Merge pull request #2899 from p-/cwe-036

Java: Calling openStream on URLs created from remote source can lead to file disclosure

java/ql/src/semmle/code/java/frameworks/Networking.qll

@@ -12,6 +12,10 @@ class TypeSocket extends RefType {
   TypeSocket() { hasQualifiedName("java.net", "Socket") }
 }
 
+class TypeUrl extends RefType {
+  TypeUrl() { hasQualifiedName("java.net", "URL") }
+}
+
 class URLConnectionGetInputStreamMethod extends Method {
   URLConnectionGetInputStreamMethod() {
     getDeclaringType() instanceof TypeUrlConnection and