make the alert messages of taint-tracking queries more consistent

Author: erik-krogh

go/ql/src/Security/CWE-078/CommandInjection.ql

@@ -19,5 +19,5 @@ from
   CommandInjection::Configuration cfg, CommandInjection::DoubleDashSanitizingConfiguration cfg2,
   DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink) or cfg2.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This command depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(),
+  "user-provided value"

go/ql/src/Security/CWE-078/StoredCommand.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from StoredCommand::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This command depends on $@.", source.getNode(),
-  "a stored value"
+select sink.getNode(), source, sink, "This command depends on a $@.", source.getNode(),
+  "stored value"

go/ql/src/Security/CWE-079/ReflectedXss.ql

@@ -24,9 +24,8 @@ where
   (
     exists(string kind | kind = sink.getNode().(SharedXss::Sink).getSinkKind() |
       kind = "rawtemplate" and
-      msg =
-        "Cross-site scripting vulnerability due to $@. This template argument is instantiated raw $@." and
-      part = "here"
+      msg = "Cross-site scripting vulnerability due to $@. The value is $@." and
+      part = "instantiated as a raw template"
     )
     or
     not exists(sink.getNode().(SharedXss::Sink).getSinkKind()) and

go/ql/src/Security/CWE-089/SqlInjection.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from SqlInjection::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This query depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "This query depends on a $@.", source.getNode(),
+  "user-provided value"

go/ql/src/Security/CWE-117/LogInjection.ql

@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from LogInjection::Configuration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Log entry depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(),
+  "user-provided value"

go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql

@@ -22,5 +22,5 @@ where
   cfg.hasFlowPath(source, sink) and
   cfg.isSink(sink.getNode(), allocsz)
 select sink, source, sink,
-  "This operation, which is used in an $@, involves a potentially large $@ and might overflow.",
-  allocsz, "allocation", source, "value"
+  "This operation, which is used in an $@, involves a $@ and might overflow.", allocsz,
+  "allocation", source, "potentially large value"

go/ql/src/Security/CWE-601/OpenUrlRedirect.ql

@@ -24,5 +24,5 @@ where
   // this excludes flow from safe parts of request URLs, for example the full URL when the
   // doing a redirect from `http://<path>` to `https://<path>`
   not scfg.hasFlow(_, sink.getNode())
-select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", source.getNode(),
+select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(),
   "user-provided value"

go/ql/src/Security/CWE-643/XPathInjection.ql

@@ -24,5 +24,5 @@ predicate isStringOrByte(DataFlow::PathNode node) {
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink) and isStringOrByte(sink)
-select sink.getNode(), source, sink, "XPath expression depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
+  "user-provided value"

go/ql/src/Security/CWE-918/RequestForgery.ql

@@ -23,5 +23,5 @@ where
   request = sink.getNode().(Sink).getARequest() and
   // this excludes flow from safe parts of request URLs, for example the full URL
   not scfg.hasFlow(_, sink.getNode())
-select request, source, sink, "The $@ of this request depends on $@.", sink.getNode(),
-  sink.getNode().(Sink).getKind(), source, "a user-provided value"
+select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(),
+  sink.getNode().(Sink).getKind(), source, "user-provided value"

go/ql/src/experimental/CWE-090/LDAPInjection.ql

@@ -15,5 +15,5 @@ import DataFlow::PathGraph
 
 from LdapInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "LDAP query parameter is derived from $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "LDAP query parameter depends on a $@.", source.getNode(),
+  "user-provided value"