the query libraries (including all the cwe scripts) are going to be updated significantly to
make them easier to use. the new versions, coming with cobra version 3.9, will use named
pattern sets to store and report results, and will support output in json format (which can
separately be re-imported into cobra).
it's interesting that you also caught the bug in the array name -- in doing the rewrites I stumbled
upon the same issue and wondered why no-one else had noticed it yet!
significant improvements in 3.9 -- i'll update everything likely later this month
the query libraries (including all the cwe scripts) are going to be updated significantly to make them easier to use. the new versions, coming with cobra version 3.9, will use named pattern sets to store and report results, and will support output in json format (which can separately be re-imported into cobra). it's interesting that you also caught the bug in the array name -- in doing the rewrites I stumbled upon the same issue and wondered why no-one else had noticed it yet! significant improvements in 3.9 -- i'll update everything likely later this month