Description of the false positive
There's a problem with the current implementation of IncompleteHostnameRegExp for Ruby. Specifically, it seems that the rule with report false positives for any X.match(Y) method call where Y is a String and X is any object with a match method.
The rule incorrectly "thinks" that Y is a regex being used for matching, likely because in Ruby's String class has a match method which takes a String parameter for defining the regex:
https://ruby-doc.org/3.2.2/String.html#method-i-match
In other words, the rule doesn't check that X is a known type for which the match method accepts a string argument which is used as a regex, and instead matches on any type for X.
Code samples or links to source code
Please see #13748 which includes a failing test which demonstrates the problem.
URL to the alert on GitHub code scanning (optional)
Can't share it since it's in a private repository 😬
Description of the false positive
There's a problem with the current implementation of
IncompleteHostnameRegExpfor Ruby. Specifically, it seems that the rule with report false positives for anyX.match(Y)method call whereYis aStringandXis any object with amatchmethod.The rule incorrectly "thinks" that
Yis a regex being used for matching, likely because in Ruby'sStringclass has amatchmethod which takes aStringparameter for defining the regex:https://ruby-doc.org/3.2.2/String.html#method-i-match
In other words, the rule doesn't check that
Xis a known type for which thematchmethod accepts a string argument which is used as a regex, and instead matches on any type forX.Code samples or links to source code
Please see #13748 which includes a failing test which demonstrates the problem.
URL to the alert on GitHub code scanning (optional)
Can't share it since it's in a private repository 😬