Java: update open/jdbc-url sink kinds to request-forgery

2026-04-25 00:35:20 +02:00 · 2023-05-31 15:50:31 -04:00
parent cb10f4976b
commit 5dbb698481
50 changed files with 395 additions and 396 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.qll
@@ -89,7 +89,7 @@ class GetVirtualFileChildMethod extends Method {
 /** An argument to `getResource()` or `getResourceAsStream()`. */
 private class GetResourceSink extends UnsafeUrlForwardSink {
  GetResourceSink() {
-    sinkNode(this, "open-url")
+    sinkNode(this, "request-forgery")
    or
    sinkNode(this, "get-resource")
    or