From b147be6fea8a9709b057431c7c277ae5328ee2dc Mon Sep 17 00:00:00 2001
From: Remco Vermeulen <rvermeulen@users.noreply.github.com>
Date: Thu, 9 Jul 2020 15:13:18 +0200
Subject: [PATCH] Restrict SafeHeaderSplittingSource to RemoteFlowSource

---
 java/ql/src/semmle/code/java/security/ResponseSplitting.qll | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
index 4dcfc435819..02728211e94 100644
--- a/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
+++ b/java/ql/src/semmle/code/java/security/ResponseSplitting.qll
@@ -2,6 +2,7 @@
 
 import java
 import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.FlowSources
 import semmle.code.java.frameworks.Servlets
 import semmle.code.java.frameworks.JaxWS
 
@@ -9,7 +10,9 @@ import semmle.code.java.frameworks.JaxWS
 abstract class HeaderSplittingSink extends DataFlow::Node { }
 
 /** Sources that cannot be used to perform a header splitting attack. */
-abstract class SafeHeaderSplittingSource extends DataFlow::Node { }
+abstract class SafeHeaderSplittingSource extends DataFlow::Node {
+  SafeHeaderSplittingSource() { this instanceof RemoteFlowSource }
+}
 
 /** Servlet and JaxWS sinks susceptible to header splitting. */
 private class ServletHeaderSplittingSink extends HeaderSplittingSink {