rename query to overly-large-range, and rewrite the @description

config/identical-files.json

@@ -506,11 +506,11 @@
     "python/ql/lib/semmle/python/security/BadTagFilterQuery.qll",
     "ruby/ql/lib/codeql/ruby/security/BadTagFilterQuery.qll"
   ],
-  "SuspiciousRegexRange Python/JS/Ruby/Java": [
-    "javascript/ql/lib/semmle/javascript/security/SuspiciousRegexpRangeQuery.qll",
-    "python/ql/lib/semmle/python/security/SuspiciousRegexpRangeQuery.qll",
-    "ruby/ql/lib/codeql/ruby/security/SuspiciousRegexpRangeQuery.qll",
-    "java/ql/lib/semmle/code/java/security/SuspiciousRegexpRangeQuery.qll"
+  "OverlyLargeRange Python/JS/Ruby/Java": [
+    "javascript/ql/lib/semmle/javascript/security/OverlyLargeRangeQuery.qll",
+    "python/ql/lib/semmle/python/security/OverlyLargeRangeQuery.qll",
+    "ruby/ql/lib/codeql/ruby/security/OverlyLargeRangeQuery.qll",
+    "java/ql/lib/semmle/code/java/security/OverlyLargeRangeQuery.qll"
   ],
   "CFG": [
     "csharp/ql/lib/semmle/code/csharp/controlflow/internal/ControlFlowGraphImplShared.qll",

java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql

@@ -1,17 +1,18 @@
 /**
- * @name Suspicious regexp range
- * @description Some ranges in regular expression might match more than intended.
+ * @name Overly large regular expression range
+ * @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
+ *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
  * @security-severity 5.0
  * @precision high
- * @id java/suspicious-regexp-range
+ * @id java/overly-large-range
  * @tags correctness
  *       security
  *       external/cwe/cwe-020
  */
 
-import semmle.code.java.security.SuspiciousRegexpRangeQuery
+import semmle.code.java.security.OverlyLargeRangeQuery
 
 RegExpCharacterClass potentialMisparsedCharClass() {
   // nested char classes are currently misparsed

java/ql/test/query-tests/security/CWE-020/OverlyLargeRangeQuery.qlref

@@ -0,0 +1 @@
+Security/CWE/CWE-020/OverlyLargeRange.ql

java/ql/test/query-tests/security/CWE-020/SuspiciousRegexpRange.qlref

@@ -1 +0,0 @@
-Security/CWE/CWE-020/SuspiciousRegexpRange.ql

javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Overly large regular expression range
+ * @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
+ *              This may allow an attacker to bypass a filter or sanitizer.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 5.0
+ * @precision high
+ * @id js/overly-large-range
+ * @tags correctness
+ *       security
+ *       external/cwe/cwe-020
+ */
+
+import semmle.javascript.security.OverlyLargeRangeQuery
+
+from RegExpCharacterRange range, string reason
+where problem(range, reason)
+select range, "Suspicious character range that " + reason + "."

javascript/ql/src/Security/CWE-020/SuspiciousRegexpRange.ql

@@ -1,18 +0,0 @@
-/**
- * @name Suspicious regexp range
- * @description Some ranges in regular expression might match more than intended.
- * @kind problem
- * @problem.severity warning
- * @security-severity 5.0
- * @precision high
- * @id js/suspicious-regexp-range
- * @tags correctness
- *       security
- *       external/cwe/cwe-020
- */
-
-import semmle.javascript.security.SuspiciousRegexpRangeQuery
-
-from RegExpCharacterRange range, string reason
-where problem(range, reason)
-select range, "Suspicious character range that " + reason + "."

javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref

@@ -0,0 +1 @@
+Security/CWE-020/OverlyLargeRange.ql

javascript/ql/test/query-tests/Security/CWE-020/SuspiciousRegexpRange/SuspiciousRegexpRange.qlref

@@ -1 +0,0 @@
-Security/CWE-020/SuspiciousRegexpRange.ql

python/ql/src/Security/CWE-020/OverlyLargeRange.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Overly large regular expression range
+ * @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
+ *              This may allow an attacker to bypass a filter or sanitizer.
+ * @kind problem
+ * @problem.severity warning
+ * @security-severity 5.0
+ * @precision high
+ * @id py/overly-large-range
+ * @tags correctness
+ *       security
+ *       external/cwe/cwe-020
+ */
+
+import semmle.python.security.OverlyLargeRangeQuery
+
+from RegExpCharacterRange range, string reason
+where problem(range, reason)
+select range, "Suspicious character range that " + reason + "."

python/ql/src/Security/CWE-020/SuspiciousRegexpRange.ql

@@ -1,18 +0,0 @@
-/**
- * @name Suspicious regexp range
- * @description Some ranges in regular expression might match more than intended.
- * @kind problem
- * @problem.severity warning
- * @security-severity 5.0
- * @precision high
- * @id py/suspicious-regexp-range
- * @tags correctness
- *       security
- *       external/cwe/cwe-020
- */
-
-import semmle.python.security.SuspiciousRegexpRangeQuery
-
-from RegExpCharacterRange range, string reason
-where problem(range, reason)
-select range, "Suspicious character range that " + reason + "."

python/ql/test/query-tests/Security/CWE-020-SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref

@@ -0,0 +1 @@
+Security/CWE-020/OverlyLargeRange.ql

python/ql/test/query-tests/Security/CWE-020-SuspiciousRegexpRange/SuspiciousRegexpRange.qlref

@@ -1 +0,0 @@
-Security/CWE-020/SuspiciousRegexpRange.ql

ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql

@@ -1,17 +1,18 @@
 /**
- * @name Suspicious regexp range
- * @description Some ranges in regular expression might match more than intended.
+ * @name Overly large regular expression range
+ * @description Overly permissive regular expression ranges may cause regular expressions to match more than anticipated.
+ *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
  * @security-severity 5.0
  * @precision high
- * @id rb/suspicious-regexp-range
+ * @id rb/overly-large-range
  * @tags correctness
  *       security
  *       external/cwe/cwe-020
  */
 
-import codeql.ruby.security.SuspiciousRegexpRangeQuery
+import codeql.ruby.security.OverlyLargeRangeQuery
 
 RegExpCharacterClass potentialMisparsedCharClass() {
   // some escapes, e.g. [\000-\037] are currently misparsed.

ruby/ql/test/query-tests/security/cwe-020/SuspiciousRegexpRange/OverlyLargeRangeQuery.qlref

@@ -0,0 +1 @@
+queries/security/cwe-020/OverlyLargeRange.ql

ruby/ql/test/query-tests/security/cwe-020/SuspiciousRegexpRange/SuspiciousRegexpRange.qlref

@@ -1 +0,0 @@
-queries/security/cwe-020/SuspiciousRegexpRange.ql