Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks

Java: add more Spring RestTemplate request forgery sinks
2026-02-12 05:01:06 +01:00 · 2026-01-15 14:23:15 +00:00
parent d3fc254e17 97e0b4e9fd
commit a5d9cb179a
4 changed files with 478 additions and 145 deletions
--- a/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md
+++ b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`.
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll
@@ -31,50 +31,55 @@ class SpringWebClient extends Interface {
  }
 }

-/** The method `getForObject` on `org.springframework.web.reactive.function.client.RestTemplate`. */
-class SpringRestTemplateGetForObjectMethod extends Method {
-  SpringRestTemplateGetForObjectMethod() {
+/**
+ * A method on `org.springframework.web.client.RestTemplate`
+ * which has a parameter `uriVariables` (which can have type `Object...` or
+ * `Map<String, ?>`) which contains variables to be expanded into the URL
+ * template in parameter 0.
+ */
+private class SpringRestTemplateMethodWithUriVariablesParameter extends Method {
+  int pos;
+
+  SpringRestTemplateMethodWithUriVariablesParameter() {
    this.getDeclaringType() instanceof SpringRestTemplate and
-    this.hasName("getForObject")
+    this.getParameter(pos).getName() = "uriVariables"
  }
+
+  int getUriVariablesPosition() { result = pos }
 }

-/** A call to the method `getForObject` on `org.springframework.web.reactive.function.client.RestTemplate`. */
-class SpringRestTemplateGetForObjectMethodCall extends MethodCall {
-  SpringRestTemplateGetForObjectMethodCall() {
-    this.getMethod() instanceof SpringRestTemplateGetForObjectMethod
-  }
+/** Gets the first argument of `mc`, if it is a compile-time constant. */
+pragma[inline]
+private CompileTimeConstantExpr getConstantUrl(MethodCall mc) { result = mc.getArgument(0) }

-  /** Gets the first argument, if it is a compile time constant. */
-  CompileTimeConstantExpr getConstantUrl() { result = this.getArgument(0) }
-
-  /**
-   * Holds if the first argument is a compile time constant and it has a
-   * placeholder at offset `offset`, and there are `idx` placeholders that
-   * appear before it.
-   */
-  predicate urlHasPlaceholderAtOffset(int idx, int offset) {
-    exists(
-      this.getConstantUrl()
-          .getStringValue()
-          .replaceAll("\\{", "  ")
-          .replaceAll("\\}", "  ")
-          .regexpFind("\\{[^}]*\\}", idx, offset)
-    )
-  }
+/**
+ * Holds if the first argument of `mc` is a compile-time constant URL template
+ * which has its `idx`-th placeholder at the offset `offset`.
+ */
+pragma[inline]
+private predicate urlHasPlaceholderAtOffset(MethodCall mc, int idx, int offset) {
+  exists(
+    getConstantUrl(mc)
+        .getStringValue()
+        .replaceAll("\\{", "  ")
+        .replaceAll("\\}", "  ")
+        .regexpFind("\\{[^}]*\\}", idx, offset)
+  )
 }

-private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink {
-  SpringWebClientRestTemplateGetForObject() {
-    exists(SpringRestTemplateGetForObjectMethodCall mc, int i |
-      // Note that the first argument is modeled as a request forgery sink
-      // separately. This model is for arguments beyond the first two. There
-      // are two relevant overloads, one with third parameter type `Object...`
-      // and one with third parameter type `Map<String, ?>`. For the latter we
-      // cannot deal with MapValue content easily but there is a default
-      // implicit taint read at sinks that will catch it.
+private class SpringWebClientRestTemplateUriVariable extends RequestForgerySink {
+  SpringWebClientRestTemplateUriVariable() {
+    exists(SpringRestTemplateMethodWithUriVariablesParameter m, MethodCall mc, int i |
+      // Note that the first argument of `m` is modeled as a request forgery
+      // sink separately. This model is for arguments corresponding to the
+      // `uriVariables` parameter. There are always two relevant overloads, one
+      // with parameter type `Object...` and one with parameter type
+      // `Map<String, ?>`. For the latter we cannot deal with MapValue content
+      // easily but there is a default implicit taint read at sinks that will
+      // catch it.
+      mc.getMethod() = m and
      i >= 0 and
-      this.asExpr() = mc.getArgument(i + 2)
+      this.asExpr() = mc.getArgument(m.getUriVariablesPosition() + i)
    |
      // If we can determine that part of mc.getArgument(0) is a hostname
      // sanitizing prefix, then we count how many placeholders occur before it
@@ -83,8 +88,8 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
      // considering the map values as sinks if there is at least one
      // placeholder in the URL before the hostname sanitizing prefix.
      exists(int offset |
-        mc.urlHasPlaceholderAtOffset(i, offset) and
-        offset < mc.getConstantUrl().(HostnameSanitizingPrefix).getOffset()
+        urlHasPlaceholderAtOffset(mc, i, offset) and
+        offset < getConstantUrl(mc).(HostnameSanitizingPrefix).getOffset()
      )
      or
      // If we cannot determine that part of mc.getArgument(0) is a hostname
@@ -94,12 +99,12 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink
      // For the `Map<String, ?>` overload this has the effect of only
      // considering the map values as sinks if there is at least one
      // placeholder in the URL.
-      not mc.getConstantUrl() instanceof HostnameSanitizingPrefix and
-      mc.urlHasPlaceholderAtOffset(i, _)
+      not getConstantUrl(mc) instanceof HostnameSanitizingPrefix and
+      urlHasPlaceholderAtOffset(mc, i, _)
      or
      // If we cannot determine the string value of mc.getArgument(0), then we
      // conservatively consider all arguments as sinks.
-      not exists(mc.getConstantUrl().getStringValue())
+      not exists(getConstantUrl(mc).getStringValue())
    )
  }
 }
--- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected
+++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected
@@ -253,35 +253,91 @@
 | SanitizationTests.java:122:60:122:79 | new URI(...) | SanitizationTests.java:121:94:121:125 | getParameter(...) : String | SanitizationTests.java:122:60:122:79 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:121:94:121:125 | getParameter(...) | user-provided value |
 | SanitizationTests.java:123:25:123:33 | unsafer10 | SanitizationTests.java:121:94:121:125 | getParameter(...) : String | SanitizationTests.java:123:25:123:33 | unsafer10 | Potential server-side request forgery due to a $@. | SanitizationTests.java:121:94:121:125 | getParameter(...) | user-provided value |
 | SpringSSRF.java:32:39:32:59 | ... + ... | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:33:35:33:48 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:35:33:48 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:34:34:34:47 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:34:34:47 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:35:39:35:52 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:39:35:52 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:36:69:36:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:36:69:36:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:37:73:37:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:37:73:37:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:40:69:40:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:69:40:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:42:69:42:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:42:69:42:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:44:41:44:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:41:44:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:45:40:45:62 | new URI(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:40:45:62 | new URI(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:46:42:46:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:42:46:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:47:40:47:53 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:47:40:47:53 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:48:30:48:43 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:48:30:48:43 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:49:33:49:46 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:33:49:46 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:50:41:50:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:50:41:50:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:51:42:51:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:42:51:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:56:44:56:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:44:56:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:58:35:58:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:58:35:58:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:59:35:59:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:59:35:59:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:60:38:60:40 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:38:60:40 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:61:39:61:41 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:61:39:61:41 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:62:37:62:39 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:37:62:39 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:63:36:63:38 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:63:36:63:38 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:64:44:64:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:64:44:64:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:70:49:70:51 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:70:49:70:51 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:71:58:71:60 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:58:71:60 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:72:57:72:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:72:57:72:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:73:66:73:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:66:73:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:74:57:74:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:74:57:74:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
-| SpringSSRF.java:75:66:75:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:75:66:75:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:33:69:33:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:34:73:34:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:35:87:35:100 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:38:69:38:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:69:38:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:40:69:40:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:69:40:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:43:35:43:48 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:44:91:44:104 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:45:95:45:108 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:46:109:46:122 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:49:91:49:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:91:49:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:51:91:51:141 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:91:51:141 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:54:34:54:47 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:55:79:55:92 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:56:83:56:96 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:57:97:57:110 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:60:79:60:107 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:79:60:107 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:62:79:62:129 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:79:62:129 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:65:39:65:52 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:66:69:66:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:67:73:67:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:68:87:68:100 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:71:69:71:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:69:71:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:73:69:73:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:69:73:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:76:41:76:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:77:93:77:106 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:78:97:78:110 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:79:111:79:124 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:82:93:82:121 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:93:82:121 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:84:93:84:143 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:93:84:143 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:87:40:87:62 | new URI(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:40:87:62 | new URI(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:88:92:88:105 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:89:96:89:109 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:89:96:89:109 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:90:110:90:123 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:90:110:90:123 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:93:92:93:120 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:93:92:93:120 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:95:92:95:142 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:95:92:95:142 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:98:42:98:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:99:80:99:93 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:99:80:99:93 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:100:84:100:97 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:100:84:100:97 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:101:98:101:111 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:101:98:101:111 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:104:80:104:108 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:104:80:104:108 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:106:80:106:130 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:106:80:106:130 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:109:40:109:53 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:110:92:110:105 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:110:92:110:105 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:111:96:111:109 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:111:96:111:109 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:112:110:112:123 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:112:110:112:123 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:115:92:115:120 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:115:92:115:120 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:117:92:117:142 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:117:92:117:142 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:120:30:120:43 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:121:68:121:81 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:121:68:121:81 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:122:72:122:85 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:122:72:122:85 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:123:86:123:99 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:123:86:123:99 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:126:68:126:96 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:126:68:126:96 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:128:68:128:118 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:128:68:128:118 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:131:33:131:46 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:132:49:132:62 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:132:49:132:62 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:133:53:133:66 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:133:53:133:66 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:134:67:134:80 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:134:67:134:80 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:137:49:137:77 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:137:49:137:77 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:139:49:139:99 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:139:49:139:99 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:142:41:142:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:143:57:143:70 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:143:57:143:70 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:144:61:144:74 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:144:61:144:74 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:145:75:145:88 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:145:75:145:88 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:148:57:148:85 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:148:57:148:85 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:150:57:150:107 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:150:57:150:107 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:153:42:153:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:154:58:154:71 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:154:58:154:71 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:155:62:155:75 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:155:62:155:75 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:156:76:156:89 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:156:76:156:89 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:159:58:159:86 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:159:58:159:86 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:161:58:161:108 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:161:58:161:108 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:168:44:168:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:168:44:168:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:170:35:170:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:170:35:170:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:171:35:171:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:171:35:171:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:172:38:172:40 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:172:38:172:40 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:173:39:173:41 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:173:39:173:41 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:174:37:174:39 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:174:37:174:39 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:175:36:175:38 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:175:36:175:38 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:176:44:176:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:176:44:176:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:182:49:182:51 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:182:49:182:51 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:183:58:183:60 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:183:58:183:60 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:184:57:184:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:184:57:184:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:185:66:185:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:185:66:185:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:186:57:186:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:186:57:186:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
+| SpringSSRF.java:187:66:187:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:187:66:187:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
 | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) | user-provided value |
 | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) : String | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) | user-provided value |
 | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) : String | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) | user-provided value |
@@ -778,45 +834,123 @@ edges
 | SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) : URI | provenance | Config |
 | SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) : URI | provenance | MaD:285 |
 | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | provenance | Src:MaD:277 Sink:MaD:264 |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:35:33:48 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:262 |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:34:34:47 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:263 |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:39:35:52 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:265 |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:36:69:36:82 | fooResourceUrl | provenance | Src:MaD:277  |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:37:73:37:86 | fooResourceUrl | provenance | Src:MaD:277  |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | provenance | Src:MaD:277  |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | provenance | Src:MaD:277  |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:41:44:54 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:268 |
-| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | provenance | Src:MaD:277  |
-| SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | SpringSSRF.java:40:69:40:97 | of(...) | provenance | MaD:289 |
-| SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | SpringSSRF.java:42:69:42:119 | of(...) | provenance | MaD:290 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:45:40:45:62 | new URI(...) | provenance | Config Sink:MaD:269 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:45:40:45:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:46:42:46:55 | fooResourceUrl | provenance | Sink:MaD:270 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:47:40:47:53 | fooResourceUrl | provenance | Sink:MaD:271 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:48:30:48:43 | fooResourceUrl | provenance | Sink:MaD:272 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:49:33:49:46 | fooResourceUrl | provenance | Sink:MaD:261 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:50:41:50:54 | fooResourceUrl | provenance | Sink:MaD:266 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:51:42:51:55 | fooResourceUrl | provenance | Sink:MaD:267 |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | provenance |  |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:56:44:56:46 | uri | provenance | Sink:MaD:255 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:58:35:58:37 | uri | provenance | Sink:MaD:250 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:59:35:59:37 | uri | provenance | Sink:MaD:256 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:60:38:60:40 | uri | provenance | Sink:MaD:249 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:61:39:61:41 | uri | provenance | Sink:MaD:253 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:62:37:62:39 | uri | provenance | Sink:MaD:254 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:63:36:63:38 | uri | provenance | Sink:MaD:251 |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:64:44:64:46 | uri | provenance | Sink:MaD:252 |
-| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:54:27:54:49 | new URI(...) : URI | provenance | Config |
-| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:54:27:54:49 | new URI(...) : URI | provenance | MaD:285 |
-| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | provenance |  |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:70:49:70:51 | uri | provenance | Sink:MaD:243 |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:71:58:71:60 | uri | provenance | Sink:MaD:244 |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:72:57:72:59 | uri | provenance | Sink:MaD:245 |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:73:66:73:68 | uri | provenance | Sink:MaD:247 |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:74:57:74:59 | uri | provenance | Sink:MaD:246 |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:75:66:75:68 | uri | provenance | Sink:MaD:248 |
-| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | SpringSSRF.java:67:27:67:49 | new URI(...) : URI | provenance | Config |
-| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | SpringSSRF.java:67:27:67:49 | new URI(...) : URI | provenance | MaD:285 |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:262 |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:263 |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:265 |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:268 |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | provenance | Src:MaD:277  |
+| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | Config Sink:MaD:269 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:89:96:89:109 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:90:110:90:123 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | provenance | Sink:MaD:270 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:99:80:99:93 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:100:84:100:97 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:101:98:101:111 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | provenance | Sink:MaD:271 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:110:92:110:105 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:111:96:111:109 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:112:110:112:123 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | provenance | Sink:MaD:272 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:121:68:121:81 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:122:72:122:85 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:123:86:123:99 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | provenance | Sink:MaD:261 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:132:49:132:62 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:133:53:133:66 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:134:67:134:80 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | provenance | Sink:MaD:266 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:143:57:143:70 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:144:61:144:74 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:145:75:145:88 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | provenance | Sink:MaD:267 |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:154:58:154:71 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:155:62:155:75 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:156:76:156:89 | fooResourceUrl | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:289 |
+| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:290 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:168:44:168:46 | uri | provenance | Sink:MaD:255 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:170:35:170:37 | uri | provenance | Sink:MaD:250 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:171:35:171:37 | uri | provenance | Sink:MaD:256 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:172:38:172:40 | uri | provenance | Sink:MaD:249 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:173:39:173:41 | uri | provenance | Sink:MaD:253 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:174:37:174:39 | uri | provenance | Sink:MaD:254 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:175:36:175:38 | uri | provenance | Sink:MaD:251 |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:176:44:176:46 | uri | provenance | Sink:MaD:252 |
+| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | Config |
+| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | MaD:285 |
+| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | provenance |  |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:182:49:182:51 | uri | provenance | Sink:MaD:243 |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:183:58:183:60 | uri | provenance | Sink:MaD:244 |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:184:57:184:59 | uri | provenance | Sink:MaD:245 |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:185:66:185:68 | uri | provenance | Sink:MaD:247 |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:186:57:186:59 | uri | provenance | Sink:MaD:246 |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:187:66:187:68 | uri | provenance | Sink:MaD:248 |
+| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | Config |
+| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | MaD:285 |
 | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:17:31:17:33 | url : String | provenance | Src:MaD:277  |
 | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | URLClassLoaderSSRF.java:18:74:18:76 | uri : URI | provenance |  |
 | URLClassLoaderSSRF.java:17:31:17:33 | url : String | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | provenance | Config |
@@ -1683,42 +1817,120 @@ nodes
 | SanitizationTests.java:123:25:123:33 | unsafer10 | semmle.label | unsafer10 |
 | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 | SpringSSRF.java:32:39:32:59 | ... + ... | semmle.label | ... + ... |
-| SpringSSRF.java:33:35:33:48 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:34:34:34:47 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:35:39:35:52 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:36:69:36:82 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:37:73:37:86 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:40:69:40:97 | of(...) | semmle.label | of(...) |
-| SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
-| SpringSSRF.java:42:69:42:119 | of(...) | semmle.label | of(...) |
-| SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
-| SpringSSRF.java:44:41:44:54 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:45:40:45:62 | new URI(...) | semmle.label | new URI(...) |
-| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
-| SpringSSRF.java:46:42:46:55 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:47:40:47:53 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:48:30:48:43 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:49:33:49:46 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:50:41:50:54 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:51:42:51:55 | fooResourceUrl | semmle.label | fooResourceUrl |
-| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | semmle.label | new URI(...) : URI |
-| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
-| SpringSSRF.java:56:44:56:46 | uri | semmle.label | uri |
-| SpringSSRF.java:58:35:58:37 | uri | semmle.label | uri |
-| SpringSSRF.java:59:35:59:37 | uri | semmle.label | uri |
-| SpringSSRF.java:60:38:60:40 | uri | semmle.label | uri |
-| SpringSSRF.java:61:39:61:41 | uri | semmle.label | uri |
-| SpringSSRF.java:62:37:62:39 | uri | semmle.label | uri |
-| SpringSSRF.java:63:36:63:38 | uri | semmle.label | uri |
-| SpringSSRF.java:64:44:64:46 | uri | semmle.label | uri |
-| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | semmle.label | new URI(...) : URI |
-| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
-| SpringSSRF.java:70:49:70:51 | uri | semmle.label | uri |
-| SpringSSRF.java:71:58:71:60 | uri | semmle.label | uri |
-| SpringSSRF.java:72:57:72:59 | uri | semmle.label | uri |
-| SpringSSRF.java:73:66:73:68 | uri | semmle.label | uri |
-| SpringSSRF.java:74:57:74:59 | uri | semmle.label | uri |
-| SpringSSRF.java:75:66:75:68 | uri | semmle.label | uri |
+| SpringSSRF.java:33:69:33:82 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:34:73:34:86 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:35:87:35:100 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:38:69:38:97 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:40:69:40:119 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:43:35:43:48 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:44:91:44:104 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:45:95:45:108 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:46:109:46:122 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:49:91:49:119 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:51:91:51:141 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:54:34:54:47 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:55:79:55:92 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:56:83:56:96 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:57:97:57:110 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:60:79:60:107 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:62:79:62:129 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:65:39:65:52 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:66:69:66:82 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:67:73:67:86 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:68:87:68:100 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:71:69:71:97 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:73:69:73:119 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:76:41:76:54 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:77:93:77:106 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:78:97:78:110 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:79:111:79:124 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:82:93:82:121 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:84:93:84:143 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:87:40:87:62 | new URI(...) | semmle.label | new URI(...) |
+| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:88:92:88:105 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:89:96:89:109 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:90:110:90:123 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:93:92:93:120 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:95:92:95:142 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:98:42:98:55 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:99:80:99:93 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:100:84:100:97 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:101:98:101:111 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:104:80:104:108 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:106:80:106:130 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:109:40:109:53 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:110:92:110:105 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:111:96:111:109 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:112:110:112:123 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:115:92:115:120 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:117:92:117:142 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:120:30:120:43 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:121:68:121:81 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:122:72:122:85 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:123:86:123:99 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:126:68:126:96 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:128:68:128:118 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:131:33:131:46 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:132:49:132:62 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:133:53:133:66 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:134:67:134:80 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:137:49:137:77 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:139:49:139:99 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:142:41:142:54 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:143:57:143:70 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:144:61:144:74 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:145:75:145:88 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:148:57:148:85 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:150:57:150:107 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:153:42:153:55 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:154:58:154:71 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:155:62:155:75 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:156:76:156:89 | fooResourceUrl | semmle.label | fooResourceUrl |
+| SpringSSRF.java:159:58:159:86 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:161:58:161:108 | of(...) | semmle.label | of(...) |
+| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | semmle.label | new URI(...) : URI |
+| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:168:44:168:46 | uri | semmle.label | uri |
+| SpringSSRF.java:170:35:170:37 | uri | semmle.label | uri |
+| SpringSSRF.java:171:35:171:37 | uri | semmle.label | uri |
+| SpringSSRF.java:172:38:172:40 | uri | semmle.label | uri |
+| SpringSSRF.java:173:39:173:41 | uri | semmle.label | uri |
+| SpringSSRF.java:174:37:174:39 | uri | semmle.label | uri |
+| SpringSSRF.java:175:36:175:38 | uri | semmle.label | uri |
+| SpringSSRF.java:176:44:176:46 | uri | semmle.label | uri |
+| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | semmle.label | new URI(...) : URI |
+| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String |
+| SpringSSRF.java:182:49:182:51 | uri | semmle.label | uri |
+| SpringSSRF.java:183:58:183:60 | uri | semmle.label | uri |
+| SpringSSRF.java:184:57:184:59 | uri | semmle.label | uri |
+| SpringSSRF.java:185:66:185:68 | uri | semmle.label | uri |
+| SpringSSRF.java:186:57:186:59 | uri | semmle.label | uri |
+| SpringSSRF.java:187:66:187:68 | uri | semmle.label | uri |
 | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
 | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | semmle.label | new URI(...) : URI |
 | URLClassLoaderSSRF.java:17:31:17:33 | url : String | semmle.label | url : String |
--- a/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java
+++ b/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java
@@ -30,25 +30,137 @@ public class SpringSSRF extends HttpServlet {
        HttpEntity<String> request = new HttpEntity<>(new String("bar"));
        try {
            restTemplate.getForEntity(fooResourceUrl + "/1", String.class); // $ Alert
+            restTemplate.getForEntity("http://{foo}", String.class, fooResourceUrl); // $ Alert
+            restTemplate.getForEntity("http://{foo}/a/b", String.class, fooResourceUrl); // $ Alert
+            restTemplate.getForEntity("{protocol}://{foo}/a/b", String.class, "http", fooResourceUrl); // $ Alert
+            restTemplate.getForEntity("http://safe.com/{foo}", String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.getForEntity("http://{foo}", String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.getForEntity("http://safe.com/{foo}", String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.exchange(fooResourceUrl, HttpMethod.POST, request, String.class); // $ Alert
+            restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, fooResourceUrl); // $ Alert
+            restTemplate.exchange("http://{foo}/a/b", HttpMethod.POST, request, String.class, fooResourceUrl); // $ Alert
+            restTemplate.exchange("{protocol}://{foo}/a/b", HttpMethod.POST, request, String.class, "http", fooResourceUrl); // $ Alert
+            restTemplate.exchange("http://safe.com/{foo}", HttpMethod.POST, request, String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.exchange("http://safe.com/{foo}", HttpMethod.POST, request, String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.execute(fooResourceUrl, HttpMethod.POST, null, null, "test"); // $ Alert
+            restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, fooResourceUrl); // $ Alert
+            restTemplate.execute("http://{foo}/a/b", HttpMethod.POST, null, null, fooResourceUrl); // $ Alert
+            restTemplate.execute("{protocol}://{foo}/a/b", HttpMethod.POST, null, null, "http", fooResourceUrl); // $ Alert
+            restTemplate.execute("http://safe.com/{foo}", HttpMethod.POST, null, null, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.execute("http://safe.com/{foo}", HttpMethod.POST, null, null, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.getForObject(fooResourceUrl, String.class, "test"); // $ Alert
            restTemplate.getForObject("http://{foo}", String.class, fooResourceUrl); // $ Alert
            restTemplate.getForObject("http://{foo}/a/b", String.class, fooResourceUrl); // $ Alert
+            restTemplate.getForObject("{protocol}://{foo}/a/b", String.class, "http", fooResourceUrl); // $ Alert
            restTemplate.getForObject("http://safe.com/{foo}", String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
            restTemplate.getForObject("http://{foo}", String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
            restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", fooResourceUrl)); // $ Alert
            restTemplate.getForObject("http://safe.com/{foo}", String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
            restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
            restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.patchForObject(fooResourceUrl, new String("object"), String.class, "hi"); // $ Alert
+            restTemplate.patchForObject("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.patchForObject("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.patchForObject("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert
+            restTemplate.patchForObject("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.patchForObject("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.patchForObject("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.postForEntity(new URI(fooResourceUrl), new String("object"), String.class); // $ Alert
+            restTemplate.postForEntity("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.postForEntity("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.postForEntity("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert
+            restTemplate.postForEntity("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.postForEntity("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.postForEntity("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.postForLocation(fooResourceUrl, new String("object")); // $ Alert
+            restTemplate.postForLocation("http://{foo}", new String("object"), fooResourceUrl); // $ Alert
+            restTemplate.postForLocation("http://{foo}/a/b", new String("object"), fooResourceUrl); // $ Alert
+            restTemplate.postForLocation("{protocol}://{foo}/a/b", new String("object"), "http", fooResourceUrl); // $ Alert
+            restTemplate.postForLocation("http://safe.com/{foo}", new String("object"), fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.postForLocation("http://{foo}", new String("object"), "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.postForLocation("http://safe.com/{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.postForObject(fooResourceUrl, new String("object"), String.class); // $ Alert
+            restTemplate.postForObject("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.postForObject("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert
+            restTemplate.postForObject("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert
+            restTemplate.postForObject("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.postForObject("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.postForObject("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.put(fooResourceUrl, new String("object")); // $ Alert
+            restTemplate.put("http://{foo}", new String("object"), fooResourceUrl); // $ Alert
+            restTemplate.put("http://{foo}/a/b", new String("object"), fooResourceUrl); // $ Alert
+            restTemplate.put("{protocol}://{foo}/a/b", new String("object"), "http", fooResourceUrl); // $ Alert
+            restTemplate.put("http://safe.com/{foo}", new String("object"), fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.put("http://{foo}", new String("object"), "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.put("http://{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.put("http://safe.com/{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.put("http://{foo}", new String("object"), Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.put("http://{foo}", new String("object"), Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.delete(fooResourceUrl); // $ Alert
+            restTemplate.delete("http://{foo}", fooResourceUrl); // $ Alert
+            restTemplate.delete("http://{foo}/a/b", fooResourceUrl); // $ Alert
+            restTemplate.delete("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert
+            restTemplate.delete("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.delete("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.delete("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.delete("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.delete("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.delete("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.headForHeaders(fooResourceUrl); // $ Alert
+            restTemplate.headForHeaders("http://{foo}", fooResourceUrl); // $ Alert
+            restTemplate.headForHeaders("http://{foo}/a/b", fooResourceUrl); // $ Alert
+            restTemplate.headForHeaders("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert
+            restTemplate.headForHeaders("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.headForHeaders("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.headForHeaders("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.headForHeaders("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.headForHeaders("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.headForHeaders("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            restTemplate.optionsForAllow(fooResourceUrl); // $ Alert
+            restTemplate.optionsForAllow("http://{foo}", fooResourceUrl); // $ Alert
+            restTemplate.optionsForAllow("http://{foo}/a/b", fooResourceUrl); // $ Alert
+            restTemplate.optionsForAllow("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert
+            restTemplate.optionsForAllow("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host
+            restTemplate.optionsForAllow("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused
+            restTemplate.optionsForAllow("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert
+            restTemplate.optionsForAllow("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host
+            restTemplate.optionsForAllow("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused
+            restTemplate.optionsForAllow("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key
+
            {
                String body = new String("body");
                URI uri = new URI(fooResourceUrl);