Java: add comment about request-forgery sinks

2026-03-05 07:06:47 +01:00 · 2023-05-11 12:40:29 -04:00
parent 9853a66b32
commit ca8ac0c93f
1 changed files with 1 additions and 0 deletions
--- a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
+++ b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
@@ -30,6 +30,7 @@ class HttpStringLiteral extends StringLiteral {
 abstract class UrlOpenSink extends DataFlow::Node { }

 private class DefaultUrlOpenSink extends UrlOpenSink {
+  // request-forgery sinks control the URL of a request
  DefaultUrlOpenSink() { sinkNode(this, "request-forgery") }
 }