QL: QL: Respond to PR reviews.

ql/src/codeql_ql/ast/internal/Builtins.qll

@@ -1,3 +1,5 @@
+private import codeql_ql.ast.internal.Type
+
 predicate isBuiltinClassless(string sig) {
   sig =
     [
@@ -58,3 +60,8 @@ predicate isBuiltinMember(string qual, string ret, string name, string args) {
 
 bindingset[args]
 string getArgType(string args, int i) { result = args.splitAt(",", i).trim() }
+
+/** The primitive 'string' class in QL. */
+class StringClass extends PrimitiveType {
+  StringClass() { this.getName() = "string" }
+}

ql/src/queries/performance/PrefixSuffixEquality.ql

@@ -10,10 +10,7 @@
 
 import ql
 import codeql_ql.ast.internal.Predicate
-
-class StringClass extends PrimitiveType {
-  StringClass() { this.getName() = "string" }
-}
+import codeql_ql.ast.internal.Builtins
 
 class PrefixPredicate extends BuiltinPredicate {
   PrefixPredicate() { this = any(StringClass sc).getClassPredicate("prefix", 1) }
@@ -35,15 +32,18 @@ class EqFormula extends ComparisonFormula {
   EqFormula() { this.getSymbol() = "=" }
 }
 
+bindingset[s]
+string escape(string s) { result = s.replaceAll("_", "\\\\_").replaceAll("%", "\\\\%") }
+
 pragma[inline]
 string getMessage(Call call, String literal) {
-  call instanceof PrefixPredicateCall and result = ".matches(\"" + literal.getValue() + "%\")"
+  call instanceof PrefixPredicateCall and
+  result = ".matches(\"" + escape(literal.getValue()) + "%\")"
   or
-  call instanceof SuffixPredicateCall and result = ".matches(\"%" + literal.getValue() + "\")"
+  call instanceof SuffixPredicateCall and
+  result = ".matches(\"%" + escape(literal.getValue()) + "\")"
 }
 
 from EqFormula eq, PrefixPredicateCall call, String literal
 where eq.getAnOperand() = call and eq.getAnOperand() = literal
-select eq,
-  "Use " + getMessage(call, literal) + " instead (but be sure to escape " + literal.getValue() +
-    ")."
+select eq, "Use " + getMessage(call, literal) + " instead."