Align alert messages across languages.

joefarebrother · joefarebrother · commit 1208195d8a3d · 2025-09-23T15:46:53.000+01:00
diff --git a/python/ql/src/Security/CWE-1004/NonHttpOnlyCookie.ql b/python/ql/src/Security/CWE-1004/NonHttpOnlyCookie.ql
@@ -1,5 +1,5 @@
 /**
- * @name Cookie missing `HttpOnly` attribute.
+ * @name Sensitive cookie missing `HttpOnly` attribute.
  * @description Cookies without the `HttpOnly` attribute set can be accessed by JS scripts, making them more vulnerable to XSS attacks.
  * @kind problem
  * @problem.severity warning
@@ -18,4 +18,4 @@ from Http::Server::CookieWrite cookie
 where
   cookie.hasHttpOnlyFlag(false) and
   cookie.isSensitive()
-select cookie, "Cookie is added without the HttpOnly attribute properly set."
+select cookie, "Sensitive cookie is set without HttpOnly flag."
diff --git a/python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql b/python/ql/src/Security/CWE-1275/SameSiteNoneCookie.ql
@@ -1,5 +1,5 @@
 /**
- * @name Cookie with `SameSite` attribute set to `None`.
+ * @name Sensitive cookie with `SameSite` attribute set to `None`.
  * @description Cookies with `SameSite` set to `None` can allow for Cross-Site Request Forgery (CSRF) attacks.
  * @kind problem
  * @problem.severity warning
@@ -18,4 +18,4 @@ from Http::Server::CookieWrite cookie
 where
   cookie.hasSameSiteAttribute(any(Http::Server::CookieWrite::SameSiteNone v)) and
   cookie.isSensitive()
-select cookie, "Cookie is added with the SameSite attribute set to None."
+select cookie, "Sensitive cookie with SameSite set to 'None'."
diff --git a/python/ql/src/Security/CWE-614/InsecureCookie.ql b/python/ql/src/Security/CWE-614/InsecureCookie.ql
@@ -19,4 +19,4 @@ from Http::Server::CookieWrite cookie
 where
   cookie.hasSecureFlag(false) and
   cookie.isSensitive()
-select cookie, "Cookie is added without the Secure attribute properly set."
+select cookie, "Cookie is added to response without the 'secure' flag being set."
