update {go/py}/stack-trace-exposure to match javascript

erik-krogh · erik-krogh · commit 2d0a4c3d83ee · 2022-08-22T21:41:46.000+02:00
diff --git a/go/ql/src/Security/CWE-209/StackTraceExposure.ql b/go/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -76,5 +76,6 @@ class StackTraceExposureConfig extends TaintTracking::Configuration {
 
 from StackTraceExposureConfig cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select source.getNode(), source, sink, "This stack trace is exposed to a remote user $@.",
-  sink.getNode(), "here"
+select sink.getNode(), source, sink,
+  "Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
+  "here"
diff --git a/python/ql/src/Security/CWE-209/StackTraceExposure.ql b/python/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -19,5 +19,6 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ may be exposed to an external user", source.getNode(),
-  "Error information"
+select sink.getNode(), source, sink,
+  "Stack trace information from $@ may be exposed to an external user here.", source.getNode(),
+  "here"
