update alert-messages based on review feedback

Author: erik-krogh

cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql

@@ -127,5 +127,5 @@ where
   conf.hasFlowPath(source, sink) and
   isFlowSource(source.getNode(), sourceType)
 select sink.getNode(), source, sink,
-  "An array indexing expression depends on a $@ that might be outside the bounds of the array.",
+  "An array indexing expression depends on $@ that might be outside the bounds of the array.",
   source.getNode(), lowerFirst(sourceType)

cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql

@@ -87,4 +87,4 @@ class ExploitableUserModePtrParam extends SystemCallSource {
 }
 
 from ExploitableUserModePtrParam p
-select p, "'unsafe_put_user' write user-mode pointer $@ without check.", p, p.toString()
+select p, "This 'unsafe_put_user' writes a user-mode pointer without a security check."

cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql

@@ -58,4 +58,4 @@ class ReallocCallLeak extends FunctionCall {
 
 from ReallocCallLeak rcl
 where not rcl.mayHandleByTermination()
-select rcl, "Possible loss of original pointer on unsuccessful call realloc."
+select rcl, "Possible loss of original pointer on unsuccessful call to 'realloc'."

cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql

@@ -26,5 +26,5 @@ where
   DataFlow::localFlow(DataFlow::parameterNode(p), sink) and
   p.getUnspecifiedType().getSize() < 8
 select call,
-  "This call passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@.",
+  "This call passes an unsigned int to a function that requires a signed int: $@. It's then used in pointer arithmetic: $@.",
   f, f.toString(), sink, sink.toString()

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser/NoCheckBeforeUnsafePutUser.expected

@@ -1,3 +1,3 @@
-| test.cpp:20:21:20:22 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:20:21:20:22 | ref arg & ... | ref arg & ... |
-| test.cpp:41:21:41:22 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:41:21:41:22 | ref arg & ... | ref arg & ... |
-| test.cpp:69:21:69:27 | ref arg & ... | 'unsafe_put_user' write user-mode pointer $@ without check. | test.cpp:69:21:69:27 | ref arg & ... | ref arg & ... |
+| test.cpp:20:21:20:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
+| test.cpp:41:21:41:22 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |
+| test.cpp:69:21:69:27 | ref arg & ... | This 'unsafe_put_user' writes a user-mode pointer without a security check. |

cpp/ql/test/experimental/query-tests/Security/CWE/CWE-401/semmle/tests/MemoryLeakOnFailedCallToRealloc.expected

@@ -1,8 +1,8 @@
-| test.c:34:29:34:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:63:29:63:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:139:29:139:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:186:29:186:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:282:29:282:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:299:26:299:32 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:328:29:328:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
-| test.c:342:29:342:35 | call to realloc | Possible loss of original pointer on unsuccessful call realloc. |
+| test.c:34:29:34:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:63:29:63:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:139:29:139:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:186:29:186:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:282:29:282:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:299:26:299:32 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:328:29:328:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |
+| test.c:342:29:342:35 | call to realloc | Possible loss of original pointer on unsuccessful call to 'realloc'. |

cpp/ql/test/query-tests/Security/CWE/CWE-129/SAMATE/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected

@@ -5,4 +5,4 @@ nodes
 | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | semmle.label | data |
 subpaths
 #select
-| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | An array indexing expression depends on a $@ that might be outside the bounds of the array. | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | string read by fgets |
+| CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:52:20:52:23 | data | An array indexing expression depends on $@ that might be outside the bounds of the array. | CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c:30:19:30:29 | fgets output argument | string read by fgets |

cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected

@@ -21,6 +21,6 @@ nodes
 | test1.c:53:15:53:15 | j | semmle.label | j |
 subpaths
 #select
-| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
-| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on a $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
+| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |