CPP: make more alert messages follow the style-guide

2022-09-21 13:24:58 +02:00 · 2022-09-21 13:24:58 +02:00 · a30c38f38c
--- a/Information/GlobalNamespaceClasses.ql
+++ b/Information/GlobalNamespaceClasses.ql
@ -15,4 +15,4 @@ where
  c.fromSource() and
  c.isTopLevel() and
  c.getParentScope() instanceof GlobalNamespace
-select c, "This class is not declared in any namespace"
+select c, "This class is not declared in any namespace."
--- a/Opportunities/ClassesWithManyDependencies.ql
+++ b/Opportunities/ClassesWithManyDependencies.ql
@ -16,4 +16,4 @@ where
  t.fromSource() and
  n = t.getMetrics().getEfferentSourceCoupling() and
  n > 10
-select t as class_, "This class has too many dependencies (" + n.toString() + ")"
+select t as class_, "This class has too many dependencies (" + n.toString() + ")."
--- a/cpp/ql/src/Architecture/Refactoring
+++ b/cpp/ql/src/Architecture/Refactoring
@ -17,4 +17,4 @@ where
  n = f.getMetrics().getNumberOfCalls() and
  n > 99 and
  not f.isMultiplyDefined()
-select f as function, "This function makes too many calls (" + n.toString() + ")"
+select f as function, "This function makes too many calls (" + n.toString() + ")."
--- a/Opportunities/FunctionsWithManyParameters.ql
+++ b/Opportunities/FunctionsWithManyParameters.ql
@ -18,4 +18,4 @@ where
  f.getMetrics().getNumberOfParameters() > 15
 select f,
  "This function has too many parameters (" + f.getMetrics().getNumberOfParameters().toString() +
-    ")"
+    ")."
--- a/Errors/Slicing.ql
+++ b/Errors/Slicing.ql
@ -21,5 +21,5 @@ where
    rhsType.getAMember() = m and
    not m.(VirtualFunction).isPure()
  ) // add additional checks for concrete members in in-between supertypes
-select e, "This assignment expression slices from type $@ to $@", rhsType, rhsType.getName(),
+select e, "This assignment expression slices from type $@ to $@.", rhsType, rhsType.getName(),
  lhsType, lhsType.getName()
--- a/Practices/NVI.ql
+++ b/Practices/NVI.ql
@ -18,4 +18,4 @@ where
  f.hasSpecifier("virtual") and
  f.getFile().fromSource() and
  not f instanceof Destructor
-select f, "Avoid having public virtual methods (NVI idiom)"
+select f, "Avoid having public virtual methods (NVI idiom)."
--- a/Practices/NVIHub.ql
+++ b/Practices/NVIHub.ql
@ -23,4 +23,4 @@ where
  fclass = f.getDeclaringType() and
  hubIndex = fclass.getMetrics().getAfferentCoupling() * fclass.getMetrics().getEfferentCoupling() and
  hubIndex > 100
-select f, "Avoid having public virtual methods (NVI idiom)"
+select f, "Avoid having public virtual methods (NVI idiom)."
--- a/Practices/SwitchLongCase.ql
+++ b/Practices/SwitchLongCase.ql
@ -38,5 +38,5 @@ where
  sc = switch.getASwitchCase() and
  tooLong(sc) and
  switchCaseLength(sc, lines)
-select switch, "Switch has at least one case that is too long: $@", sc,
+select switch, "Switch has at least one case that is too long: $@.", sc,
  sc.getExpr().toString() + " (" + lines.toString() + " lines)"
--- a/Entities/UnusedLocals.ql
+++ b/Entities/UnusedLocals.ql
@ -58,4 +58,4 @@ where
  not exists(AsmStmt s | f = s.getEnclosingFunction()) and
  not v.getAnAttribute().getName() = "unused" and
  not any(ErrorExpr e).getEnclosingFunction() = f // unextracted expr may use `v`
-select v, "Variable " + v.getName() + " is not used"
+select v, "Variable " + v.getName() + " is not used."
--- a/Entities/UnusedStaticVariables.ql
+++ b/Entities/UnusedStaticVariables.ql
@ -27,4 +27,4 @@ where
  not declarationHasSideEffects(v) and
  not v.getAnAttribute().hasName("used") and
  not v.getAnAttribute().hasName("unused")
-select v, "Static variable " + v.getName() + " is never read"
+select v, "Static variable " + v.getName() + " is never read."
--- a/cpp/ql/src/Critical/DeadCodeCondition.ql
+++ b/cpp/ql/src/Critical/DeadCodeCondition.ql
@ -64,5 +64,5 @@ where
  ) and
  (if context = test then testresult = "succeed" else testresult = "fail")
 select cond,
-  "Variable '" + v.getName() + "' is always " + context + " here, this check will always " +
+  "Variable '" + v.getName() + "' is always " + context + ", this check will always " + testresult +
-    testresult + "."
+    "."
--- a/cpp/ql/src/Critical/DescriptorNeverClosed.ql
+++ b/cpp/ql/src/Critical/DescriptorNeverClosed.ql
@ -29,4 +29,4 @@ from Expr alloc
 where
  allocateDescriptorCall(alloc) and
  not exists(ClosedExpr closed | closed.pointsTo() = alloc)
-select alloc, "This file descriptor is never closed"
+select alloc, "This file descriptor is never closed."
--- a/cpp/ql/src/Critical/FileMayNotBeClosed.ql
+++ b/cpp/ql/src/Critical/FileMayNotBeClosed.ql
@ -164,4 +164,4 @@ where
    fopenVariableReaches(v, def, ret) and
    ret.getAChild*() = v.getAnAccess()
  )
-select def, "The file opened here may not be closed at $@.", ret, "this exit point"
+select def, "This file open may not be closed at $@.", ret, "this exit point"
--- a/cpp/ql/src/Critical/FileNeverClosed.ql
+++ b/cpp/ql/src/Critical/FileNeverClosed.ql
@ -14,4 +14,4 @@ import FileClosed
 from Expr alloc
 where fopenCall(alloc) and not fopenCallMayBeClosed(alloc)
-select alloc, "The file is never closed"
+select alloc, "The file is never closed."
--- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
+++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
@ -27,4 +27,4 @@ where
    definitionUsePair(v, other, unchecked)
  )
 select unchecked,
-  "This dereference is not guarded by a non-null check, whereas other dereferences are guarded"
+  "This dereference is not guarded by a non-null check, whereas other dereferences are guarded."
--- a/cpp/ql/src/Critical/LateNegativeTest.ql
+++ b/cpp/ql/src/Critical/LateNegativeTest.ql
@ -49,4 +49,4 @@ where
 select dangerous,
  "Variable '" + v.getName() +
    "' is used as an array-offset before it is tested for being negative (test on line " +
-    check.getLocation().getStartLine().toString() + "). "
+    check.getLocation().getStartLine().toString() + ")."
--- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
+++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@ -190,4 +190,4 @@ where
    allocatedVariableReaches(v, def, ret) and
    ret.getAChild*() = v.getAnAccess()
  )
-select def, "The memory allocated here may not be released at $@.", ret, "this exit point"
+select def, "This memory allocation may not be released at $@.", ret, "this exit point"
--- a/cpp/ql/src/Critical/MemoryNeverFreed.ql
+++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@ -16,4 +16,4 @@ from AllocationExpr alloc
 where
  alloc.requiresDealloc() and
  not allocMayBeFreed(alloc)
-select alloc, "This memory is never freed"
+select alloc, "This memory is never freed."
--- a/cpp/ql/src/Critical/MissingCheckScanf.ql
+++ b/cpp/ql/src/Critical/MissingCheckScanf.ql
@ -117,6 +117,7 @@ where
  output.getCall() = call and
  output.hasGuardedAccess(access, false)
 select access,
-  "$@ is read here, but may not have been written. " +
+  "$@, but may not have been written. " +
    "It should be guarded by a check that the $@ returns at least " +
-    output.getMinimumGuardConstant() + ".", access, access.toString(), call, call.toString()
+    output.getMinimumGuardConstant() + ".", access,
  "The variable " + access.toString() + " is read", call, call.toString()
--- a/cpp/ql/src/Critical/NewArrayDeleteMismatch.ql
+++ b/cpp/ql/src/Critical/NewArrayDeleteMismatch.ql
@ -14,4 +14,4 @@ from Expr alloc, Expr free, Expr freed
 where
  allocReaches(freed, alloc, "new[]") and
  freeExprOrIndirect(free, freed, "delete")
-select free, "This memory may have been allocated with '$@', not 'new'.", alloc, "new[]"
+select free, "This memory may have been allocated with $@, not 'new'.", alloc, "new[]"
--- a/cpp/ql/src/Critical/NewDeleteArrayMismatch.ql
+++ b/cpp/ql/src/Critical/NewDeleteArrayMismatch.ql
@ -14,4 +14,4 @@ from Expr alloc, Expr free, Expr freed
 where
  allocReaches(freed, alloc, "new") and
  freeExprOrIndirect(free, freed, "delete[]")
-select free, "This memory may have been allocated with '$@', not 'new[]'.", alloc, "new"
+select free, "This memory may have been allocated with $@, not 'new[]'.", alloc, "new"
--- a/cpp/ql/src/Critical/Unused.ql
+++ b/cpp/ql/src/Critical/Unused.ql
@ -30,4 +30,4 @@ where
  not v.getType().getUnderlyingType() instanceof ReferenceType and
  not exists(ScopeUtilityClass util | def = util.getAUse()) and
  not def.isInMacroExpansion()
-select def, "Variable '" + v.getName() + "' is assigned a value that is never used"
+select def, "Variable '" + v.getName() + "' is assigned a value that is never used."
--- a/cpp/ql/src/Critical/UseAfterFree.ql
+++ b/cpp/ql/src/Critical/UseAfterFree.ql
@ -62,5 +62,5 @@ class UseAfterFreeReachability extends StackVariableReachability {
 from UseAfterFreeReachability r, StackVariable v, Expr free, Expr e
 where r.reaches(free, v, e)
-select e, "Memory pointed to by '" + v.getName().toString() + "' may have been previously freed $@",
+select e, "Memory pointed to by '" + v.getName().toString() + "' may have $@.", free,
-  free, "here"
+  "been previously freed"
--- a/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
+++ b/cpp/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
@ -12,4 +12,4 @@ from File f
 where
  not exists(ExtractionProblem e | e.getFile() = f) and
  exists(f.getRelativePath())
-select f, "File successfully extracted"
+select f, "File successfully extracted."
--- a/Bugs/Arithmetic/PointlessSelfComparison.ql
+++ b/Bugs/Arithmetic/PointlessSelfComparison.ql
@ -22,4 +22,4 @@ where
  not overflowTest(cmp) and
  not cmp.isFromTemplateInstantiation(_) and
  not isFromMacroDefinition(cmp)
-select cmp, "Self comparison."
+select cmp, "This expression compares an $@ to itself.", cmp.getLeftOperand(), "expression"
--- a/Bugs/Conversion/CastArrayPointerArithmetic.ql
+++ b/Bugs/Conversion/CastArrayPointerArithmetic.ql
@ -56,4 +56,4 @@ where
  source.getNode().asExpr().getFullyConverted().getUnspecifiedType() =
    sink.getNode().asExpr().getFullyConverted().getUnspecifiedType()
 select sink, source, sink,
-  "Pointer arithmetic here may be done with the wrong type because of the cast $@.", source, "here"
+  "This pointer arithmetic may be done with the wrong type because of $@.", source, "this cast"
--- a/Bugs/Conversion/ImplicitDowncastFromBitfield.ql
+++ b/Bugs/Conversion/ImplicitDowncastFromBitfield.ql
@ -24,4 +24,4 @@ where
  va.getExplicitlyConverted().getType().getSize() > fct.getSize() and
  va.getTarget() = fi and
  not fct.getUnspecifiedType() instanceof BoolType
-select va, "Implicit downcast of bitfield $@", fi, fi.toString()
+select va, "Implicit downcast of bitfield $@.", fi, fi.toString()
--- a/Bugs/Conversion/LossyFunctionResultCast.ql
+++ b/Bugs/Conversion/LossyFunctionResultCast.ql
@ -50,4 +50,4 @@ where
  not whiteListWrapped(c)
 select c,
  "Return value of type " + t1.toString() + " is implicitly converted to " + t2.toString() +
-    " here."
+    "."
--- a/Bugs/Format/WrongTypeFormatArguments.ql
+++ b/Bugs/Format/WrongTypeFormatArguments.ql
@ -173,4 +173,4 @@ where
  not actual.getUnspecifiedType() instanceof ErroneousType
 select arg,
  "This argument should be of type '" + expected.getName() + "' but is of type '" +
-    actual.getUnspecifiedType().getName() + "'"
+    actual.getUnspecifiedType().getName() + "'."
--- a/Management/NtohlArrayNoBound.ql
+++ b/Management/NtohlArrayNoBound.ql
@ -13,4 +13,4 @@ import NtohlArrayNoBound
 from NetworkToBufferSizeConfiguration bufConfig, DataFlow::Node source, DataFlow::Node sink
 where bufConfig.hasFlow(source, sink)
-select sink, "Unchecked use of data from network function $@", source, source.toString()
+select sink, "Unchecked use of data from network function $@.", source, source.toString()
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@ -81,4 +81,4 @@ from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
 where
  r.reaches(_, v, va) and
  not va = commonException()
-select va, "The variable $@ may not be initialized here.", v, v.getName()
+select va, "The variable $@ may not be initialized at this access.", v, v.getName()
--- a/Management/UsingExpiredStackAddress.ql
+++ b/Management/UsingExpiredStackAddress.ql
@ -399,5 +399,5 @@ where
  ) and
  source.asStore() = store and
  sink.asSink(_) = load
-select sink, source, sink, "Stack variable $@ escapes $@ and is used after it has expired.", var,
+select sink, source, sink, "Stack variable $@ escapes at $@ and is used after it has expired.", var,
-  var.toString(), store, "here"
+  var.toString(), store, "this store"
--- a/Bugs/OO/UnsafeUseOfThis.ql
+++ b/Bugs/OO/UnsafeUseOfThis.ql
@ -83,4 +83,4 @@ where
    c.getAMemberFunction().getAnOverriddenFunction() = call.getStaticCallTarget()
  )
 select call.getUnconvertedResultExpression(), source, sink,
-  "Call to pure virtual function during " + msg
+  "Call to pure virtual function during " + msg + "."
--- a/Bugs/RedundantNullCheckSimple.ql
+++ b/Bugs/RedundantNullCheckSimple.ql
@ -67,5 +67,5 @@ where
  // the pointer was null. To follow this idea to its full generality, we
  // should also give an alert when `check` post-dominates `deref`.
  deref.getBlock() = dominator
-select checked, "This null check is redundant because the value is $@ in any case", deref,
+select checked, "This null check is redundant because $@ in any case.", deref,
-  "dereferenced here"
+  "the value is dereferenced"
--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@ -60,5 +60,5 @@ where
  taintedWithPath(taintSource, taintedArg, sourceNode, sinkNode) and
  isUserInput(taintSource, taintCause)
 select taintedArg, sourceNode, sinkNode,
-  "This argument to a file access function is derived from $@ and then passed to " + callChain,
+  "This argument to a file access function is derived from $@ and then passed to " + callChain + ".",
  taintSource, "user input (" + taintCause + ")"
--- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@ -158,5 +158,5 @@ where
  concatResult = sinkNode.getState().(ExecState).getSndNode()
 select sinkAsArgumentIndirection(sinkNode.getNode()), sourceNode, sinkNode,
  "This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to "
-    + callChain, sourceNode, "user input (" + taintCause + ")", concatResult,
+    + callChain + ".", sourceNode, "user input (" + taintCause + ")", concatResult,
  concatResult.toString()
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@ -50,5 +50,5 @@ where
  taintedWithPath(taintSource, taintedArg, sourceNode, sinkNode) and
  isUserInput(taintSource, taintCause)
 select taintedArg, sourceNode, sinkNode,
-  "This argument to a SQL query function is derived from $@ and then passed to " + callChain,
+  "This argument to a SQL query function is derived from $@ and then passed to " + callChain + ".",
  taintSource, "user input (" + taintCause + ")"
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@ -34,5 +34,5 @@ where
  isProcessOperationExplanation(arg, processOperation) and
  taintedWithPath(source, arg, sourceNode, sinkNode)
 select arg, sourceNode, sinkNode,
-  "The value of this argument may come from $@ and is being passed to " + processOperation, source,
+  "The value of this argument may come from $@ and is being passed to " + processOperation + ".",
-  source.toString()
+  source, source.toString()
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@ -123,5 +123,5 @@ where
  conf.hasFlowPath(source, sink) and
  isFlowSource(source.getNode(), sourceType)
 select sink.getNode(), source, sink,
-  "$@ flows to here and is used in an array indexing expression, potentially causing an invalid access.",
+  "An array indexing expression depends on $@, potentially causing an invalid access.",
  source.getNode(), sourceType
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@ -34,4 +34,4 @@ where
  isUserInput(userValue, cause)
 select arg, sourceNode, sinkNode,
  "The value of this argument may come from $@ and is being used as a formatting argument to " +
-    printfFunction, userValue, cause
+    printfFunction + ".", userValue, cause
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@ -37,4 +37,4 @@ where
  isUserInput(userValue, cause)
 select arg, sourceNode, sinkNode,
  "The value of this argument may come from $@ and is being used as a formatting argument to " +
-    printfFunction, userValue, cause
+    printfFunction + ".", userValue, cause
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@ -86,4 +86,5 @@ class TaintSource extends VariableAccess {
 from TaintSource source, VariableAccess sink
 where source.reaches(sink)
-select sink, "$@ flows to here and may not be null terminated.", source, "User-provided value"
+select sink, "$@ that may not be null terminated flows to a string operation.", source,
  "User-provided value"
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@ -50,5 +50,5 @@ where
  op.getAnOperand() = e and
  missingGuard(op, e, effect)
 select e, sourceNode, sinkNode,
-  "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".", origin,
+  "$@ flows to an operand of an arithmetic expression, potentially causing an " + effect + ".",
-  "User-provided value"
+  origin, "User-provided value"
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@ -135,5 +135,5 @@ where
  sink.getNode().asExpr() = va and
  missingGuard(va, effect)
 select sink.getNode(), source, sink,
-  "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".",
+  "Arithmetic expression depends on an $@, potentially causing an " + effect + ".",
-  getExpr(source.getNode()), "Uncontrolled value"
+  getExpr(source.getNode()), "uncontrolled value"
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@ -75,5 +75,6 @@ where
    missingGuardAgainstOverflow(op, va) and effect = "overflow"
  ) and
  causeEffectCorrespond(cause, effect)
-select va, "$@ flows to here and is used in arithmetic, potentially causing an " + effect + ".",
+select va,
  "$@ flows to an operand of an arithmetic expression, potentially causing an " + effect + ".",
  origin, "Extreme value"
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@ -36,5 +36,4 @@ where
  not inSystemMacroExpansion(use) and
  // Avoid double-counting: don't include all the conversions of `use`.
  not use instanceof Conversion
-select use, "$@ flows to here and is used in an expression which might " + kind + ".", origin,
+select use, "$@ flows an expression which might " + kind + ".", origin, "User-provided value"
  "User-provided value"
--- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
@ -99,5 +99,5 @@ where
  isFlowSource(source.getNode(), taintCause) and
  conf.hasFlowPath(source, sink) and
  allocSink(alloc, sink.getNode())
-select alloc, source, sink, "This allocation size is derived from $@ and might overflow",
+select alloc, source, sink, "This allocation size is derived from $@ and might overflow.",
  source.getNode(), "user input (" + taintCause + ")"
--- a/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
+++ b/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
@ -39,9 +39,13 @@ where
    isHresultBooleanConverted(e1, e2) and
    if e2.isImplicit()
    then
-      msg = "Implicit conversion from " + e1.getType().toString() + " to " + e2.getType().toString()
+      msg =
        "Implicit conversion from " + e1.getType().toString() + " to " + e2.getType().toString() +
          "."
    else
-      msg = "Explicit conversion from " + e1.getType().toString() + " to " + e2.getType().toString()
+      msg =
        "Explicit conversion from " + e1.getType().toString() + " to " + e2.getType().toString() +
          "."
  )
  or
  exists(ControlStructure ctls |
@ -49,7 +53,7 @@ where
    e1.getType().(TypedefType).hasName("HRESULT") and
    not isHresultBooleanConverted(e1) and
    not ctls instanceof SwitchStmt and // not controlled by a boolean condition
-    msg = "Direct usage of a type " + e1.getType().toString() + " as a conditional expression"
+    msg = "Direct usage of a type " + e1.getType().toString() + " as a conditional expression."
  )
  or
  (
@ -57,14 +61,14 @@ where
      e1.getType().(TypedefType).hasName("HRESULT") and
      msg =
        "Usage of a type " + e1.getType().toString() +
-          " as an argument of a binary logical operation"
+          " as an argument of a binary logical operation."
    )
    or
    exists(UnaryLogicalOperation ulop | ulop.getAnOperand() = e1 |
      e1.getType().(TypedefType).hasName("HRESULT") and
      msg =
        "Usage of a type " + e1.getType().toString() +
-          " as an argument of a unary logical operation"
+          " as an argument of a unary logical operation."
    ) and
    not isHresultBooleanConverted(e1)
  )
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
@ -44,5 +44,5 @@ where
  w.getASource() = sinkNode.getNode().asExpr() and
  dest = w.getDest()
 select w, sourceNode, sinkNode,
-  "This write into buffer '" + dest.toString() + "' may contain unencrypted data from $@", source,
+  "This write into buffer '" + dest.toString() + "' may contain unencrypted data from $@.", source,
  "user input (" + source.getSourceType() + ")"
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
@ -73,5 +73,5 @@ where
  not isFileName(globalValueNumber(source)) and // file names are not passwords
  not exists(string convChar | convChar = w.getSourceConvChar(mid) | not convChar = ["s", "S"]) // ignore things written with other conversion characters
 select w, sourceNode, midNode,
-  "This write into file '" + dest.toString() + "' may contain unencrypted data from $@", source,
+  "This write into file '" + dest.toString() + "' may contain unencrypted data from $@.", source,
  "this source."
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
@ -258,9 +258,9 @@ where
  then
    msg =
      "This operation transmits '" + sink.toString() +
-        "', which may contain unencrypted sensitive data from $@"
+        "', which may contain unencrypted sensitive data from $@."
  else
    msg =
      "This operation receives into '" + sink.toString() +
-        "', which may put unencrypted sensitive data into $@"
+        "', which may put unencrypted sensitive data into $@."
 select networkSendRecv, source, sink, msg, source, source.getNode().toString()
--- a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
+++ b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
@ -74,5 +74,5 @@ where
  config.hasFlowPath(source, sink) and
  source.getNode().asExpr() = sensitive and
  sqliteCall.getASource() = sink.getNode().asExpr()
-select sqliteCall, source, sink, "This SQLite call may store $@ in a non-encrypted SQLite database",
+select sqliteCall, source, sink, "This SQLite call may store $@ in a non-encrypted SQLite database.",
  sensitive, "sensitive information"
--- a/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
+++ b/cpp/ql/src/Security/CWE/CWE-319/UseOfHttp.ql
@ -97,4 +97,4 @@ from
 where
  config.hasFlowPath(source, sink) and
  str = source.getNode().asExpr()
-select str, source, sink, "A URL may be constructed with the HTTP protocol."
+select str, source, sink, "This URL may be constructed with the HTTP protocol."
--- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql
@ -44,5 +44,5 @@ where
  )
 select dest,
  "This pointer might have type $@ (size " + sourceBase.getSize() +
-    "), but the pointer arithmetic here is done with type " + destType + " (size " +
+    "), but this pointer arithmetic is done with type " + destType + " (size " + destBase.getSize() +
-    destBase.getSize() + ").", sourceLoc, sourceBase.toString()
+    ").", sourceLoc, sourceBase.toString()
--- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql
@ -51,5 +51,5 @@ where
  destBase instanceof CharType
 select dest,
  "This pointer might have type $@ (size " + sourceBase.getSize() +
-    "), but the pointer arithmetic here is done with type " + destType + " (size " +
+    "), but this pointer arithmetic is done with type " + destType + " (size " + destBase.getSize() +
-    destBase.getSize() + ").", sourceLoc, sourceBase.toString()
+    ").", sourceLoc, sourceBase.toString()
--- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql
@ -26,4 +26,4 @@ where
  destBase instanceof VoidType
 select dest,
  "This pointer might have type $@ (size " + sourceBase.getSize() +
-    "), but the pointer arithmetic here is done with type void", sourceLoc, sourceBase.toString()
+    "), but this pointer arithmetic is done with type void.", sourceLoc, sourceBase.toString()
--- a/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
+++ b/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
@ -18,4 +18,4 @@ from FunctionCall call, Function target
 where
  call.getTarget() = target and
  target.hasGlobalOrStdName("gets")
-select call, "gets does not guard against buffer overflow"
+select call, "'gets' does not guard against buffer overflow."
--- a/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+++ b/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
@ -16,7 +16,7 @@ import cpp
 predicate potentiallyDangerousFunction(Function f, string message) {
  exists(string name | f.hasGlobalName(name) |
    name = ["gmtime", "localtime", "ctime", "asctime"] and
-    message = "Call to " + name + " is potentially dangerous"
+    message = "Call to '" + name + "' is potentially dangerous."
  )
 }
--- a/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/OpenCallMissingModeArgument.ql
@ -16,4 +16,4 @@ import FilePermissions
 from FileCreationWithOptionalModeExpr fc
 where not fc.hasModeArgument()
 select fc,
-  "A file is created here without providing a mode argument, which may leak bits from the stack."
+  "This creates a file without providing a mode argument, which may leak bits from the stack."
--- a/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
+++ b/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql
@ -37,5 +37,5 @@ from Expr source, Expr condition, Expr raise, PathNode sourceNode, PathNode sink
 where
  taintedWithPath(source, condition, sourceNode, sinkNode) and
  sensitiveCondition(condition, raise)
-select condition, sourceNode, sinkNode, "Reliance on untrusted input $@ to raise privilege at $@",
+select condition, sourceNode, sinkNode, "Reliance on untrusted input $@ to raise privilege at $@.",
  source, source.toString(), raise, raise.toString()
--- a/cpp/ql/src/experimental/Best
+++ b/cpp/ql/src/experimental/Best
@ -42,4 +42,4 @@ where
    ne.getLeftOperand().getFullyConverted().getUnspecifiedType() and
  nearestParent(eq) = nearestParent(ne) and
  sameExpr(eq.getLeftOperand(), ne.getLeftOperand())
-select ne, "Useless Test"
+select ne, "This boolean condition is never evaluated and can be deleted."
--- a/Bugs/RedundantNullCheckParam.ql
+++ b/Bugs/RedundantNullCheckParam.ql
@ -52,5 +52,5 @@ where
  candidateResultChecked(check, eqop) and
  // and which has not been checked before in this code path
  candidateResultUnchecked(unchecked)
-select check, "This null check is redundant or there is a missing null check before $@ ", unchecked,
+select check, "This null check is redundant or there is a missing null check before $@.", unchecked,
  "where dereferencing happens"
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
@ -61,6 +61,5 @@ where
    dominates(ifc1, fc) and
    globalValueNumber(fc.getArgument(na)) = globalValueNumber(ifc1.getCondition().getAChild*())
  )
-select fc,
+select fc, "The value of argument $@ appears to be checked after the call, rather than before it.",
  "The value of argument '$@' appears to be checked after the call, rather than before it.",
  fc.getArgument(na), fc.getArgument(na).toString()
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
@ -87,4 +87,4 @@ class ExploitableUserModePtrParam extends SystemCallSource {
 }
 from ExploitableUserModePtrParam p
-select p, "unsafe_put_user write user-mode pointer $@ without check.", p, p.toString()
+select p, "'unsafe_put_user' write user-mode pointer $@ without check.", p, p.toString()
--- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
@ -138,4 +138,4 @@ where
    fc.getEnclosingFunction() != fn and
    fc.getEnclosingFunction().getMetrics().getNumberOfCalls() > fn.getMetrics().getNumberOfCalls()
  )
-select fc, "Consider changing the call to $@", fn, fn.getName()
+select fc, "Consider changing the call to $@.", fn, fn.getName()
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@ -16,4 +16,4 @@ from FunctionCall call, ScanfFunction sff
 where
  call.getTarget() = sff and
  call.getArgument(sff.getFormatParameterIndex()).getValue().regexpMatch(".*%l?s.*")
-select call, "Dangerous use of one of the scanf functions"
+select call, "Dangerous use of one of the scanf functions."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
@ -18,4 +18,4 @@ from WriteConfig b, DataFlow::PathNode source, DataFlow::PathNode sink
 where b.hasFlowPath(source, sink)
 select sink.getNode(), source, sink,
  "This write into the external location '" + sink.getNode() +
-    "' may contain unencrypted data from $@", source, "this source."
+    "' may contain unencrypted data from $@.", source, "this source of private data."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@ -58,4 +58,4 @@ class ReallocCallLeak extends FunctionCall {
 from ReallocCallLeak rcl
 where not rcl.mayHandleByTermination()
-select rcl, "possible loss of original pointer on unsuccessful call realloc"
+select rcl, "Possible loss of original pointer on unsuccessful call realloc."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
@ -30,4 +30,4 @@ where
    fc.getASuccessor+() = fctmp and
    fctmp.getASuccessor+() = fc1
  )
-select fc, "You need to handle the return value SSL_shutdown"
+select fc, "You need to handle the return value 'SSL_shutdown'."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
@ -116,4 +116,4 @@ where
  exp.(UsingArithmeticInComparison).compareWithOutZero()
  or
  exists(WhileStmt wst | wst instanceof UsingWhileAfterWhile and exp = wst.getCondition())
-select exp, "this expression needs your attention"
+select exp, "This expression needs your attention."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
@ -100,4 +100,4 @@ where
        fc.getArgument(i1).(AddressOfExpr).getOperand().(VariableAccess).getTarget()
    )
  )
-select fc, "Unchecked return value for call to '" + fc.getTarget().getName() + "'."
+select fc, "Unchecked return value for call to $@.", fc.getTarget() as target, target.getName()
--- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
@ -190,5 +190,5 @@ where
    exp.(BinaryBitwiseOperation).getRightOperand().(BinaryBitwiseOperation).getLeftOperand(),
    exp.(BinaryBitwiseOperation).getRightOperand().(BinaryBitwiseOperation).getRightOperand(), exp,
    exp.(BinaryBitwiseOperation).getRightOperand()) and
-  msg = "specify the priority with parentheses."
+  msg = "Specify the priority with parentheses."
 select exp, msg
--- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
@ -51,4 +51,4 @@ where
  incrementBoolType(exp) or
  revertSignBoolType(exp) or
  assignBoolType(exp)
-select exp, "this expression needs attention"
+select exp, "This expression needs attention."
--- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
@ -26,5 +26,5 @@ where
  DataFlow::localFlow(DataFlow::parameterNode(p), sink) and
  p.getUnspecifiedType().getSize() < 8
 select call,
-  "This call: $@  passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@",
+  "This call: $@ passes an unsigned int to a function that requires a signed int: $@. And then used in pointer arithmetic: $@.",
  call, call.toString(), f, f.toString(), sink, sink.toString()
--- a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
@ -31,4 +31,4 @@ where
    not exptmp.getEnclosingStmt() = expr.getEnclosingStmt()
  ) and
  globalValueNumber(fc.getArgument(0)) = globalValueNumber(exprarr.getArrayBase())
-select expr, "potential unsafe or redundant assignment."
+select expr, "Potential unsafe or redundant assignment."
--- a/cpp/ql/src/jsf/4.06
+++ b/cpp/ql/src/jsf/4.06
@ -12,4 +12,4 @@ import cpp
 from Macro m
 where m.getHead().matches("%(%") // Macro functions are simply macros with brackets in the head
-select m, "The #define pre-processor directive shall not be used to create inline macros"
+select m, "The #define pre-processor directive shall not be used to create inline macros."
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@ -93,4 +93,4 @@ where
    // they are both variable names in close enough scopes for the confusion to matter
    d1 instanceof Variable and d2 instanceof Variable and compatibleScopes(d1, d2)
  )
-select d1, "AV Rule 48: this identifier is too close to another identifier (" + d2.getName() + ")"
+select d1, "AV Rule 48: this identifier is too close to another identifier (" + d2.getName() + ")."
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@ -24,5 +24,5 @@ where
  w.isDefiniteAcronym() and
  not w.isUppercase()
 select d,
-  "AV Rule 49:  acronyms in identifiers will be uppercase. Incorrect case for acronym " +
+  "AV Rule 49: acronyms in identifiers will be uppercase. Incorrect case for acronym " +
    w.toString() + "."
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@ -15,4 +15,4 @@ from Include i, string name
 where
  name = i.getIncludeText() and
  name.matches(["%'%", "%\\\\%", "%/*%", "%//%", "%\"%\"%\"%", "%<%\"%>%"])
-select i, "AV Rule 53.1: Invalid character sequence in header file name '" + name + "'"
+select i, "AV Rule 53.1: Invalid character sequence in header file name '" + name + "'."
--- a/cpp/ql/src/jsf/4.09
+++ b/cpp/ql/src/jsf/4.09
@ -37,4 +37,4 @@ where
  f.hasDefinition() and
  not valid(f)
 select f,
-  "AV Rule 58: functions with more than two parameters will conform to style rules for declaring parameters"
+  "AV Rule 58: functions with more than two parameters will conform to style rules for declaring parameters."
--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@ -32,4 +32,4 @@ where
    baseElement(e.getType(), cl) and // only interested in arrays with classes
    not compatible(f.getParameter(i).getUnspecifiedType(), e.getUnspecifiedType())
  )
-select e, "AV Rule 96: Arrays shall not be teated polymorphically"
+select e, "AV Rule 96: Arrays shall not be teated polymorphically."
--- a/cpp/ql/src/jsf/4.11
+++ b/cpp/ql/src/jsf/4.11
@ -26,4 +26,4 @@ from Namespace ns, File rep
 where
  exists(ns.getParentNamespace().getParentNamespace().getParentNamespace()) and
  namespaceRepresentative(ns, rep)
-select rep, "AV Rule 99: namespace " + ns.toString() + " is nested more than two levels deep"
+select rep, "AV Rule 99: namespace " + ns.toString() + " is nested more than two levels deep."
--- a/cpp/ql/src/jsf/4.13
+++ b/cpp/ql/src/jsf/4.13
@ -14,4 +14,4 @@ from Function f
 where
  f.fromSource() and
  f.calls+(f)
-select f, "Functions shall not call theselves, either directly or indirectly"
+select f, "Functions shall not call theselves, either directly or indirectly."
--- a/cpp/ql/src/jsf/4.15
+++ b/cpp/ql/src/jsf/4.15
@ -35,4 +35,4 @@ where
    localShadowsParameter(v, shadowed) or
    shadowing(v, shadowed)
  )
-select v, "Identifiers in an inner scope should not hide identifiers in an outer scope"
+select v, "Identifiers in an inner scope should not hide identifiers in an outer scope."
--- a/cpp/ql/src/jsf/4.21
+++ b/cpp/ql/src/jsf/4.21
@ -31,4 +31,4 @@ where
  isSignedOperand(op.getAnOperand()) and
  isUnsignedOperand(op.getAnOperand())
 select op,
-  "AV Rule 162: signed and unsigned values shall not be mixed in arithmetic or comparison operations"
+  "AV Rule 162: signed and unsigned values shall not be mixed in arithmetic or comparison operations."
--- a/cpp/ql/src/jsf/4.21
+++ b/cpp/ql/src/jsf/4.21
@ -25,4 +25,4 @@ where
  op instanceof BinaryArithmeticOperation and
  isUnsignedOperand(op.getChild(0)) and
  isUnsignedOperand(op.getChild(1))
-select op, "AV Rule 163: unsigned arithmetic shall not be used"
+select op, "AV Rule 163: unsigned arithmetic shall not be used."
--- a/cpp/ql/src/jsf/4.22
+++ b/cpp/ql/src/jsf/4.22
@ -35,4 +35,4 @@ where
    global.hasSpecifier("static")
  )
 select a,
-  "AV Rule 173: The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist"
+  "AV Rule 173: The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist."
--- a/cpp/ql/src/jsf/4.23
+++ b/cpp/ql/src/jsf/4.23
@ -104,4 +104,4 @@ where
  not lic.getUnderlyingTargetType() instanceof BoolType
 select lic,
  "AV Rule 180: implicit conversion from " + lic.getUnderlyingSourceType().toString() + " to " +
-    lic.getUnderlyingTargetType().toString() + " may lose information"
+    lic.getUnderlyingTargetType().toString() + " may lose information."
--- a/cpp/ql/src/jsf/4.23
+++ b/cpp/ql/src/jsf/4.23
@ -34,4 +34,4 @@ where
  not t1.(ArrayType).getBaseType() = t2.(PointerType).getBaseType()
 select e,
  "AV Rule 182: illegal cast from type " + t1.toString() + " to type " + t2.toString() +
-    ". Casting to or from pointers shall not be used"
+    ". Casting to or from pointers shall not be used."
--- a/cpp/ql/src/jsf/4.25
+++ b/cpp/ql/src/jsf/4.25
@ -38,4 +38,4 @@ where
  va != e and
  not e.getParent().(AssignExpr).getLValue() = e
 select c,
-  "AV Rule 204.1: The value of an expression shall be the same under any order of evaluation that the standard permits"
+  "AV Rule 204.1: The value of an expression shall be the same under any order of evaluation that the standard permits."