From 3333e7d186d9360ff95c63aabee2e1cf64dd8b30 Mon Sep 17 00:00:00 2001
From: Chris Smowton <smowton@github.com>
Date: Wed, 14 Apr 2021 13:07:57 +0100
Subject: [PATCH] Java SSRF query: sanitize primitives

Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.
---
 java/ql/src/Security/CWE/CWE-918/RequestForgery.qll | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/java/ql/src/Security/CWE/CWE-918/RequestForgery.qll b/java/ql/src/Security/CWE/CWE-918/RequestForgery.qll
index 7a90e1172e1..370ceb8fe1c 100644
--- a/java/ql/src/Security/CWE/CWE-918/RequestForgery.qll
+++ b/java/ql/src/Security/CWE/CWE-918/RequestForgery.qll
@@ -199,6 +199,10 @@ private class SpringRestTemplateUrlMethods extends Method {
 /** A sanitizer for request forgery vulnerabilities. */
 abstract class RequestForgerySanitizer extends DataFlow::Node { }
 
+private class PrimitiveSanitizer extends RequestForgerySanitizer {
+  PrimitiveSanitizer() { this.getType() instanceof PrimitiveType }
+}
+
 private class HostnameSanitizingPrefix extends CompileTimeConstantExpr {
   int offset;