avoid more instances of "this location" and "here" in alert-messages

Author: erik-krogh

go/ql/src/InconsistentCode/MissingErrorCheck.ql

@@ -116,5 +116,5 @@ where
   // `deref` dereferences `ptr`
   deref.getOperand() = ptr.getAUse()
 select deref.getOperand(),
-  ptr.getSourceVariable() + " may be nil at this location, because $@ may not have been checked.",
-  err, err.getSourceVariable().toString()
+  "$@ may be nil at this dereference because $@ may not have been checked.", ptr,
+  ptr.getSourceVariable().toString(), err, err.getSourceVariable().toString()

go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql

@@ -110,4 +110,4 @@ from Config c, DataFlow::PathNode source, DataFlow::PathNode sink, string hostPa
 where c.hasFlowPath(source, sink) and c.isSource(source.getNode(), hostPart)
 select source, source, sink,
   "This regular expression has an unescaped dot before '" + hostPart + "', " +
-    "so it might match more hosts than expected when used $@.", sink, "here"
+    "so it might match more hosts than expected when $@.", sink, "the regular expression is used"

go/ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -77,5 +77,5 @@ class StackTraceExposureConfig extends TaintTracking::Configuration {
 from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
-  "$@ flows to this location and may be exposed to an external user.", source.getNode(),
+  "$@ flows to a HTTP response and may be exposed to an external user.", source.getNode(),
   "Stack trace information"

go/ql/src/Security/CWE-312/CleartextLogging.ql

@@ -19,5 +19,5 @@ import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ is logged at this location.", source.getNode(),
+select sink.getNode(), source, sink, "$@ flows to a logging call.", source.getNode(),
   "Sensitive data returned by " + source.getNode().(Source).describe()

go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected

@@ -36,37 +36,37 @@ nodes
 | test.go:180:16:180:23 | password | semmle.label | password |
 subpaths
 #select
-| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ is logged at this location. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password |
-| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ is logged at this location. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password |
-| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ is logged at this location. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password |
-| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ is logged at this location. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password |
-| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ is logged at this location. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password |
-| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ is logged at this location. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password |
-| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ is logged at this location. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password |
-| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ is logged at this location. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password |
-| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ is logged at this location. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password |
-| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ is logged at this location. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password |
-| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ is logged at this location. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password |
-| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ is logged at this location. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password |
-| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ is logged at this location. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password |
-| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ is logged at this location. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password |
-| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ is logged at this location. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password |
-| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ is logged at this location. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password |
-| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ is logged at this location. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password |
-| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ is logged at this location. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password |
-| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ is logged at this location. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password |
-| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ is logged at this location. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password |
-| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ is logged at this location. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password |
-| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ is logged at this location. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password |
-| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ is logged at this location. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password |
-| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ is logged at this location. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password |
-| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ is logged at this location. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password |
-| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ is logged at this location. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password |
-| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ is logged at this location. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password |
-| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ is logged at this location. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password |
-| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ is logged at this location. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password |
-| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ is logged at this location. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password |
-| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ is logged at this location. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password |
-| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ is logged at this location. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password |
-| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ is logged at this location. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password |
-| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ is logged at this location. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password |
+| test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | test.go:147:14:147:21 | password | $@ flows to a logging call. | test.go:147:14:147:21 | password | Sensitive data returned by an access to password |
+| test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | test.go:148:17:148:24 | password | $@ flows to a logging call. | test.go:148:17:148:24 | password | Sensitive data returned by an access to password |
+| test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | test.go:149:14:149:21 | password | $@ flows to a logging call. | test.go:149:14:149:21 | password | Sensitive data returned by an access to password |
+| test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | test.go:150:18:150:25 | password | $@ flows to a logging call. | test.go:150:18:150:25 | password | Sensitive data returned by an access to password |
+| test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | test.go:151:14:151:21 | password | $@ flows to a logging call. | test.go:151:14:151:21 | password | Sensitive data returned by an access to password |
+| test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | test.go:152:13:152:20 | password | $@ flows to a logging call. | test.go:152:13:152:20 | password | Sensitive data returned by an access to password |
+| test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | test.go:153:22:153:29 | password | $@ flows to a logging call. | test.go:153:22:153:29 | password | Sensitive data returned by an access to password |
+| test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | test.go:154:15:154:22 | password | $@ flows to a logging call. | test.go:154:15:154:22 | password | Sensitive data returned by an access to password |
+| test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | test.go:155:14:155:21 | password | $@ flows to a logging call. | test.go:155:14:155:21 | password | Sensitive data returned by an access to password |
+| test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | test.go:156:13:156:20 | password | $@ flows to a logging call. | test.go:156:13:156:20 | password | Sensitive data returned by an access to password |
+| test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | test.go:157:16:157:23 | password | $@ flows to a logging call. | test.go:157:16:157:23 | password | Sensitive data returned by an access to password |
+| test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | test.go:158:13:158:20 | password | $@ flows to a logging call. | test.go:158:13:158:20 | password | Sensitive data returned by an access to password |
+| test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | test.go:159:16:159:23 | password | $@ flows to a logging call. | test.go:159:16:159:23 | password | Sensitive data returned by an access to password |
+| test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | test.go:160:13:160:20 | password | $@ flows to a logging call. | test.go:160:13:160:20 | password | Sensitive data returned by an access to password |
+| test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | test.go:161:17:161:24 | password | $@ flows to a logging call. | test.go:161:17:161:24 | password | Sensitive data returned by an access to password |
+| test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | test.go:162:13:162:20 | password | $@ flows to a logging call. | test.go:162:13:162:20 | password | Sensitive data returned by an access to password |
+| test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | test.go:163:12:163:19 | password | $@ flows to a logging call. | test.go:163:12:163:19 | password | Sensitive data returned by an access to password |
+| test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | test.go:164:21:164:28 | password | $@ flows to a logging call. | test.go:164:21:164:28 | password | Sensitive data returned by an access to password |
+| test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | test.go:165:14:165:21 | password | $@ flows to a logging call. | test.go:165:14:165:21 | password | Sensitive data returned by an access to password |
+| test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | test.go:166:13:166:20 | password | $@ flows to a logging call. | test.go:166:13:166:20 | password | Sensitive data returned by an access to password |
+| test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | test.go:167:12:167:19 | password | $@ flows to a logging call. | test.go:167:12:167:19 | password | Sensitive data returned by an access to password |
+| test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | test.go:168:15:168:22 | password | $@ flows to a logging call. | test.go:168:15:168:22 | password | Sensitive data returned by an access to password |
+| test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | test.go:169:15:169:22 | password | $@ flows to a logging call. | test.go:169:15:169:22 | password | Sensitive data returned by an access to password |
+| test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | test.go:170:18:170:25 | password | $@ flows to a logging call. | test.go:170:18:170:25 | password | Sensitive data returned by an access to password |
+| test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | test.go:171:15:171:22 | password | $@ flows to a logging call. | test.go:171:15:171:22 | password | Sensitive data returned by an access to password |
+| test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | test.go:172:19:172:26 | password | $@ flows to a logging call. | test.go:172:19:172:26 | password | Sensitive data returned by an access to password |
+| test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | test.go:173:15:173:22 | password | $@ flows to a logging call. | test.go:173:15:173:22 | password | Sensitive data returned by an access to password |
+| test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | test.go:174:14:174:21 | password | $@ flows to a logging call. | test.go:174:14:174:21 | password | Sensitive data returned by an access to password |
+| test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | test.go:175:23:175:30 | password | $@ flows to a logging call. | test.go:175:23:175:30 | password | Sensitive data returned by an access to password |
+| test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | test.go:176:16:176:23 | password | $@ flows to a logging call. | test.go:176:16:176:23 | password | Sensitive data returned by an access to password |
+| test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | test.go:177:15:177:22 | password | $@ flows to a logging call. | test.go:177:15:177:22 | password | Sensitive data returned by an access to password |
+| test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | test.go:178:14:178:21 | password | $@ flows to a logging call. | test.go:178:14:178:21 | password | Sensitive data returned by an access to password |
+| test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | test.go:179:17:179:24 | password | $@ flows to a logging call. | test.go:179:17:179:24 | password | Sensitive data returned by an access to password |
+| test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | test.go:180:16:180:23 | password | $@ flows to a logging call. | test.go:180:16:180:23 | password | Sensitive data returned by an access to password |

go/ql/test/query-tests/InconsistentCode/MissingErrorCheck/MissingErrorCheck.expected

@@ -1,2 +1,2 @@
-| tests.go:61:30:61:35 | result | result may be nil at this location, because $@ may not have been checked. | tests.go:59:10:59:12 | definition of err | err |
-| tests.go:243:27:243:32 | result | result may be nil at this location, because $@ may not have been checked. | tests.go:241:10:241:12 | definition of err | err |
+| tests.go:61:30:61:35 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:59:2:59:7 | definition of result | result | tests.go:59:10:59:12 | definition of err | err |
+| tests.go:243:27:243:32 | result | $@ may be nil at this dereference because $@ may not have been checked. | tests.go:241:2:241:7 | definition of result | result | tests.go:241:10:241:12 | definition of err | err |

go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.expected

@@ -7,6 +7,6 @@ nodes
 | main.go:44:15:44:39 | `https://www.example.com` | semmle.label | `https://www.example.com` |
 subpaths
 #select
-| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when used $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | here |
-| main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when used $@. | main.go:39:60:39:79 | "^test2.github.com$" | here |
-| main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when used $@. | main.go:44:15:44:39 | `https://www.example.com` | here |
+| IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:11:8:11:36 | "^((www\|beta).)?example.com/" : string | IncompleteHostnameRegexp.go:12:38:12:39 | re | This regular expression has an unescaped dot before ')?example.com', so it might match more hosts than expected when $@. | IncompleteHostnameRegexp.go:12:38:12:39 | re | the regular expression is used |
+| main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | main.go:39:60:39:79 | "^test2.github.com$" | This regular expression has an unescaped dot before 'github.com', so it might match more hosts than expected when $@. | main.go:39:60:39:79 | "^test2.github.com$" | the regular expression is used |
+| main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | main.go:44:15:44:39 | `https://www.example.com` | This regular expression has an unescaped dot before 'example.com', so it might match more hosts than expected when $@. | main.go:44:15:44:39 | `https://www.example.com` | the regular expression is used |