Java: update query metadata and alert message

Author: Jami Cogswell

java/ql/src/Security/CWE/CWE-552/UnsafeUrlForward.ql

@@ -1,13 +1,16 @@
 /**
- * @name Unsafe URL forward or include from a remote source
- * @description URL forward or include based on unvalidated user-input
- *              may cause file information disclosure.
+ * @name URL forward from a remote source
+ * @description URL forward based on unvalidated user-input
+ *              may cause file information disclosure or
+ *              redirection to malicious web sites.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 6.1
  * @precision high
- * @id java/unsafe-url-forward-include
+ * @id java/unvalidated-url-forward
  * @tags security
- *       external/cwe-552
+ *       external/cwe/cwe-552
+ *       external/cwe/cwe-601
  */
 
 import java
@@ -16,5 +19,5 @@ import UnsafeUrlForwardFlow::PathGraph
 
 from UnsafeUrlForwardFlow::PathNode source, UnsafeUrlForwardFlow::PathNode sink
 where UnsafeUrlForwardFlow::flowPath(source, sink)
-select sink.getNode(), source, sink, "Potentially untrusted URL forward due to $@.",
-  source.getNode(), "user-provided value"
+select sink.getNode(), source, sink, "Untrusted URL forward depends on a $@.", source.getNode(),
+  "user-provided value"