Fixed remediation metadata

Author: andrecsilva

framework/codemodder-base/src/main/java/io/codemodder/remediation/regexdos/RegexDoSFixStrategy.java

@@ -30,7 +30,7 @@ final class RegexDoSFixStrategy extends MatchAndFixStrategy {
       List.of("matches", "find", "replaceAll", "replaceFirst");
 
   /**
-   * Test if the node is a Pattern.matcher*() call
+   * Test if the node is an argument of a Pattern.matcher*() call
    *
    * @param node
    * @return

framework/codemodder-base/src/main/resources/generic-remediation-reports/error-message-exposure/description.md

@@ -1,20 +1,14 @@
-This change adds a timout to regex matching calls from the `java.util.regex` libraries.
+This change removes exposure through sending/printing of error and exception data.
 
 Our changes look like this:
 
 ```java
-+public <E> E executeWithTimeout(final Callable<E> action, final int timeout){
-+    Future<E> maybeResult = Executors.newSingleThreadExecutor().submit(action);
-+    try{
-+        return maybeResult.get(timeout, TimeUnit.MILLISECONDS);
-+    }catch(Exception e){
-+        throw new RuntimeException("Failed to execute within time limit.");
-+    }
-+}
-...
-String input = "aaaaaaaaaaaaaaaaaaaaa";
-Pattern pat = Pattern.compile("^(a+)+$");
-var matcher = pat.matcher(input);
-- matcher.matches();
-+ executeWithTimeout(() -> matcher.matches(), 5000);
+ void function(HttpServletResponse response) {
+    PrintWriter pw = reponse.getWriter();
+    try{
+        ...
+    } catch (Exception e) {
+-        pw.println(e.getMessage());
+    }
+ }
 ```

framework/codemodder-base/src/main/resources/generic-remediation-reports/error-message-exposure/report.json

@@ -1,6 +1,6 @@
 {
-  "summary" : "Added a timeout to regular expression matching",
-  "change" : "Added a timeout to regular expression matching",
-  "reviewGuidanceIJustification" : "The expected timeout is highly dependent on the application and should be adjusted to conform to it.",
-  "references" : ["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS", "https://cwe.mitre.org/data/definitions/400.html", "https://github.com/google/re2j"]
+  "summary" : "Removed printing/sending of error data",
+  "change" : "Removed printing/sending of error data",
+  "reviewGuidanceIJustification" : "While this change is most likely harmless, it may be the case that the other endpoint is expecting the message and needs adjustment.",
+  "references" : ["https://cwe.mitre.org/data/definitions/209.html", "https://owasp.org/www-community/Improper_Error_Handling", "https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information"]
 }

framework/codemodder-base/src/main/resources/generic-remediation-reports/regex-dos/description.md

@@ -1,14 +1,20 @@
-This change removes exposure through sending/printing of error and exception data.
+This change adds a timout to regex matching calls from the `java.util.regex` libraries.
 
 Our changes look like this:
 
 ```java
- void function(HttpServletResponse response) {
-    PrintWriter pw = reponse.getWriter();
-    try{
-        ...
-    } catch (Exception e) {
--        pw.println(e.getMessage());
-    }
- }
++public <E> E executeWithTimeout(final Callable<E> action, final int timeout){
++    Future<E> maybeResult = Executors.newSingleThreadExecutor().submit(action);
++    try{
++        return maybeResult.get(timeout, TimeUnit.MILLISECONDS);
++    }catch(Exception e){
++        throw new RuntimeException("Failed to execute within time limit.");
++    }
++}
+...
+String input = "aaaaaaaaaaaaaaaaaaaaa";
+Pattern pat = Pattern.compile("^(a+)+$");
+var matcher = pat.matcher(input);
+- matcher.matches();
++ executeWithTimeout(() -> matcher.matches(), 5000);
 ```

framework/codemodder-base/src/main/resources/generic-remediation-reports/regex-dos/report.json

@@ -1,6 +1,6 @@
 {
-  "summary" : "Removed printing/sending of error data",
-  "change" : "Removed printing/sending of error data",
-  "reviewGuidanceIJustification" : "While this change is most likely harmless, it may be the case that the other endpoint is expecting the message and needs adjustment.",
-  "references" : ["https://cwe.mitre.org/data/definitions/209.html", "https://owasp.org/www-community/Improper_Error_Handling", "https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information"]
+  "summary" : "Added a timeout to regular expression matching",
+  "change" : "Added a timeout to regular expression matching",
+  "reviewGuidanceIJustification" : "The expected timeout is highly dependent on the application and should be adjusted to conform to it.",
+  "references" : ["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS", "https://cwe.mitre.org/data/definitions/400.html", "https://github.com/google/re2j"]
 }