From b00aa36cdcf3e199cb2ca55208d849a979b74030 Mon Sep 17 00:00:00 2001
From: Esben Sparre Andreasen <esben@semmle.com>
Date: Fri, 5 Oct 2018 12:25:07 +0200
Subject: [PATCH] JS: polish HttpToFileAccess.ql

---
 javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql    | 8 ++++----
 .../Security/CWE-912/HttpToFileAccess.expected            | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
index 73ba30c2ca2..0b4344fe2e4 100644
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -1,6 +1,6 @@
 /**
- * @name Http response data flows to File Access 
- * @description Writing data from an HTTP request directly to the file system allows arbitrary file upload and might indicate a backdoor.
+ * @name User-controlled data in file
+ * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
  * @kind problem
  * @problem.severity warning
  * @id js/http-to-file-access
@@ -11,6 +11,6 @@
 import javascript
 import semmle.javascript.security.dataflow.HttpToFileAccess
 
-from HttpToFileAccessFlow::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
+from HttpToFileAccess::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
 where configuration.hasFlow(src, sink)
-select sink, "$@ flows to file system", src, "Untrusted data received from Http response"
+select sink, "$@ flows to file system", src, "Untrusted data"
diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
index 326ed804bce..5799343dd26 100644
--- a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
@@ -1,3 +1,3 @@
-| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
+| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |