Java: convert RequestForgery test to .qlref

2026-05-05 05:35:13 +02:00 · 2025-06-24 11:28:40 +02:00
parent 7f05b72e10
commit aac4f63e9a
14 changed files with 2200 additions and 390 deletions
--- a/java/ql/test/query-tests/security/CWE-918/JakartaWsSSRF.java
+++ b/java/ql/test/query-tests/security/CWE-918/JakartaWsSSRF.java
@@ -11,8 +11,8 @@ public class JakartaWsSSRF extends HttpServlet {
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        Client client = ClientBuilder.newClient();
-        String url = request.getParameter("url");
-        client.target(url); // $ SSRF
+        String url = request.getParameter("url"); // $ Source
+        client.target(url); // $ Alert
    }

 }