Dynamic (#77)

tests/fixtures/real_world/java/mixed/deser_cmdi.expect.json

@@ -45,14 +45,14 @@
       "notes": "Runtime.getRuntime().exec(command) with deserialized input; AST pattern correctly matches"
     },
     {
-      "rule_id": "java.xss.getwriter_print",
+      "rule_id": "taint-unsanitised-flow",
       "severity": "MEDIUM",
       "must_not_match": true,
       "line_range": [
         11,
         11
       ],
-      "notes": "response.getWriter().println(\"Done\") — constant string, Layer B suppresses (regression guard)"
+      "notes": "response.getWriter().println(\"Done\") — constant string, must NOT raise reflected-XSS (Cap::HTML_ESCAPE). Regression guard retargeted from the retired java.xss.getwriter_print AST pattern to the taint sink that now owns reflected XSS."
     },
     {
       "rule_id": "taint-unsanitised-flow",

tests/fixtures/real_world/java/mixed/servlet_full.expect.json

@@ -80,14 +80,14 @@
       "notes": "source at 11:9 (request.getParameter(\"input\")) flows through SQL query (line 17) into result set output at out.println(rs.getString(1)); second-order taint via tainted query results"
     },
     {
-      "rule_id": "java.xss.getwriter_print",
+      "rule_id": "taint-unsanitised-flow",
       "severity": "MEDIUM",
       "must_not_match": true,
       "line_range": [
         26,
         26
       ],
-      "notes": "response.getWriter().println(new String(data)) — file-read data, Layer B suppresses (regression guard)"
+      "notes": "response.getWriter().println(new String(data)) — file-read bytes, not reflected request input, must NOT raise reflected-XSS (Cap::HTML_ESCAPE). Regression guard retargeted from the retired java.xss.getwriter_print AST pattern to the taint sink that now owns reflected XSS."
     }
   ]
 }