Enhance query ouput

toufik-airane · toufik-airane · commit f7cbc8a8d437 · 2020-06-22T22:34:06.000+02:00
- add valuable text to assess the query results
- add an example of the output
diff --git a/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql b/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
@@ -16,4 +16,5 @@ from CallNode call
 where
   call = moduleMember("jsonwebtoken", "verify").getACall() and
   unique(boolean b | b = call.getArgument(1).analyze().getABooleanValue()) = false
-select call
+select call.getStartLine(), call,
+  "does not verify the JWT payload with a cryptographic secret or public key."
diff --git a/javascript/ql/src/experimental/Security/CWE-347/examples/results.txt b/javascript/ql/src/experimental/Security/CWE-347/examples/results.txt
@@ -0,0 +1,5 @@
+| col0 |        call         |                                    col2                                    |
++------+---------------------+----------------------------------------------------------------------------+
+|    9 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |
+|   10 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |
+|   11 | jwt.ver ... ne"] }) | does not verify the JWT payload with a cryptographic secret or public key. |
