Python: Fix errors introduced during port

testing on a database helps..

Author: yoff

python/ql/lib/semmle/python/security/injection/RegexInjectionCustomizations.qll

@@ -25,7 +25,14 @@ module RegexInjection {
    * A sink for "regular expression injection" vulnerabilities is the execution of a regular expression.
    * If you have a custom way to execute regular expressions, you can extend `RegexExecution::Range`.
    */
-  class Sink extends RegexExecution { }
+  class Sink extends DataFlow::Node {
+    RegexExecution regexExecution;
+
+    Sink() { this = regexExecution.getRegexNode() }
+
+    /** Gets the call that executes the regular expression marked by this sink. */
+    RegexExecution getRegexExecution() { result = regexExecution }
+  }
 
   /**
    * A sanitizer for "regular expression injection" vulnerabilities.

python/ql/src/Security/CWE-730/RegexInjection.ql

@@ -13,16 +13,16 @@
 
 // determine precision above
 import python
+private import semmle.python.Concepts
 import semmle.python.security.injection.RegexInjection
 import DataFlow::PathGraph
 
 from
   RegexInjection::Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink,
-  RegexInjection::Sink regexInjectionSink
+  RegexExecution regexExecution
 where
   config.hasFlowPath(source, sink) and
-  regexInjectionSink = sink.getNode()
+  regexExecution = sink.getNode().(RegexInjection::Sink).getRegexExecution()
 select sink.getNode(), source, sink,
-  "$@ regular expression is constructed from a $@ and executed by $@.",
-  regexInjectionSink.getRegexNode(), "This", source.getNode(), "user-provided value",
-  regexInjectionSink, regexInjectionSink.getName()
+  "$@ regular expression is constructed from a $@ and executed by $@.", sink.getNode(), "This",
+  source.getNode(), "user-provided value", regexExecution, regexExecution.getName()