From e52fa9a469eeed99fd1e3f1dc56ff72de195ed88 Mon Sep 17 00:00:00 2001
From: erik-krogh <erik-krogh@github.com>
Date: Thu, 11 Aug 2022 14:46:12 +0200
Subject: [PATCH] update {cs/java}/regex-injection to match javascript

---
 csharp/ql/src/Security Features/CWE-730/RegexInjection.ql     | 4 ++--
 .../src/experimental/Security/CWE/CWE-730/RegexInjection.ql   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
index 0ce1459091e..396c0859d33 100644
--- a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql	
+++ b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql	
@@ -23,5 +23,5 @@ where
   c.hasFlowPath(source, sink) and
   // No global timeout set
   not exists(RegexGlobalTimeout r)
-select sink.getNode(), source, sink, "$@ flows to the construction of a regular expression.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"
diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
index 3b8b5dc759a..f60e5d9070b 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql
@@ -85,5 +85,5 @@ class RegexInjectionConfiguration extends TaintTracking::Configuration {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, RegexInjectionConfiguration c
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ is user controlled.", source.getNode(),
-  "This regular expression pattern"
+select sink.getNode(), source, sink, "This regular expression is constructed from a $@.",
+  source.getNode(), "user-provided value"