Rust: Applying suggestions to documentation

Author: paldepind

rust/ql/src/queries/security/CWE-020/RegexInjection.qhelp

@@ -6,8 +6,8 @@
 <overview>
 <p>
 Constructing a regular expression with unsanitized user input can be dangerous.
-A malicious user may be able to modify the meaning of the expression causing it
-to match unexpected strings and to construct large regular expressions by using
+A malicious user may be able to modify the meaning of the expression, causing it
+to match unexpected strings and construct large regular expressions by using
 counted repetitions.
 </p>
 </overview>
@@ -22,13 +22,13 @@ escape meta-characters that have special meaning.
 <p>
 If purposefully supporting user supplied regular expressions, then use <a
 href="https://docs.rs/regex/latest/regex/struct.RegexBuilder.html#method.size_limit">RegexBuilder::size_limit</a>
-to limit the pattern size such that it is no larger than necessary.
+to limit the pattern size so that it is no larger than necessary.
 </p>
 </recommendation>
 
 <example>
 <p>
-The following example construct a regular expressions from the user input
+The following example constructs a regular expressions from the user input
 <code>key</code> without escaping it first.
 </p>
 
@@ -41,16 +41,16 @@ malicious user might inject the regular expression <code>".*^|key"</code> and
 unexpectedly cause strings such as <code>"key=secret"</code> to match.
 </p>
 <p>
-If user input is used to construct a regular expression it should be escaped
-first. This ensures that the user cannot insert characters that have special
+If user input is used to construct a regular expression, it should be escaped
+first. This ensures that the malicious users cannot insert characters that have special
 meanings in regular expressions.
 </p>
 <sample src="RegexInjectionGood.rs" />
 </example>
 
 <references>
 <li>
-  <code>regex</code> crate documentation: <a href="https://docs.rs/regex/latest/regex/index.html#untrusted-patterns">Untrusted patterns</a>
+  <code>regex</code> crate documentation: <a href="https://docs.rs/regex/latest/regex/index.html#untrusted-patterns">Untrusted patterns</a>.
 </li>
 </references>
 </qhelp>

rust/ql/src/queries/security/CWE-020/RegexInjection.ql

@@ -1,6 +1,9 @@
 /**
  * @name Regular expression injection
- * @description
+ * @description User input should not be used in regular expressions without first being
+ *              escaped, otherwise a malicious user may be able to inject an expression that
+ *              could modify the meaning of the expression, causing it to match unexpected
+ *              strings.
  * @kind path-problem
  * @problem.severity error
  * @security-severity 7.8