Added tests for regex sanitization to identify false positives matchAll

Author: Napalys

javascript/ql/test/experimental/Security/CWE-918/check-regex.js

@@ -25,7 +25,7 @@ app.get('/check-with-axios', req => {
   } else {
     axios.get(baseURL + req.params.tainted); // OK
   }
-  
+
   // Blacklists are not safe
   if (!req.query.tainted.match(/^[/\.%]+$/)) {
     axios.get("test.com/" + req.query.tainted); // SSRF
@@ -39,6 +39,13 @@ app.get('/check-with-axios', req => {
   }
 
   axios.get("test.com/" + req.query.tainted); // OK - False Positive
+
+  if (req.query.tainted.matchAll(/^[0-9a-z]+$/g)) { // letters and numbers
+    axios.get("test.com/" + req.query.tainted); // OK
+  }
+  if (req.query.tainted.matchAll(/^[0-9a-z\-_]+$/g)) { // letters, numbers, - and _
+    axios.get("test.com/" + req.query.tainted); // OK
+  }
 });
 
 const isValidPath = path =>  path.match(/^[0-9a-z]+$/);