Rust: Use CWE 20 for regex injection query

2026-04-19 14:04:09 +02:00 · 2025-03-10 14:52:25 +01:00
parent 0e965f7616
commit 5c83644360
10 changed files with 4 additions and 4 deletions
--- a/rust/ql/src/queries/security/CWE-020/RegexInjection.qhelp
+++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.qhelp
--- a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
+++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql
@@ -3,12 +3,12 @@
 * @description
 * @kind path-problem
 * @problem.severity error
- * @security-severity 7.5
+ * @security-severity 7.8
 * @precision high
 * @id rust/regex-injection
 * @tags security
- *       external/cwe/cwe-730
- *       external/cwe/cwe-400
+ *       external/cwe/cwe-020
+ *       external/cwe/cwe-074
 */

 private import rust
--- a/rust/ql/src/queries/security/CWE-020/RegexInjectionBad.rs
+++ b/rust/ql/src/queries/security/CWE-020/RegexInjectionBad.rs
--- a/rust/ql/src/queries/security/CWE-020/RegexInjectionGood.rs
+++ b/rust/ql/src/queries/security/CWE-020/RegexInjectionGood.rs
--- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected
+++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected
--- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref
+++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref
@@ -1,2 +1,2 @@
-query: queries/security/CWE-730/RegexInjection.ql
+query: queries/security/CWE-020/RegexInjection.ql
 postprocess: utils/test/InlineExpectationsTestQuery.ql
--- a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.expected
+++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.expected
--- a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql
+++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql
--- a/rust/ql/test/query-tests/security/CWE-020/main.rs
+++ b/rust/ql/test/query-tests/security/CWE-020/main.rs
--- a/rust/ql/test/query-tests/security/CWE-020/options.yml
+++ b/rust/ql/test/query-tests/security/CWE-020/options.yml