PY: change alert messages of path queries to use the same template #10252
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
erik-krogh
force-pushed
the
py-followMsg
branch
4 times, most recently
from
73cdf9f to
953cc1a
Compare
erik-krogh
force-pushed
the
py-followMsg
branch
from
953cc1a to
089ce5a
Compare
erik-krogh
added
no-change-note-required
|
Hello from this week's docs first responder 👋 Thanks for the ping! I've added this PR to our review board for another writer to look at. They'll be able to advise on any additional considerations for this change. |
| select sink.getNode(), source, sink, "This value modification depends on a $@.", source.getNode(), | ||
| "default value" |
There was a problem hiding this comment.
This one sounds a bit strange to me ("'value modification'? What's that?"), but I couldn't come up with a better phrasing.
Also, "depends on a default value" seems too weak of a statement to me. It not only depends on a default value, it actively mutates said default value.
Edit: Perhaps "This expression mutates a default value." would be better?
There was a problem hiding this comment.
Actually, s/mutates/modifies/ might be even better.
There was a problem hiding this comment.
Also, "depends on a default value" seems too weak of a statement to me. It not only depends on a default value, it actively mutates said default value.
You're right, it's a DataFlow::Configuration and not a TaintTracking::Configuration, so depends is too weak a statement.
"This expression mutates a default value" sounds good to me 👍
| select sink.getNode(), source, sink, "This path depends on $@.", source.getNode(), | ||
| "a user-provided value" |
There was a problem hiding this comment.
I'm rather rusty on how these select statements look in results. Am I right to think that this is shown as:
This path depends on a user-provided value.
If so, this looks good to me 👍🏻
This partly reverts the changes from github#10252 Although consistency is nice, the new messages didn't sound as natural. New alert message would read > Insecure hashing algorithm (md5) depends on sensitive data (password). (...) I'm not sure what it means that a hashing algorithm depends on data. So for me, the original text below is much easier to understand. > Sensitive data (password) is used in a hashing algorithm (md5) that is insecure (...) Same goes for the other sensitive data queries.
I tried to rewrite alert messages for the taint tracking queries.
This path depends on a user-provided value.User-provided value flows to this location and is used in a path.I also generally tried to use "this location" instead of "here".
I tried to formulate messages to use "depends on" and use the term "a user-provided value".
The previous change-note for changing the alert messages still cover this PR.