Swift: Proper query message.

Author: geoffw0

swift/ql/src/queries/Security/CWE-135/StringLengthConflation.ql

@@ -81,6 +81,17 @@ class StringLengthConflationConfiguration extends DataFlow::Configuration {
   }
 }
 
-from StringLengthConflationConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
-where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "RESULT"
+from
+  StringLengthConflationConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink,
+  string flowstate, string message
+where
+  config.hasFlowPath(source, sink) and
+  config.isSink(sink.getNode(), flowstate) and
+  (
+    flowstate = "String" and
+    message = "This String length is used in an NSString, but it may not be equivalent."
+    or
+    flowstate = "NSString" and
+    message = "This NSString length is used in a String, but it may not be equivalent."
+  )
+select sink.getNode(), source, sink, message

swift/ql/test/query-tests/Security/CWE-135/StringLengthConflation.expected

@@ -4,5 +4,5 @@ nodes
 | StringLengthConflation.swift:78:47:78:49 | .count | semmle.label | .count |
 subpaths
 #select
-| StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | RESULT |
-| StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | RESULT |
+| StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | StringLengthConflation.swift:72:33:72:35 | .count | This String length is used in an NSString, but it may not be equivalent. |
+| StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | StringLengthConflation.swift:78:47:78:49 | .count | This String length is used in an NSString, but it may not be equivalent. |