Description
Description of the false positive
There's a problem with the current implementation of IncompleteHostnameRegExp for Ruby. Specifically, it seems that the rule with report false positives for any X.match(Y) method call where Y is a String and X is any object with a match method.
The rule incorrectly "thinks" that Y is a regex being used for matching, likely because in Ruby's String class has a match method which takes a String parameter for defining the regex:
https://ruby-doc.org/3.2.2/String.html#method-i-match
In other words, the rule doesn't check that X is a known type for which the match method accepts a string argument which is used as a regex, and instead matches on any type for X.
Code samples or links to source code
Please see #13748 which includes a failing test which demonstrates the problem.
URL to the alert on GitHub code scanning (optional)
Can't share it since it's in a private repository 😬