False positive for go/incomplete-hostname-regexp and \Q

[AlekSi]

Description of the false positive

var todoRE = regexp.MustCompile(`^// TODO (\Qhttps://github.com/FerretDB/\E([-\w]+)/issues/(\d+))$`)

That line is annotated with: "This regular expression has an unescaped dot before 'com', so it might match more hosts than expected when the regular expression is used."

What it misses is \Q...\E escape syntax.

Code samples or links to source code

https://github.com/FerretDB/FerretDB/blob/ea9c5bda8f3f80a9263e006995d4257084a600a5/tools/checkcomments/checkcomments.go#L32

URL to the alert on GitHub code scanning (optional)

https://github.com/FerretDB/FerretDB/security/code-scanning/9

[jketema]

Hi @AlekSi,

Thank you for this false positive report. Resolving false positives is currently not a priority for us, but we hereby acknowledge the report and will track it internally for future consideration. Note that we also accept external contributions, just in case you want to have a stab at fixing this yourself.