update sink

Jami Cogswell · Jami Cogswell · commit 13decd38d90d · 2022-11-08T15:29:33.000-05:00
diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -14,10 +14,8 @@ abstract class RegexInjectionSanitizer extends DataFlow::ExprNode { }
 /** A method call that takes a regular expression as an argument. */
 private class DefaultRegexInjectionSink extends RegexInjectionSink {
   DefaultRegexInjectionSink() {
-    exists(string kind |
-      kind.matches(["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"]) and
-      sinkNode(this, kind)
-    )
+    // we only select sinks where there is direct regex creation, not regex uses
+    sinkNode(this, ["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"])
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -14,10 +14,8 @@ abstract class RegexInjectionSanitizer extends DataFlow::ExprNode { }`
`14`	`14`	`/** A method call that takes a regular expression as an argument. */`
`15`	`15`	`private class DefaultRegexInjectionSink extends RegexInjectionSink {`
`16`	`16`	`DefaultRegexInjectionSink() {`
`17`		`- exists(string kind \|`
`18`		`- kind.matches(["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"]) and`
`19`		`- sinkNode(this, kind)`
`20`		`- )`
	`17`	`+ // we only select sinks where there is direct regex creation, not regex uses`
	`18`	`+ sinkNode(this, ["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"])`
`21`	`19`	`}`
`22`	`20`	`}`
`23`	`21`