Address QL-for-QL alert

atorralba · atorralba · commit f4047e016cb5 · 2022-11-03T12:01:42.000+01:00
Use an alert message consistent with the other languages
diff --git a/swift/ql/src/queries/Security/CWE-611/XXE.ql b/swift/ql/src/queries/Security/CWE-611/XXE.ql
@@ -20,5 +20,6 @@ import DataFlow::PathGraph
 
 from DataFlow::PathNode source, DataFlow::PathNode sink
 where any(XxeConfiguration c).hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "XML parser with enabled external entities depends on $@.",
-  source.getNode(), "user input"
+select sink.getNode(), source, sink,
+  "XML parsing depends on a $@ without guarding against external entity expansion.",
+  source.getNode(), "user-provided value"
