JavaScript: Fix regexes for escaping schemes.

javascript/ql/src/Security/CWE-116/DoubleEscaping.ql

@@ -54,11 +54,11 @@ DataFlow::Node getASimplePredecessor(DataFlow::Node nd) {
  * into a form described by regular expression `regex`.
  */
 predicate escapingScheme(string metachar, string regex) {
-  metachar = "&" and regex = "&.*;"
+  metachar = "&" and regex = "&.+;"
   or
-  metachar = "%" and regex = "%.*"
+  metachar = "%" and regex = "%.+"
   or
-  metachar = "\\" and regex = "\\\\.*"
+  metachar = "\\" and regex = "\\\\.+"
 }
 
 /**

javascript/ql/test/query-tests/Security/CWE-116/DoubleEscaping/tst.js

@@ -78,3 +78,8 @@ function badEncodeWithReplacer(s) {
   };
   return s.replace(/["']/g, (c) => repl[c]).replace(/&/g, "&");
 }
+
+// dubious, but out of scope for this query
+function badRoundtrip(s) {
+  return s.replace(/\\\\/g, "\\").replace(/\\/g, "\\\\");
+}