queries/security/cwe-020/IncompleteUrlSubstringSanitization.ql