From ca8ac0c93fbd94aab092ee88e71c1d0f28472293 Mon Sep 17 00:00:00 2001
From: Jami Cogswell <jcogs33@Jamis-MacBook-Pro.local>
Date: Thu, 11 May 2023 12:40:29 -0400
Subject: [PATCH] Java: add comment about request-forgery sinks

---
 java/ql/lib/semmle/code/java/security/HttpsUrls.qll | 1 +
 1 file changed, 1 insertion(+)

diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
index 23ccb306a16..07435889fd9 100644
--- a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
+++ b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
@@ -30,6 +30,7 @@ class HttpStringLiteral extends StringLiteral {
 abstract class UrlOpenSink extends DataFlow::Node { }
 
 private class DefaultUrlOpenSink extends UrlOpenSink {
+  // request-forgery sinks control the URL of a request
   DefaultUrlOpenSink() { sinkNode(this, "request-forgery") }
 }