add comment about regexp detected by js/polynomial-redos

Author: erik-krogh

javascript/ql/src/Performance/ReDoS.ql

@@ -195,7 +195,7 @@ predicate isFork(State q, InputSymbol s1, InputSymbol s2, State r1, State r2) {
     // (every epsilon-loop must contain such a state).
     //
     // We additionally require that the there exists another InfiniteRepetitionQuantifier `mid` on the path from `q` to itself.
-    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime.
+    // This is done to avoid flagging regular expressions such as `/(a?)*b/` - that only has polynomial runtime, and is detected by `js/polynomial-redos`.
     // The below code is therefore a heuritic, that only flags regular expressions such as `/(a*)*b/`,
     // and does not flag regular expressions such as `/(a?b?)c/`, but the latter pattern is not used frequently.
     r1 = r2 and