeCustomizations.qll
@@ -54,7 +54,7 @@ module HardcodedDataInterpretedAsCode {

    override DataFlow::FlowLabel getLabel() { result.isTaint() }

-    override string getKind() { result = "code" }
+    override string getKind() { result = "Code" }
  }

  /**
@@ -65,6 +65,6 @@ module HardcodedDataInterpretedAsCode {

    override DataFlow::FlowLabel getLabel() { result.isDataOrTaint() }

-    override string getKind() { result = "an import path" }
+    override string getKind() { result = "An import path" }
  }
 }
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionCustomizations.qll
@@ -47,7 +47,7 @@ module RemotePropertyInjection {
      exists(DeleteExpr expr | expr.getOperand().(PropAccess).getPropertyNameExpr() = astNode)
    }

-    override string getMessage() { result = " a property name to write to." }
+    override string getMessage() { result = "A property name to write to" }
  }

  /**
@@ -65,6 +65,6 @@ module RemotePropertyInjection {
      )
    }

-    override string getMessage() { result = " a header name." }
+    override string getMessage() { result = "A header name" }
  }
 }