hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve StringBuilder append chain tracking

Browse Source 
Previously this didn't catch the case of constructors chaining directly into appends, like `StringBuilder sb = new StringBuilder("1").append("2")`
This commit is contained in:
Chris Smowton
2021-06-08 12:43:23 +01:00
parent 5b25694a52
commit 55c72cebf2
3 changed files with 183 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
java/ql/test/query-tests/security/CWE-918/RequestForgery.expected
View File

@@ -14,27 +14,36 @@ edges
| RequestForgery.java:19:23:19:58 | new URI(...) : URI | RequestForgery.java:22:52:22:54 | uri |
| RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:19:23:19:58 | new URI(...) : URI |
| RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:22:52:22:54 | uri |
| RequestForgery.java:59:33:59:63 | getParameter(...) : String | RequestForgery.java:60:59:60:77 | new URI(...) |
| RequestForgery.java:59:33:59:63 | getParameter(...) : String | RequestForgery.java:60:67:60:76 | unsafeUri3 : String |
| RequestForgery.java:60:67:60:76 | unsafeUri3 : String | RequestForgery.java:60:59:60:77 | new URI(...) |
| RequestForgery.java:63:49:63:79 | getParameter(...) : String | RequestForgery.java:64:59:64:77 | new URI(...) |
| RequestForgery.java:63:49:63:79 | getParameter(...) : String | RequestForgery.java:64:67:64:76 | unsafeUri4 : String |
| RequestForgery.java:64:67:64:76 | unsafeUri4 : String | RequestForgery.java:64:59:64:77 | new URI(...) |
| RequestForgery.java:68:31:68:61 | getParameter(...) : String | RequestForgery.java:69:59:69:88 | new URI(...) |
| RequestForgery.java:68:31:68:61 | getParameter(...) : String | RequestForgery.java:69:67:69:87 | toString(...) : String |
| RequestForgery.java:69:67:69:87 | toString(...) : String | RequestForgery.java:69:59:69:88 | new URI(...) |
| RequestForgery.java:72:73:72:103 | getParameter(...) : String | RequestForgery.java:73:59:73:77 | new URI(...) |
| RequestForgery.java:72:73:72:103 | getParameter(...) : String | RequestForgery.java:73:67:73:76 | unsafeUri6 : String |
| RequestForgery.java:73:67:73:76 | unsafeUri6 : String | RequestForgery.java:73:59:73:77 | new URI(...) |
| RequestForgery.java:76:56:76:86 | getParameter(...) : String | RequestForgery.java:77:59:77:77 | new URI(...) |
| RequestForgery.java:76:56:76:86 | getParameter(...) : String | RequestForgery.java:77:67:77:76 | unsafeUri7 : String |
| RequestForgery.java:77:67:77:76 | unsafeUri7 : String | RequestForgery.java:77:59:77:77 | new URI(...) |
| RequestForgery.java:80:55:80:85 | getParameter(...) : String | RequestForgery.java:81:59:81:77 | new URI(...) |
| RequestForgery.java:80:55:80:85 | getParameter(...) : String | RequestForgery.java:81:67:81:76 | unsafeUri8 : String |
| RequestForgery.java:81:67:81:76 | unsafeUri8 : String | RequestForgery.java:81:59:81:77 | new URI(...) |
| RequestForgery.java:84:33:84:63 | getParameter(...) : String | RequestForgery.java:85:59:85:77 | new URI(...) |
| RequestForgery.java:84:33:84:63 | getParameter(...) : String | RequestForgery.java:85:67:85:76 | unsafeUri9 : String |
| RequestForgery.java:85:67:85:76 | unsafeUri9 : String | RequestForgery.java:85:59:85:77 | new URI(...) |
| RequestForgery.java:75:33:75:63 | getParameter(...) : String | RequestForgery.java:76:59:76:77 | new URI(...) |
| RequestForgery.java:75:33:75:63 | getParameter(...) : String | RequestForgery.java:76:67:76:76 | unsafeUri3 : String |
| RequestForgery.java:76:67:76:76 | unsafeUri3 : String | RequestForgery.java:76:59:76:77 | new URI(...) |
| RequestForgery.java:79:49:79:79 | getParameter(...) : String | RequestForgery.java:80:59:80:77 | new URI(...) |
| RequestForgery.java:79:49:79:79 | getParameter(...) : String | RequestForgery.java:80:67:80:76 | unsafeUri4 : String |
| RequestForgery.java:80:67:80:76 | unsafeUri4 : String | RequestForgery.java:80:59:80:77 | new URI(...) |
| RequestForgery.java:84:31:84:61 | getParameter(...) : String | RequestForgery.java:85:59:85:88 | new URI(...) |
| RequestForgery.java:84:31:84:61 | getParameter(...) : String | RequestForgery.java:85:67:85:87 | toString(...) : String |
| RequestForgery.java:85:67:85:87 | toString(...) : String | RequestForgery.java:85:59:85:88 | new URI(...) |
| RequestForgery.java:88:58:88:86 | getParameter(...) : String | RequestForgery.java:90:60:90:89 | new URI(...) |
| RequestForgery.java:88:58:88:86 | getParameter(...) : String | RequestForgery.java:90:68:90:88 | toString(...) : String |
| RequestForgery.java:90:68:90:88 | toString(...) : String | RequestForgery.java:90:60:90:89 | new URI(...) |
| RequestForgery.java:93:60:93:88 | getParameter(...) : String | RequestForgery.java:95:60:95:90 | new URI(...) |
| RequestForgery.java:93:60:93:88 | getParameter(...) : String | RequestForgery.java:95:68:95:89 | toString(...) : String |
| RequestForgery.java:95:68:95:89 | toString(...) : String | RequestForgery.java:95:60:95:90 | new URI(...) |
| RequestForgery.java:98:77:98:105 | getParameter(...) : String | RequestForgery.java:100:60:100:90 | new URI(...) |
| RequestForgery.java:98:77:98:105 | getParameter(...) : String | RequestForgery.java:100:68:100:89 | toString(...) : String |
| RequestForgery.java:100:68:100:89 | toString(...) : String | RequestForgery.java:100:60:100:90 | new URI(...) |
| RequestForgery.java:103:73:103:103 | getParameter(...) : String | RequestForgery.java:104:59:104:77 | new URI(...) |
| RequestForgery.java:103:73:103:103 | getParameter(...) : String | RequestForgery.java:104:67:104:76 | unsafeUri6 : String |
| RequestForgery.java:104:67:104:76 | unsafeUri6 : String | RequestForgery.java:104:59:104:77 | new URI(...) |
| RequestForgery.java:107:56:107:86 | getParameter(...) : String | RequestForgery.java:108:59:108:77 | new URI(...) |
| RequestForgery.java:107:56:107:86 | getParameter(...) : String | RequestForgery.java:108:67:108:76 | unsafeUri7 : String |
| RequestForgery.java:108:67:108:76 | unsafeUri7 : String | RequestForgery.java:108:59:108:77 | new URI(...) |
| RequestForgery.java:111:55:111:85 | getParameter(...) : String | RequestForgery.java:112:59:112:77 | new URI(...) |
| RequestForgery.java:111:55:111:85 | getParameter(...) : String | RequestForgery.java:112:67:112:76 | unsafeUri8 : String |
| RequestForgery.java:112:67:112:76 | unsafeUri8 : String | RequestForgery.java:112:59:112:77 | new URI(...) |
| RequestForgery.java:115:33:115:63 | getParameter(...) : String | RequestForgery.java:116:59:116:77 | new URI(...) |
| RequestForgery.java:115:33:115:63 | getParameter(...) : String | RequestForgery.java:116:67:116:76 | unsafeUri9 : String |
| RequestForgery.java:116:67:116:76 | unsafeUri9 : String | RequestForgery.java:116:59:116:77 | new URI(...) |
| SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:32:47:32:67 | ... + ... |
| SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:37:43:37:56 | fooResourceUrl |
| SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:41:42:41:55 | fooResourceUrl |
@@ -62,27 +71,36 @@ nodes
| RequestForgery.java:19:23:19:58 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| RequestForgery.java:19:31:19:57 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:22:52:22:54 | uri | semmle.label | uri |
| RequestForgery.java:59:33:59:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:60:59:60:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:60:67:60:76 | unsafeUri3 : String | semmle.label | unsafeUri3 : String |
| RequestForgery.java:63:49:63:79 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:64:59:64:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:64:67:64:76 | unsafeUri4 : String | semmle.label | unsafeUri4 : String |
| RequestForgery.java:68:31:68:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:69:59:69:88 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:69:67:69:87 | toString(...) : String | semmle.label | toString(...) : String |
| RequestForgery.java:72:73:72:103 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:73:59:73:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:73:67:73:76 | unsafeUri6 : String | semmle.label | unsafeUri6 : String |
| RequestForgery.java:76:56:76:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:77:59:77:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:77:67:77:76 | unsafeUri7 : String | semmle.label | unsafeUri7 : String |
| RequestForgery.java:80:55:80:85 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:81:59:81:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:81:67:81:76 | unsafeUri8 : String | semmle.label | unsafeUri8 : String |
| RequestForgery.java:84:33:84:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:85:59:85:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:85:67:85:76 | unsafeUri9 : String | semmle.label | unsafeUri9 : String |
| RequestForgery.java:75:33:75:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:76:59:76:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:76:67:76:76 | unsafeUri3 : String | semmle.label | unsafeUri3 : String |
| RequestForgery.java:79:49:79:79 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:80:59:80:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:80:67:80:76 | unsafeUri4 : String | semmle.label | unsafeUri4 : String |
| RequestForgery.java:84:31:84:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:85:59:85:88 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:85:67:85:87 | toString(...) : String | semmle.label | toString(...) : String |
| RequestForgery.java:88:58:88:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:90:60:90:89 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:90:68:90:88 | toString(...) : String | semmle.label | toString(...) : String |
| RequestForgery.java:93:60:93:88 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:95:60:95:90 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:95:68:95:89 | toString(...) : String | semmle.label | toString(...) : String |
| RequestForgery.java:98:77:98:105 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:100:60:100:90 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:100:68:100:89 | toString(...) : String | semmle.label | toString(...) : String |
| RequestForgery.java:103:73:103:103 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:104:59:104:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:104:67:104:76 | unsafeUri6 : String | semmle.label | unsafeUri6 : String |
| RequestForgery.java:107:56:107:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:108:59:108:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:108:67:108:76 | unsafeUri7 : String | semmle.label | unsafeUri7 : String |
| RequestForgery.java:111:55:111:85 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:112:59:112:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:112:67:112:76 | unsafeUri8 : String | semmle.label | unsafeUri8 : String |
| RequestForgery.java:115:33:115:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| RequestForgery.java:116:59:116:77 | new URI(...) | semmle.label | new URI(...) |
| RequestForgery.java:116:67:116:76 | unsafeUri9 : String | semmle.label | unsafeUri9 : String |
| SpringSSRF.java:26:33:26:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SpringSSRF.java:32:47:32:67 | ... + ... | semmle.label | ... + ... |
| SpringSSRF.java:37:43:37:56 | fooResourceUrl | semmle.label | fooResourceUrl |
@@ -104,13 +122,16 @@ nodes
| RequestForgery2.java:67:43:67:45 | uri | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:67:43:67:45 | uri | Potential server-side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value |
| RequestForgery2.java:69:29:69:32 | uri2 | RequestForgery2.java:23:27:23:53 | getParameter(...) : String | RequestForgery2.java:69:29:69:32 | uri2 | Potential server-side request forgery due to $@. | RequestForgery2.java:23:27:23:53 | getParameter(...) | a user-provided value |
| RequestForgery.java:22:52:22:54 | uri | RequestForgery.java:19:31:19:57 | getParameter(...) : String | RequestForgery.java:22:52:22:54 | uri | Potential server-side request forgery due to $@. | RequestForgery.java:19:31:19:57 | getParameter(...) | a user-provided value |
| RequestForgery.java:60:59:60:77 | new URI(...) | RequestForgery.java:59:33:59:63 | getParameter(...) : String | RequestForgery.java:60:59:60:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:59:33:59:63 | getParameter(...) | a user-provided value |
| RequestForgery.java:64:59:64:77 | new URI(...) | RequestForgery.java:63:49:63:79 | getParameter(...) : String | RequestForgery.java:64:59:64:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:63:49:63:79 | getParameter(...) | a user-provided value |
| RequestForgery.java:69:59:69:88 | new URI(...) | RequestForgery.java:68:31:68:61 | getParameter(...) : String | RequestForgery.java:69:59:69:88 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:68:31:68:61 | getParameter(...) | a user-provided value |
| RequestForgery.java:73:59:73:77 | new URI(...) | RequestForgery.java:72:73:72:103 | getParameter(...) : String | RequestForgery.java:73:59:73:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:72:73:72:103 | getParameter(...) | a user-provided value |
| RequestForgery.java:77:59:77:77 | new URI(...) | RequestForgery.java:76:56:76:86 | getParameter(...) : String | RequestForgery.java:77:59:77:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:76:56:76:86 | getParameter(...) | a user-provided value |
| RequestForgery.java:81:59:81:77 | new URI(...) | RequestForgery.java:80:55:80:85 | getParameter(...) : String | RequestForgery.java:81:59:81:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:80:55:80:85 | getParameter(...) | a user-provided value |
| RequestForgery.java:85:59:85:77 | new URI(...) | RequestForgery.java:84:33:84:63 | getParameter(...) : String | RequestForgery.java:85:59:85:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:84:33:84:63 | getParameter(...) | a user-provided value |
| RequestForgery.java:76:59:76:77 | new URI(...) | RequestForgery.java:75:33:75:63 | getParameter(...) : String | RequestForgery.java:76:59:76:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:75:33:75:63 | getParameter(...) | a user-provided value |
| RequestForgery.java:80:59:80:77 | new URI(...) | RequestForgery.java:79:49:79:79 | getParameter(...) : String | RequestForgery.java:80:59:80:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:79:49:79:79 | getParameter(...) | a user-provided value |
| RequestForgery.java:85:59:85:88 | new URI(...) | RequestForgery.java:84:31:84:61 | getParameter(...) : String | RequestForgery.java:85:59:85:88 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:84:31:84:61 | getParameter(...) | a user-provided value |
| RequestForgery.java:90:60:90:89 | new URI(...) | RequestForgery.java:88:58:88:86 | getParameter(...) : String | RequestForgery.java:90:60:90:89 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:88:58:88:86 | getParameter(...) | a user-provided value |
| RequestForgery.java:95:60:95:90 | new URI(...) | RequestForgery.java:93:60:93:88 | getParameter(...) : String | RequestForgery.java:95:60:95:90 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:93:60:93:88 | getParameter(...) | a user-provided value |
| RequestForgery.java:100:60:100:90 | new URI(...) | RequestForgery.java:98:77:98:105 | getParameter(...) : String | RequestForgery.java:100:60:100:90 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:98:77:98:105 | getParameter(...) | a user-provided value |
| RequestForgery.java:104:59:104:77 | new URI(...) | RequestForgery.java:103:73:103:103 | getParameter(...) : String | RequestForgery.java:104:59:104:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:103:73:103:103 | getParameter(...) | a user-provided value |
| RequestForgery.java:108:59:108:77 | new URI(...) | RequestForgery.java:107:56:107:86 | getParameter(...) : String | RequestForgery.java:108:59:108:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:107:56:107:86 | getParameter(...) | a user-provided value |
| RequestForgery.java:112:59:112:77 | new URI(...) | RequestForgery.java:111:55:111:85 | getParameter(...) : String | RequestForgery.java:112:59:112:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:111:55:111:85 | getParameter(...) | a user-provided value |
| RequestForgery.java:116:59:116:77 | new URI(...) | RequestForgery.java:115:33:115:63 | getParameter(...) : String | RequestForgery.java:116:59:116:77 | new URI(...) | Potential server-side request forgery due to $@. | RequestForgery.java:115:33:115:63 | getParameter(...) | a user-provided value |
| SpringSSRF.java:32:47:32:67 | ... + ... | SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:32:47:32:67 | ... + ... | Potential server-side request forgery due to $@. | SpringSSRF.java:26:33:26:60 | getParameter(...) | a user-provided value |
| SpringSSRF.java:37:43:37:56 | fooResourceUrl | SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:37:43:37:56 | fooResourceUrl | Potential server-side request forgery due to $@. | SpringSSRF.java:26:33:26:60 | getParameter(...) | a user-provided value |
| SpringSSRF.java:41:42:41:55 | fooResourceUrl | SpringSSRF.java:26:33:26:60 | getParameter(...) : String | SpringSSRF.java:41:42:41:55 | fooResourceUrl | Potential server-side request forgery due to $@. | SpringSSRF.java:26:33:26:60 | getParameter(...) | a user-provided value |

33
java/ql/test/query-tests/security/CWE-918/RequestForgery.java
View File

@@ -24,7 +24,8 @@ public class RequestForgery extends HttpServlet {
// GOOD: sanitisation by concatenation with a prefix that prevents targeting an arbitrary host.
// We test a few different ways of sanitisation: via string conctentation (perhaps nested),
// via a stringbuilder and via String.format.
// via a stringbuilder (for which we consider appends done in the constructor, chained onto
// the constructor and applied in subsequent statements) and via String.format.
String safeUri3 = "https://example.com/" + request.getParameter("uri3");
HttpRequest r3 = HttpRequest.newBuilder(new URI(safeUri3)).build();
client.send(r3, null);
@@ -38,6 +39,21 @@ public class RequestForgery extends HttpServlet {
HttpRequest r5 = HttpRequest.newBuilder(new URI(safeUri5.toString())).build();
client.send(r5, null);
StringBuilder safeUri5a = new StringBuilder("https://example.com/");
safeUri5a.append(request.getParameter("uri5a"));
HttpRequest r5a = HttpRequest.newBuilder(new URI(safeUri5a.toString())).build();
client.send(r5a, null);
StringBuilder safeUri5b = (new StringBuilder("https://example.com/")).append("dir/");
safeUri5b.append(request.getParameter("uri5b"));
HttpRequest r5b = HttpRequest.newBuilder(new URI(safeUri5b.toString())).build();
client.send(r5b, null);
StringBuilder safeUri5c = (new StringBuilder("prefix")).append("https://example.com/dir/");
safeUri5c.append(request.getParameter("uri5c"));
HttpRequest r5c = HttpRequest.newBuilder(new URI(safeUri5c.toString())).build();
client.send(r5c, null);
String safeUri6 = String.format("https://example.com/%s", request.getParameter("uri6"));
HttpRequest r6 = HttpRequest.newBuilder(new URI(safeUri6)).build();
client.send(r6, null);
@@ -69,6 +85,21 @@ public class RequestForgery extends HttpServlet {
HttpRequest unsafer5 = HttpRequest.newBuilder(new URI(unsafeUri5.toString())).build();
client.send(unsafer5, null);
StringBuilder unafeUri5a = new StringBuilder(request.getParameter("uri5a"));
unafeUri5a.append("https://example.com/");
HttpRequest unsafer5a = HttpRequest.newBuilder(new URI(unafeUri5a.toString())).build();
client.send(unsafer5a, null);
StringBuilder unsafeUri5b = (new StringBuilder(request.getParameter("uri5b"))).append("dir/");
unsafeUri5b.append("https://example.com/");
HttpRequest unsafer5b = HttpRequest.newBuilder(new URI(unsafeUri5b.toString())).build();
client.send(unsafer5b, null);
StringBuilder unsafeUri5c = (new StringBuilder("https")).append(request.getParameter("uri5c"));
unsafeUri5c.append("://example.com/dir/");
HttpRequest unsafer5c = HttpRequest.newBuilder(new URI(unsafeUri5c.toString())).build();
client.send(unsafer5c, null);
String unsafeUri6 = String.format("%shttps://example.com/", request.getParameter("baduri6"));
HttpRequest unsafer6 = HttpRequest.newBuilder(new URI(unsafeUri6)).build();
client.send(unsafer6, null);