add some request-forgery sanitizers, inspired from C#

java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected

@@ -6,6 +6,7 @@ edges
 | mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance |  |
 | mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance |  |
 nodes
+| UrlRedirect2.java:27:25:27:54 | getParameter(...) | semmle.label | getParameter(...) |
 | UrlRedirect.java:23:25:23:54 | getParameter(...) | semmle.label | getParameter(...) |
 | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | semmle.label | weakCleanup(...) |
 | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | semmle.label | getParameter(...) : String |
@@ -20,6 +21,7 @@ nodes
 subpaths
 | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) |
 #select
+| UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect2.java:27:25:27:54 | getParameter(...) | user-provided value |
 | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:23:25:23:54 | getParameter(...) | user-provided value |
 | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:32:37:32:66 | getParameter(...) | user-provided value |
 | UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | UrlRedirect.java:39:34:39:63 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:39:34:39:63 | getParameter(...) | user-provided value |

java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect2.java

@@ -0,0 +1,52 @@
+// Test case for
+// CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
+// http://cwe.mitre.org/data/definitions/601.html
+
+package test.cwe601.cwe.examples;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.List;
+import java.net.URI;
+import java.net.URISyntaxException;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+public class UrlRedirect2 extends HttpServlet {
+  private static final List<String> VALID_REDIRECTS = Arrays.asList(
+    "http://cwe.mitre.org/data/definitions/601.html",
+    "http://cwe.mitre.org/data/definitions/79.html"
+  );
+
+	protected void doGet(HttpServletRequest request, HttpServletResponse response)
+	throws ServletException, IOException {
+		// BAD: a request parameter is incorporated without validation into a URL redirect
+		response.sendRedirect(request.getParameter("target"));
+
+    // GOOD: the request parameter is validated against a known list of strings
+    String target = request.getParameter("target");
+    if (VALID_REDIRECTS.contains(target)) {
+        response.sendRedirect(target);
+    }
+
+    try {
+      String urlString = request.getParameter("page");
+      URI url = new URI(urlString);
+
+      if (!url.isAbsolute()) {
+        // GOOD: The redirect is to a relative URL
+        response.sendRedirect(url.toString());
+      }
+
+      if ("example.org".equals(url.getHost())) {
+        // GOOD: The redirect is to a known host
+        response.sendRedirect(url.toString());
+      }
+    } catch (URISyntaxException e) {
+        // handle exception
+    }
+	}
+}