From 8710e63011121f1fd15233d9f816cc5eceb40ef0 Mon Sep 17 00:00:00 2001
From: MarkLee131 <kaixuan.li@ntu.edu.sg>
Date: Sun, 3 May 2026 14:14:15 +0800
Subject: [PATCH] Update java/ql/lib/ext/javax.servlet.model.yml

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
---
 java/ql/lib/ext/javax.servlet.model.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml
index 19a6690858e..3d4a580edfc 100644
--- a/java/ql/lib/ext/javax.servlet.model.yml
+++ b/java/ql/lib/ext/javax.servlet.model.yml
@@ -13,7 +13,7 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["javax.servlet", "ServletContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["javax.servlet", "ServletContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection[read]", "manual"]
       - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"]
       - ["javax.servlet", "ServletContext", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"]
       - ["javax.servlet", "ServletRequest", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"]