update {cs/java}/regex-injection to match javascript

erik-krogh · erik-krogh · commit e52fa9a469ee · 2022-08-22T21:41:45.000+02:00
diff --git a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
@@ -23,5 +23,5 @@ where
   c.hasFlowPath(source, sink) and
   // No global timeout set
   not exists(RegexGlobalTimeout r)
-select sink.getNode(), source, sink, "$@ flows to the construction of a regular expression.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
@@ -85,5 +85,5 @@ class RegexInjectionConfiguration extends TaintTracking::Configuration {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ is user controlled.", source.getNode(),
-  "This regular expression pattern"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"
