update {js/py}/command-line-injection to match csharp/java

erik-krogh · erik-krogh · commit 9395f156de79 · 2022-08-22T21:41:46.000+02:00
diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql
@@ -28,5 +28,5 @@ where
     else highlight = sink.getNode()
   ) and
   sourceNode = source.getNode()
-select highlight, source, sink, "This command depends on $@.", sourceNode,
+select highlight, source, sink, "$@ flows to here and is used in a command.", source.getNode(),
   sourceNode.getSourceType()
diff --git a/python/ql/src/Security/CWE-078/CommandInjection.ql b/python/ql/src/Security/CWE-078/CommandInjection.ql
@@ -20,5 +20,5 @@ import DataFlow::PathGraph
 
 from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "This command depends on $@.", source.getNode(),
-  "a user-provided value"
+select sink.getNode(), source, sink, "$@ flows to here and is used in a command.", source.getNode(),
+  "User-provided value"
