PROGRSS

Author: erik-krogh

cpp/ql/src/Documentation/CommentedOutCode.ql

@@ -12,4 +12,4 @@
 import CommentedOutCode
 
 from CommentedOutCode comment
-select comment, "This comment appears to contain commented-out code"
+select comment, "This comment appears to contain commented-out code."

csharp/ql/src/Bad Practices/Comments/TodoComments.ql

@@ -14,4 +14,4 @@ import csharp
 
 from CommentLine c
 where c.getText().regexpMatch("(?s).*FIXME.*|.*TODO.*|.*(?<!=)\\s*XXX.*")
-select c, "TODO comment."
+select c, "TODO comments should be addressed."

csharp/ql/src/Security Features/CWE-730/RegexInjection.ql

@@ -23,5 +23,5 @@ where
   c.hasFlowPath(source, sink) and
   // No global timeout set
   not exists(RegexGlobalTimeout r)
-select sink.getNode(), source, sink, "$@ flows to the construction of a regular expression.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"

go/ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -76,5 +76,6 @@ class StackTraceExposureConfig extends TaintTracking::Configuration {
 
 from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select source.getNode(), source, sink, "This stack trace is exposed to a remote user $@.",
-  sink.getNode(), "here"
+select sink.getNode(), source, sink,
+  "Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
+  "here"

go/ql/src/experimental/CWE-285/PamAuthBypass.ql

@@ -3,7 +3,7 @@
  * @description Not using `pam.AcctMgmt` after `pam.Authenticate` to check the validity of a login can lead to authorization bypass.
  * @kind problem
  * @problem.severity warning
- * @id go/unreachable-statement
+ * @id go/pam-auth-bypass
  * @tags maintainability
  *       correctness
  *       external/cwe/cwe-561

java/ql/src/DeadCode/UselessParameter.ql

@@ -14,4 +14,4 @@ import semmle.code.java.deadcode.DeadCode
 
 from RootdefCallable c
 where not c.whitelisted()
-select c.unusedParameter() as p, "The parameter " + p + " is unused."
+select c.unusedParameter() as p, "The parameter '" + c + "' is never used."

java/ql/src/Security/CWE/CWE-089/SqlTainted.ql

@@ -19,4 +19,5 @@ import DataFlow::PathGraph
 
 from QueryInjectionSink query, DataFlow::PathNode source, DataFlow::PathNode sink
 where queryTaintedBy(query, source, sink)
-select query, source, sink, "Query might include code from $@.", source.getNode(), "this user input"
+select query, source, sink, "This SQL query depends on $@.", source.getNode(),
+  "a user-provided value"

java/ql/src/Security/CWE/CWE-611/XXE.ql

@@ -51,5 +51,6 @@ class XxeConfig extends TaintTracking::Configuration {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, XxeConfig conf
 where conf.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Unsafe parsing of XML file from $@.", source.getNode(),
-  "user input"
+select sink.getNode(), source, sink,
+  "A $@ is parsed as XML without guarding against external entity expansion.", source.getNode(),
+  "user-provided value"

java/ql/src/Violations of Best Practice/Comments/TodoComments.ql

@@ -17,4 +17,4 @@ from JavadocText c
 where
   c.getText().matches("%TODO%") or
   c.getText().matches("%FIXME%")
-select c, "TODO/FIXME comment."
+select c, "TODO comments should be addressed."

java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql

@@ -85,5 +85,5 @@ class RegexInjectionConfiguration extends TaintTracking::Configuration {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ is user controlled.", source.getNode(),
-  "This regular expression pattern"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"