From 13decd38d90d30449f0a875278c35d8a2d9f3772 Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Tue, 8 Nov 2022 15:27:37 -0500
Subject: [PATCH] update sink

---
 .../lib/semmle/code/java/security/regexp/RegexInjection.qll | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
index 4df736e6241..3c1e2e98229 100644
--- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll
@@ -14,10 +14,8 @@ abstract class RegexInjectionSanitizer extends DataFlow::ExprNode { }
 /** A method call that takes a regular expression as an argument. */
 private class DefaultRegexInjectionSink extends RegexInjectionSink {
   DefaultRegexInjectionSink() {
-    exists(string kind |
-      kind.matches(["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"]) and
-      sinkNode(this, kind)
-    )
+    // we only select sinks where there is direct regex creation, not regex uses
+    sinkNode(this, ["regex-use[]", "regex-use[f1]", "regex-use[f-1]", "regex-use[-1]", "regex-use"])
   }
 }