refactor code; add change note

2025-12-24 04:36:35 +01:00 · 2022-10-31 09:53:28 -04:00
parent 037a05cd66
commit f6f26fe6c5
4 changed files with 14 additions and 4 deletions
--- a/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
@@ -1,10 +1,11 @@
 /**
 * @name Regular expression injection
- * @description User input should not be used in regular expressions without first being sanitized,
+ * @description User input should not be used in regular expressions without first being escaped,
 *              otherwise a malicious user may be able to provide a regex that could require
 *              exponential time on certain inputs.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 7.5
 * @precision high
 * @id java/regex-injection
 * @tags security