update {js/go/py}/xpath-injection to match csharp/java

erik-krogh · erik-krogh · commit 20625ae60d6b · 2022-08-22T21:41:46.000+02:00
diff --git a/go/ql/src/Security/CWE-643/XPathInjection.ql b/go/ql/src/Security/CWE-643/XPathInjection.ql
@@ -24,5 +24,5 @@ predicate isStringOrByte(DataFlow::PathNode node) {
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink) and isStringOrByte(sink)
-select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.",
-  source.getNode(), "A user-provided value"
+select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
+  source.getNode(), "User-provided value"
diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql
@@ -17,5 +17,5 @@ import DataFlow::PathGraph
 
 from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.",
+select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
   source.getNode(), "User-provided value"
diff --git a/python/ql/src/Security/CWE-643/XpathInjection.ql b/python/ql/src/Security/CWE-643/XpathInjection.ql
@@ -17,4 +17,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink, source, sink, "This Xpath query depends on $@.", source, "a user-provided value"
+select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
+  source.getNode(), "User-provided value"
