Python: Fix tags and message for CWE-312 queries.

markshannon · markshannon · commit 8909c3d6ab7b · 2019-08-23T15:20:19.000+01:00
diff --git a/python/ql/src/Security/CWE-312/CleartextLogging.ql b/python/ql/src/Security/CWE-312/CleartextLogging.ql
@@ -5,7 +5,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id py/clear-text-storage-of-sensitive-data
+ * @id py/clear-text-logging-sensitive-data
  * @tags security
  *       external/cwe/cwe-312
  *       external/cwe/cwe-315
@@ -37,5 +37,5 @@ class CleartextLoggingConfiguration extends TaintTracking::Configuration {
 
 from CleartextLoggingConfiguration config, TaintedPathSource source, TaintedPathSink sink
 where config.hasFlowPath(source, sink)
-select sink.getSink(), source, sink, "Sensitive data returned by $@ is stored here.",
+select sink.getSink(), source, sink, "Sensitive data returned by $@ is logged here.",
   source.getSource(), source.getNode().(SensitiveData::Source).repr()
diff --git a/python/ql/src/Security/CWE-312/CleartextStorage.ql b/python/ql/src/Security/CWE-312/CleartextStorage.ql
@@ -5,7 +5,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id py/clear-text-logging
+ * @id py/clear-text-storage-sensitive-data
  * @tags security
  *       external/cwe/cwe-312
  *       external/cwe/cwe-315
diff --git a/python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/python/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected
@@ -4,5 +4,5 @@ edges
 | password_in_cookie.py:7:16:7:43 | externally controlled string | password_in_cookie.py:9:33:9:40 | externally controlled string |
 | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password |
 #select
-| test.py:8:35:8:42 | Taint sink | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is stored here. | test.py:7:16:7:29 | Taint source | a call returning a password |
-| test.py:14:30:14:39 | Taint sink | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is stored here. | test.py:14:30:14:39 | Taint source | a call returning a certificate or key |
+| test.py:8:35:8:42 | Taint sink | test.py:7:16:7:29 | a password | test.py:8:35:8:42 | a password | Sensitive data returned by $@ is logged here. | test.py:7:16:7:29 | Taint source | a call returning a password |
+| test.py:14:30:14:39 | Taint sink | test.py:14:30:14:39 | a certificate or key | test.py:14:30:14:39 | a certificate or key | Sensitive data returned by $@ is logged here. | test.py:14:30:14:39 | Taint source | a call returning a certificate or key |
