progress

erik-krogh · erik-krogh · commit 0261e26a4fec · 2022-08-11T12:47:58.000+02:00
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/FloatComparison.ql b/cpp/ql/src/Likely Bugs/Arithmetic/FloatComparison.ql
@@ -21,4 +21,4 @@ where
     FloatingPointType and
   not ro.getAnOperand().isConstant() and // comparisons to constants generate too many false positives
   not left.(VariableAccess).getTarget() = right.(VariableAccess).getTarget() // skip self comparison
-select ro, "Equality test on floating point values may not behave as expected."
+select ro, "Equality checks on floating point values can yield unexpected results."
diff --git a/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql b/csharp/ql/src/Likely Bugs/EqualityCheckOnFloats.ql
@@ -1,6 +1,8 @@
 /**
  * @name Equality check on floating point values
- * @description Equality checks on floating point values can yield unexpected results.
+ * @description Comparing results of floating-point computations with '==' or
+ *              '!=' is likely to yield surprising results since floating-point
+ *              computation does not follow the standard rules of algebra.
  * @kind problem
  * @problem.severity warning
  * @precision medium
diff --git a/csharp/ql/src/Useless code/RedundantToStringCall.ql b/csharp/ql/src/Useless code/RedundantToStringCall.ql
@@ -18,4 +18,4 @@ from MethodCall mc
 where
   mc instanceof ImplicitToStringExpr and
   mc.getTarget() instanceof ToStringMethod
-select mc, "Redundant call to 'ToString'."
+select mc, "Redundant call to 'ToString' on a String object."
diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql
@@ -21,5 +21,5 @@ import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select p, source, sink, "$@ flows to here and is used in a path.", source.getNode(),
+select sink.getNode(), source, sink, "$@ flows to here and is used in a path.", source.getNode(),
   "User-provided value"
diff --git a/python/ql/src/Lexical/CommentedOutCode.ql b/python/ql/src/Lexical/CommentedOutCode.ql
@@ -16,4 +16,4 @@ import Lexical.CommentedOutCode
 
 from CommentedOutCodeBlock c
 where not c.maybeExampleCode()
-select c, "These comments appear to contain commented-out code."
+select c, "This comment appears to contain commented-out code."
diff --git a/ql/ql/src/queries/style/ConsistentAlertMessage.ql b/ql/ql/src/queries/style/ConsistentAlertMessage.ql
@@ -27,11 +27,12 @@ Select getSelectForQuery(string id, string lang, string msg, string kind, int pa
     id = doc.getContents().regexpCapture("(?s).*@id (\\w+)/([\\w\\-]+)\\s.*", 2) and
     lang = doc.getContents().regexpCapture("(?s).*@id (\\w+)/([\\w\\-]+)\\s.*", 1) and
     kind = doc.getContents().regexpCapture("(?s).*@kind (\\w+)\\s.*", 1) and // enforcing the same kind.
-    msg = getMessage(result) and
+    msg = getMessage(result).toLowerCase() and // case normalize, because some languages upper-case methods.
     parts = parts(result)
   ) and
   // excluding experimetnal
-  not result.getLocation().getFile().getRelativePath().matches("%/experimental/%")
+  not result.getLocation().getFile().getRelativePath().matches("%/experimental/%") and
+  not lang = "ql" // excluding QL-for-QL
 }
 
 from Select sel, string id, string lang, string msg, string kind, int parts, string badLangs
