JS: polish HttpToFileAccess.ql

Esben Sparre Andreasen · Esben Sparre Andreasen · commit b00aa36cdcf3 · 2018-10-10T12:12:54.000+02:00
diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -1,6 +1,6 @@
 /**
- * @name Http response data flows to File Access 
- * @description Writing data from an HTTP request directly to the file system allows arbitrary file upload and might indicate a backdoor.
+ * @name User-controlled data in file
+ * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
  * @kind problem
  * @problem.severity warning
  * @id js/http-to-file-access
@@ -11,6 +11,6 @@
 import javascript
 import semmle.javascript.security.dataflow.HttpToFileAccess
 
-from HttpToFileAccessFlow::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
+from HttpToFileAccess::Configuration configuration, DataFlow::Node src, DataFlow::Node sink
 where configuration.hasFlow(src, sink)
-select sink, "$@ flows to file system", src, "Untrusted data received from Http response"
+select sink, "$@ flows to file system", src, "Untrusted data"
diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected
@@ -1,3 +1,3 @@
-| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
-| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data received from Http response |
+| tst.js:16:33:16:33 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:19:25:19:25 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
+| tst.js:24:22:24:22 | c | $@ flows to file system | tst.js:15:26:15:26 | c | Untrusted data |
