add default message if not pretty printed call can be created

erik-krogh · erik-krogh · commit b20e8520f6cf · 2020-02-24T14:52:08.000+01:00
diff --git a/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql b/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql
@@ -14,10 +14,12 @@ import javascript
 import semmle.javascript.security.UselessUseOfCat
 import semmle.javascript.RestrictedLocations
 
-
 from UselessCat cat, string message
-where 
-    message = " Can be replaced with: " + PrettyPrintCatCall::createReadFileCall(cat)
-    or
-    not exists(PrettyPrintCatCall::createReadFileCall(cat)) and message = ""
+where
+  message = " Can be replaced with: " + PrettyPrintCatCall::createReadFileCall(cat)
+  or
+  not exists(PrettyPrintCatCall::createReadFileCall(cat)) and
+  if cat.isSync()
+  then message = " Can be replaced with a call to fs.readFileSync(..)."
+  else message = " Can be replaced with a call to fs.readFile(..)."
 select cat.asExpr().(FirstLineOf), "Useless use of `cat`." + message
