Merge pull request #10252 from erik-krogh/py-followMsg

PY: change alert messages of path queries to use the same template

Author: erik-krogh

python/ql/src/Functions/ModificationOfParameterWithDefault.ql

@@ -19,5 +19,5 @@ from
   ModificationOfParameterWithDefault::Configuration config, DataFlow::PathNode source,
   DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is mutated.", source.getNode(),
-  "Default value"
+select sink.getNode(), source, sink, "This expression mutates $@.", source.getNode(),
+  "a default value"

python/ql/src/Security/CWE-022/PathInjection.ql

@@ -22,5 +22,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in a path.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(),
+  "a user-provided value"

python/ql/src/Security/CWE-022/TarSlip.ql

@@ -18,5 +18,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Extraction of tarfile from $@", source.getNode(),
+select sink.getNode(), source, sink, "This file extraction depends on $@", source.getNode(),
   "a potentially untrusted source"

python/ql/src/Security/CWE-078/CommandInjection.ql

@@ -20,5 +20,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in a command.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This command line depends on $@.", source.getNode(),
+  "a user-provided value"

python/ql/src/Security/CWE-090/LdapInjection.ql

@@ -23,6 +23,5 @@ where
   or
   any(FilterConfiguration filterConfig).hasFlowPath(source, sink) and
   parameterName = "filter"
-select sink.getNode(), source, sink,
-  "$@ LDAP query parameter (" + parameterName + ") comes from $@.", sink.getNode(), "This",
-  source.getNode(), "a user-provided value"
+select sink.getNode(), source, sink, "$@ depends on $@.", sink.getNode(),
+  "LDAP query parameter (" + parameterName + ")", source.getNode(), "a user-provided value"

python/ql/src/Security/CWE-094/CodeInjection.ql

@@ -20,5 +20,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.",
-  source.getNode(), "A user-provided value"
+select sink.getNode(), source, sink, "This code execution depends on $@.", source.getNode(),
+  "a user-provided value"

python/ql/src/Security/CWE-117/LogInjection.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to log entry.", source.getNode(),
-  "User-provided value"
+select sink.getNode(), source, sink, "This log entry depends on $@.", source.getNode(),
+  "a user-provided value"

python/ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -20,5 +20,5 @@ import DataFlow::PathGraph
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
-  "here"
+  "$@ flows to this location and may be exposed to an external user.", source.getNode(),
+  "Stack trace information"

python/ql/src/Security/CWE-312/CleartextLogging.ql

@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
 where
   config.hasFlowPath(source, sink) and
   classification = source.getNode().(Source).getClassification()
-select sink.getNode(), source, sink, "$@ is logged here.", source.getNode(),
-  "Sensitive data (" + classification + ")"
+select sink.getNode(), source, sink, "This log entry depends on $@.", source.getNode(),
+  "sensitive data (" + classification + ")"

python/ql/src/Security/CWE-312/CleartextStorage.ql

@@ -22,5 +22,5 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink, s
 where
   config.hasFlowPath(source, sink) and
   classification = source.getNode().(Source).getClassification()
-select sink.getNode(), source, sink, "$@ is stored here.", source.getNode(),
-  "Sensitive data (" + classification + ")"
+select sink.getNode(), source, sink, "This data storage depends on $@.", source.getNode(),
+  "sensitive data (" + classification + ")"