From 0c05fa48eb7b48f3c6757999089a0972b9c3abe7 Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 11 Jun 2025 14:15:25 +0100
Subject: [PATCH] Rust: Update RegexInjectionExtensions to use
 getCanonicalPath.

---
 .../rust/security/regex/RegexInjectionExtensions.qll     | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll
index 4daff543b980..61d26f2f938b 100644
--- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll
+++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll
@@ -53,11 +53,10 @@ module RegexInjection {
    */
   private class NewSink extends Sink {
     NewSink() {
-      exists(CallExprCfgNode call, PathExpr path |
-        path = call.getFunction().getExpr() and
-        path.getResolvedCrateOrigin() = "repo:https://github.com/rust-lang/regex:regex" and
-        path.getResolvedPath() = "<crate::regex::string::Regex>::new" and
-        this.asExpr() = call.getArgument(0) and
+      exists(CallExprBase call, Addressable a |
+        call.getStaticTarget() = a and
+        a.getCanonicalPath() = "<regex::regex::string::Regex>::new" and
+        this.asExpr().getExpr() = call.getArg(0) and
         not this.asExpr() instanceof LiteralExprCfgNode
       )
     }