C++: Do something similar with the other three cases.

geoffw0 · geoffw0 · commit 1a416884d4a4 · 2023-01-14T00:09:01.000Z
diff --git a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
@@ -31,9 +31,7 @@ predicate hardCodedAddressOrIP(StringLiteral txt) {
     // Hard-coded ip addresses, such as 127.0.0.1
     s.regexpMatch("\"[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+\"") or
     // Hard-coded addresses such as www.mycompany.com
-    s.matches("\"www.%\"") or
-    s.matches("\"http:%\"") or
-    s.matches("\"https:%\"") or
+    s.regexpMatch("\"(www\\.|http:|https:).*\"") or
     s.regexpMatch("\".*\\.(" + concat(getATopLevelDomain(), "|") + ")\"")
   )
 }

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,7 @@ predicate hardCodedAddressOrIP(StringLiteral txt) {`
`31`	`31`	`// Hard-coded ip addresses, such as 127.0.0.1`
`32`	`32`	`s.regexpMatch("\"[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+\"") or`
`33`	`33`	`// Hard-coded addresses such as www.mycompany.com`
`34`		`- s.matches("\"www.%\"") or`
`35`		`- s.matches("\"http:%\"") or`
`36`		`- s.matches("\"https:%\"") or`
	`34`	`+ s.regexpMatch("\"(www\\.\|http:\|https:).*\"") or`
`37`	`35`	`s.regexpMatch("\".*\\.(" + concat(getATopLevelDomain(), "\|") + ")\"")`
`38`	`36`	`)`
`39`	`37`	`}`