JS: rename query

"Incomplete URL regular expression" -> "Incomplete regular expression for hostnames".

Author: Esben Sparre Andreasen

javascript/config/suites/javascript/security

@@ -1,6 +1,6 @@
 + semmlecode-javascript-queries/DOM/TargetBlank.ql: /Security/CWE/CWE-200
 + semmlecode-javascript-queries/Electron/EnablingNodeIntegration.ql: /Security/CWE/CWE-094
-+ semmlecode-javascript-queries/Security/CWE-020/IncompleteUrlRegExp.ql: /Security/CWE/CWE-020
++ semmlecode-javascript-queries/Security/CWE-020/IncompleteHostnameRegExp.ql: /Security/CWE/CWE-020
 + semmlecode-javascript-queries/Security/CWE-020/IncompleteUrlSubstringSanitization.ql: /Security/CWE/CWE-020
 + semmlecode-javascript-queries/Security/CWE-020/IncorrectSuffixCheck.ql: /Security/CWE/CWE-020
 + semmlecode-javascript-queries/Security/CWE-022/TaintedPath.ql: /Security/CWE/CWE-022

…curity/CWE-020/IncompleteUrlRegExp.qhelp …y/CWE-020/IncompleteHostnameRegExp.qhelpjavascript/ql/src/Security/CWE-020/IncompleteUrlRegExp.qhelp renamed to javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp javascript/ql/src/Security/CWE-020/IncompleteUrlRegExp.qhelp renamed to javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp

@@ -46,7 +46,7 @@
 
 		</p>
 
-		<sample src="examples/IncompleteUrlRegExp.js"/>
+		<sample src="examples/IncompleteHostnameRegExp.js"/>
 
 		<p>
 

…/Security/CWE-020/IncompleteUrlRegExp.ql …rity/CWE-020/IncompleteHostnameRegExp.qljavascript/ql/src/Security/CWE-020/IncompleteUrlRegExp.ql renamed to javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql javascript/ql/src/Security/CWE-020/IncompleteUrlRegExp.ql renamed to javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql

@@ -1,24 +1,24 @@
 /**
- * @name Incomplete URL regular expression
- * @description Using a regular expression that contains an 'any character' may match more URLs than expected.
+ * @name Incomplete regular expression for hostnames
+ * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more than expected.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @precision high
- * @id js/incomplete-url-regexp
+ * @id js/incomplete-hostname-regexp
  * @tags correctness
  *       security
  *       external/cwe/cwe-20
  */
 
 import javascript
 
-module IncompleteUrlRegExpTracking {
+module IncompleteHostnameRegExpTracking {
 
   /**
-   * A taint tracking configuration for incomplete URL regular expressions sources.
+   * A taint tracking configuration for incomplete hostname regular expressions sources.
    */
   class Configuration extends TaintTracking::Configuration {
-    Configuration() { this = "IncompleteUrlRegExpTracking" }
+    Configuration() { this = "IncompleteHostnameRegExpTracking" }
 
     override
     predicate isSource(DataFlow::Node source) {
@@ -53,7 +53,7 @@ from Expr e, string pattern, string hostPart
 where
       (
         e.(RegExpLiteral).getValue() = pattern or
-        exists (IncompleteUrlRegExpTracking::Configuration cfg |
+        exists (IncompleteHostnameRegExpTracking::Configuration cfg |
           cfg.hasFlow(e.flow(), _) and
           e.mayHaveStringValue(pattern)
         )

…/CWE-020/examples/IncompleteUrlRegExp.js …020/examples/IncompleteHostnameRegExp.jsjavascript/ql/src/Security/CWE-020/examples/IncompleteUrlRegExp.js renamed to javascript/ql/src/Security/CWE-020/examples/IncompleteHostnameRegExp.js javascript/ql/src/Security/CWE-020/examples/IncompleteUrlRegExp.js renamed to javascript/ql/src/Security/CWE-020/examples/IncompleteHostnameRegExp.js

@@ -0,0 +1,21 @@
+| tst-IncompleteHostnameRegExp.js:3:2:3:28 | /http:\\ ... le.com/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:5:2:5:28 | /http:\\ ... le.net/ | This regular expression has an unescaped '.' before 'example.net', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:6:2:6:42 | /http:\\ ... b).com/ | This regular expression has an unescaped '.' before '(example-a\|example-b).com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:11:13:11:37 | "http:/ ... le.com" | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:12:10:12:34 | "http:/ ... le.com" | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:15:22:15:46 | "http:/ ... le.com" | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:17:13:17:31 | `test.example.com$` | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:17:14:17:30 | test.example.com$ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:19:17:19:34 | 'test.example.com' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:22:27:22:44 | 'test.example.com' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:28:22:28:39 | 'test.example.com' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:37:2:37:54 | /^(http ... =$\|\\/)/ | This regular expression has an unescaped '.' before ')?example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:38:2:38:44 | /^(http ... p\\/f\\// | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:39:2:39:34 | /\\(http ... m\\/\\)/g | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:40:2:40:29 | /https? ... le.com/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:41:13:41:68 | '^http: ... e\\.com' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:41:41:41:68 | '^https ... e\\.com' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:42:13:42:61 | 'http[s ... \\/(.+)' | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:43:2:43:33 | /^https ... e.com$/ | This regular expression has an unescaped '.' before 'example.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:44:9:44:100 | 'protos ... ernal)' | This regular expression has an unescaped '.' before 'example-b.com', so it might match more hosts than expected. |
+| tst-IncompleteHostnameRegExp.js:46:2:46:26 | /exampl ... le.com/ | This regular expression has an unescaped '.' before 'dev\|example.com', so it might match more hosts than expected. |

javascript/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegExp.expected

@@ -0,0 +1 @@
+Security/CWE-020/IncompleteHostnameRegExp.ql