fix most ql/alert-message-style-violation

2026-04-28 10:15:14 +02:00 · 2022-09-13 22:48:02 +02:00
parent 18a8a3332d
commit e2a41cf49f
11 changed files with 18 additions and 18 deletions
--- a/go/ql/src/InconsistentCode/ConstantLengthComparison.ql
+++ b/go/ql/src/InconsistentCode/ConstantLengthComparison.ql
@@ -30,5 +30,5 @@ where
  cond.dominates(idx.getBasicBlock()) and
  // and that check happens inside the loop body
  cond.getCondition().getParent+() = fs
-select cond.getCondition(),
-  "This checks the length against a constant, but it is indexed using a variable $@.", idx, "here"
+select cond.getCondition(), "This checks the length against a constant, but it $@.", idx,
+  "is indexed using a variable"
--- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql
+++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql
@@ -116,5 +116,5 @@ where
  // `deref` dereferences `ptr`
  deref.getOperand() = ptr.getAUse()
 select deref.getOperand(),
-  ptr.getSourceVariable() + " may be nil here, because $@ may not have been checked.", err,
-  err.getSourceVariable().toString()
+  ptr.getSourceVariable() + " may be nil at this location, because $@ may not have been checked.",
+  err, err.getSourceVariable().toString()
--- a/go/ql/src/RedundantCode/CompareIdenticalValues.ql
+++ b/go/ql/src/RedundantCode/CompareIdenticalValues.ql
@@ -24,4 +24,4 @@ where
    cmp.getAnOperand() = decl.getAReference() and
    cmp.getAnOperand() instanceof BasicLit
  )
-select cmp, "This expression compares $@ to itself.", cmp.getLeftOperand(), "an expression"
+select cmp, "This expression compares an $@ to itself.", cmp.getLeftOperand(), "expression"
--- a/go/ql/src/RedundantCode/DuplicateCondition.ql
+++ b/go/ql/src/RedundantCode/DuplicateCondition.ql
@@ -30,4 +30,4 @@ GVN conditionGvn(IfStmt is, int i, Expr e) {

 from IfStmt is, Expr e, Expr f, int i, int j
 where conditionGvn(is, i, e) = conditionGvn(is, j, f) and i < j
-select f, "This condition is a duplicate of $@.", e, "an earlier condition"
+select f, "This condition is a duplicate of an $@.", e, "earlier condition"
--- a/go/ql/src/RedundantCode/DuplicateSwitchCase.ql
+++ b/go/ql/src/RedundantCode/DuplicateSwitchCase.ql
@@ -20,4 +20,4 @@ GVN switchCaseGvn(SwitchStmt switch, int i, Expr e) {

 from SwitchStmt switch, int i, Expr e, int j, Expr f
 where switchCaseGvn(switch, i, e) = switchCaseGvn(switch, j, f) and i < j
-select f, "This case is a duplicate of $@.", e, "an earlier case"
+select f, "This case is a duplicate of an $@.", e, "earlier case"
--- a/go/ql/src/RedundantCode/SelfAssignment.ql
+++ b/go/ql/src/RedundantCode/SelfAssignment.ql
@@ -23,4 +23,4 @@ from PotentialSelfAssignment assgn, HashableNode rhs
 where
  rhs = assgn.getRhs() and
  rhs.hash() = assgn.getLhs().(HashableNode).hash()
-select assgn, "This statement assigns $@ to itself.", rhs, "an expression"
+select assgn, "This statement assigns an $@ to itself.", rhs, "expression"
--- a/go/ql/src/Security/CWE-022/TaintedPath.ql
+++ b/go/ql/src/Security/CWE-022/TaintedPath.ql
@@ -21,5 +21,5 @@ import DataFlow::PathGraph

 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in a path.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(),
+  "user-provided value"
--- a/go/ql/src/Security/CWE-117/LogInjection.ql
+++ b/go/ql/src/Security/CWE-117/LogInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph

 from LogInjection::Configuration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
-select sink, source, sink, "This log write receives unsanitized user input from $@.",
-  source.getNode(), "here"
+select sink.getNode(), source, sink, "Log entry depends on $@.", source.getNode(),
+  "a user-provided value"
--- a/go/ql/src/Security/CWE-209/StackTraceExposure.ql
+++ b/go/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -77,5 +77,5 @@ class StackTraceExposureConfig extends TaintTracking::Configuration {
 from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
-  "here"
+  "$@ flows to this location and may be exposed to an external user.", source.getNode(),
+  "Stack trace information"
--- a/go/ql/src/Security/CWE-312/CleartextLogging.ql
+++ b/go/ql/src/Security/CWE-312/CleartextLogging.ql
@@ -19,5 +19,5 @@ import DataFlow::PathGraph

 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Sensitive data returned by $@ is logged here.",
-  source.getNode(), source.getNode().(Source).describe()
+select sink.getNode(), source, sink, "$@ is logged at this location.", source.getNode(),
+  "Sensitive data returned by " + source.getNode().(Source).describe()
--- a/go/ql/src/Security/CWE-643/XPathInjection.ql
+++ b/go/ql/src/Security/CWE-643/XPathInjection.ql
@@ -24,5 +24,5 @@ predicate isStringOrByte(DataFlow::PathNode node) {

 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink) and isStringOrByte(sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "XPath expression depends on $@.", source.getNode(),
+  "a user-provided value"