From 9113469d9dac8220f057600488be56204529c965 Mon Sep 17 00:00:00 2001
From: Erik Krogh Kristensen <erik-krogh@github.com>
Date: Fri, 28 May 2021 09:55:09 +0000
Subject: [PATCH] add ql/rexexp-pattern

---
 .../queries/style/RegexpInsteadOfPattern.ql   | 34 +++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 ql/src/queries/style/RegexpInsteadOfPattern.ql

diff --git a/ql/src/queries/style/RegexpInsteadOfPattern.ql b/ql/src/queries/style/RegexpInsteadOfPattern.ql
new file mode 100644
index 00000000000..69541ed30eb
--- /dev/null
+++ b/ql/src/queries/style/RegexpInsteadOfPattern.ql
@@ -0,0 +1,34 @@
+/**
+ * @name RegexpInsteadOfPattern
+ * @description The `matches` builtin predicate takes a special pattern format as an input, not a regular expression.
+ * @kind problem
+ * @problem.severity warning
+ * @id ql/rexexp-pattern
+ * @precision medium
+ */
+
+import ql
+
+/**
+ * Gets a regular expression pattern that matches the syntax of likely regular expressions.
+ */
+private string getALikelyRegExpPattern() {
+  result = "/.*/[gimuy]{1,5}" or // pattern with at least one flag: /foo/i
+  result = "/\\^.*/[gimuy]{0,5}" or // pattern with anchor: /^foo/
+  result = "/.*\\$/[gimuy]{0,5}" or // pattern with anchor: /foo$/
+  result = "\\^.*\\$" or // pattern body with anchors: ^foo$
+  result = ".*(?<!\\\\)\\\\[dDwWsSB].*" or // contains a builtin character class: \s
+  result = ".*(?<!\\\\)\\\\[\\[\\]()*+?{}|^$.].*" or // contains an escaped meta-character: \(
+  result = ".*\\[\\^?[\\p{Alnum}\\p{Blank}_-]+\\][*+].*" // contains a quantified custom character class: [^a-zA-Z123]+
+}
+
+predicate isMatchesCall(MemberCall c) { c.getMemberName() = "matches" }
+
+from Call c, String arg
+where
+  isMatchesCall(c) and
+  c.getArgument(0) = arg and
+  arg.getValue().regexpMatch(getALikelyRegExpPattern())
+select c,
+  "Argument \"$@\" looks like a reguar expression, but will be interpreted as a SQL 'LIKE' pattern.",
+  arg, arg.getValue()