MistypedExponentiation: Add a heuristic to reduce FPs

ql/src/InconsistentCode/MistypedExponentiation.ql

@@ -32,6 +32,10 @@ where
     exists(Ident id | id = xe.getRightOperand() |
       id.getName().regexpMatch("(?i)_*((exp(onent)?)|pow(er)?)")
     )
+  ) and
+  // exclude the right hand side of assignments to variables that have "mask" in their name
+  not exists(Assignment assign | assign.getRhs() = xe.getParent*() |
+    assign.getLhs().getAChild*().(Ident).getName().regexpMatch(".*(^m|M)ask($|\\p{Lu}).*")
   )
 select xe,
   "This expression uses the bitwise exclusive-or operator when exponentiation was likely meant."

ql/test/query-tests/InconsistentCode/MistypedExponentiation/main.go

@@ -20,6 +20,8 @@ func main() {
 	fmt.Println(253 ^ expectingResponse) // OK
 	fmt.Println(2 ^ power)               // Not OK
 
+	mask := (((1 << 10) - 1) ^ 7) // OK
+
 	// This is not ok, but isn't detected because the multiplication binds tighter
 	// than the xor operator and so the query doesn't see a constant on the left
 	// hand side of ^.