Update the description message of template rule (#803)

ccojocar · web-flow · commit 89dfdc0c9726 · 2022-04-05T07:41:36.000+02:00
diff --git a/rules/templates.go b/rules/templates.go
@@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 			ID:         id,
 			Severity:   gosec.Medium,
 			Confidence: gosec.Low,
-			What:       "this method will not auto-escape HTML. Verify data is well formed.",
+			What:       "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
 		},
 	}, []ast.Node{(*ast.CallExpr)(nil)}
 }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {`
`54`	`54`	`ID: id,`
`55`	`55`	`Severity: gosec.Medium,`
`56`	`56`	`Confidence: gosec.Low,`
`57`		`- What: "this method will not auto-escape HTML. Verify data is well formed.",`
	`57`	`+ What: "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",`
`58`	`58`	`},`
`59`	`59`	`}, []ast.Node{(*ast.CallExpr)(nil)}`
`60`	`60`	`}`