Acknowledge new FPs due to the extractor using U+FFFD for unpaired surrogates

These were already misinterpreted, but the ReDoS code ignored them as they previously appeared to be `?` characters.

Author: smowton

javascript/ql/test/query-tests/Performance/ReDoS/ReDoS.expected

@@ -145,6 +145,8 @@
 | tst.js:257:14:257:116 | (.thisisagoddamnlongstringforstresstestingthequery\|\\sthisisagoddamnlongstringforstresstestingthequery)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of ' thisisagoddamnlongstringforstresstestingthequery'. |
 | tst.js:260:14:260:77 | (thisisagoddamnlongstringforstresstestingthequery\|this\\w+query)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'thisisagoddamnlongstringforstresstestingthequery'. |
 | tst.js:260:68:260:70 | \\w+ | This part of the regular expression may cause exponential backtracking on strings starting with 'this' and containing many repetitions of 'aquerythis'. |
+| tst.js:266:18:266:49 | ([\\uDC66\\uDC67]\|[\\uDC68\\uDC69])* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
+| tst.js:269:18:269:51 | ((\\uDC66\|\\uDC67)\|(\\uDC68\|\\uDC69))* | This part of the regular expression may cause exponential backtracking on strings starting with 'foo' and containing many repetitions of '\ufffd'. |
 | tst.js:272:21:272:22 | b+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'b'. |
 | tst.js:275:38:275:40 | \\s* | This part of the regular expression may cause exponential backtracking on strings starting with '<a a=' and containing many repetitions of '"" a='. |
 | tst.js:281:16:281:17 | a+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a'. |

javascript/ql/test/query-tests/Performance/ReDoS/tst.js

@@ -262,10 +262,10 @@ var bad61 = /(thisisagoddamnlongstringforstresstestingthequery|this\w+query)*-/
 // GOOD
 var good27 = /(thisisagoddamnlongstringforstresstestingthequery|imanotherbutunrelatedstringcomparedtotheotherstring)*-/
 
-// GOOD
+// GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
 var good28 = /foo([\uDC66\uDC67]|[\uDC68\uDC69])*foo/
 
-// GOOD
+// GOOD (but false positive caused by the extractor converting all four unpaired surrogates to \uFFFD)
 var good29 = /foo((\uDC66|\uDC67)|(\uDC68|\uDC69))*foo/
 
 // NOT GOOD (but cannot currently construct a prefix)
@@ -304,10 +304,10 @@ var bad66 = /^ab(c+)+$/;
 // NOT GOOD
 var bad67 = /(\d(\s+)*){20}/;
 
-// GOOD - but we spuriously conclude that a rejecting suffix exists. 
+// GOOD - but we spuriously conclude that a rejecting suffix exists.
 var good36 = /(([^/]|X)+)(\/[^]*)*$/;
 
-// GOOD - but we spuriously conclude that a rejecting suffix exists. 
+// GOOD - but we spuriously conclude that a rejecting suffix exists.
 var good37 = /^((x([^Y]+)?)*(Y|$))/;
 
 // NOT GOOD
@@ -331,7 +331,7 @@ var bad72 = /(c?a?)*b/;
 // NOT GOOD
 var bad73 = /(?:a|a?)+b/;
 
-// NOT GOOD - but not detected. 
+// NOT GOOD - but not detected.
 var bad74 = /(a?b?)*$/;
 
 // NOT GOOD
@@ -357,13 +357,13 @@ var good40 = /(a|b)+/;
 var good41 = /(?:[\s;,"'<>(){}|[\]@=+*]|:(?![/\\]))+/;
 
 // NOT GOOD
-var bad83 = /^((?:a{|-)|\w\{)+X$/; 
-var bad84 = /^((?:a{0|-)|\w\{\d)+X$/; 
-var bad85 = /^((?:a{0,|-)|\w\{\d,)+X$/; 
-var bad86 = /^((?:a{0,2|-)|\w\{\d,\d)+X$/; 
+var bad83 = /^((?:a{|-)|\w\{)+X$/;
+var bad84 = /^((?:a{0|-)|\w\{\d)+X$/;
+var bad85 = /^((?:a{0,|-)|\w\{\d,)+X$/;
+var bad86 = /^((?:a{0,2|-)|\w\{\d,\d)+X$/;
 
-// GOOD: 
-var good42 = /^((?:a{0,2}|-)|\w\{\d,\d\})+X$/; 
+// GOOD:
+var good42 = /^((?:a{0,2}|-)|\w\{\d,\d\})+X$/;
 
 // GOOD
 var good43 = /("[^"]*?"|[^"\s]+)+(?=\s*|\s*$)/g;

javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/DuplicateCharacterInCharacterClass.expected

@@ -1,4 +1,5 @@
 | tst.js:1:4:1:4 | o | Character 'o' is repeated $@ in the same character class. | tst.js:1:5:1:5 | o | here |
+| tst.js:3:3:3:8 | \\uDC3A | Character '\\uDC3A' is repeated $@ in the same character class. | tst.js:3:9:3:14 | \\uDC3C | here |
 | tst.js:4:3:4:3 | ? | Character '?' is repeated $@ in the same character class. | tst.js:4:4:4:4 | ? | here |
 | tst.js:5:3:5:8 | \\u003F | Character '\\u003F' is repeated $@ in the same character class. | tst.js:5:9:5:14 | \\u003f | here |
 | tst.js:6:3:6:8 | \\u003F | Character '\\u003F' is repeated $@ in the same character class. | tst.js:6:9:6:9 | ? | here |

javascript/ql/test/query-tests/RegExp/DuplicateCharacterInCharacterClass/tst.js

@@ -1,6 +1,6 @@
 /[foo]/;
 /[a-zc]/;
-/[\uDC3A\uDC3C]/;
+/[\uDC3A\uDC3C]/; // False positive caused by the extractor converting both unpaired surrogates to \uFFFD
 /[??]/;
 /[\u003F\u003f]/;
 /[\u003F?]/;