hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add failing test for @Pattern validation

Browse Source
This commit is contained in:
Owen Mansel-Chan
2026-02-12 16:57:04 +00:00
parent 6a8204d28c
commit d0999e3abd
6 changed files with 802 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files

747
java/ql/test/query-tests/security/CWE-918/RequestForgery.expected
View File

@@ -228,30 +228,44 @@
| JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | Potential server-side request forgery due to a $@. | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) | user-provided value |
| ReactiveWebClientSSRF.java:16:52:16:54 | url | ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:16:52:16:54 | url | Potential server-side request forgery due to a $@. | ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) | user-provided value |
| ReactiveWebClientSSRF.java:35:30:35:32 | url | ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:35:30:35:32 | url | Potential server-side request forgery due to a $@. | ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) | user-provided value |
| SanitizationTests.java:24:52:24:54 | uri | SanitizationTests.java:21:31:21:57 | getParameter(...) : String | SanitizationTests.java:24:52:24:54 | uri | Potential server-side request forgery due to a $@. | SanitizationTests.java:21:31:21:57 | getParameter(...) | user-provided value |
| SanitizationTests.java:25:25:25:25 | r | SanitizationTests.java:21:31:21:57 | getParameter(...) : String | SanitizationTests.java:25:25:25:25 | r | Potential server-side request forgery due to a $@. | SanitizationTests.java:21:31:21:57 | getParameter(...) | user-provided value |
| SanitizationTests.java:78:59:78:77 | new URI(...) | SanitizationTests.java:77:33:77:63 | getParameter(...) : String | SanitizationTests.java:78:59:78:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:77:33:77:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:79:25:79:32 | unsafer3 | SanitizationTests.java:77:33:77:63 | getParameter(...) : String | SanitizationTests.java:79:25:79:32 | unsafer3 | Potential server-side request forgery due to a $@. | SanitizationTests.java:77:33:77:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:82:59:82:77 | new URI(...) | SanitizationTests.java:81:49:81:79 | getParameter(...) : String | SanitizationTests.java:82:59:82:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:81:49:81:79 | getParameter(...) | user-provided value |
| SanitizationTests.java:83:25:83:32 | unsafer4 | SanitizationTests.java:81:49:81:79 | getParameter(...) : String | SanitizationTests.java:83:25:83:32 | unsafer4 | Potential server-side request forgery due to a $@. | SanitizationTests.java:81:49:81:79 | getParameter(...) | user-provided value |
| SanitizationTests.java:87:59:87:88 | new URI(...) | SanitizationTests.java:86:31:86:61 | getParameter(...) : String | SanitizationTests.java:87:59:87:88 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:86:31:86:61 | getParameter(...) | user-provided value |
| SanitizationTests.java:88:25:88:32 | unsafer5 | SanitizationTests.java:86:31:86:61 | getParameter(...) : String | SanitizationTests.java:88:25:88:32 | unsafer5 | Potential server-side request forgery due to a $@. | SanitizationTests.java:86:31:86:61 | getParameter(...) | user-provided value |
| SanitizationTests.java:92:60:92:89 | new URI(...) | SanitizationTests.java:90:58:90:86 | getParameter(...) : String | SanitizationTests.java:92:60:92:89 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:90:58:90:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:93:25:93:33 | unsafer5a | SanitizationTests.java:90:58:90:86 | getParameter(...) : String | SanitizationTests.java:93:25:93:33 | unsafer5a | Potential server-side request forgery due to a $@. | SanitizationTests.java:90:58:90:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:97:60:97:90 | new URI(...) | SanitizationTests.java:95:60:95:88 | getParameter(...) : String | SanitizationTests.java:97:60:97:90 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:95:60:95:88 | getParameter(...) | user-provided value |
| SanitizationTests.java:98:25:98:33 | unsafer5b | SanitizationTests.java:95:60:95:88 | getParameter(...) : String | SanitizationTests.java:98:25:98:33 | unsafer5b | Potential server-side request forgery due to a $@. | SanitizationTests.java:95:60:95:88 | getParameter(...) | user-provided value |
| SanitizationTests.java:102:60:102:90 | new URI(...) | SanitizationTests.java:100:77:100:105 | getParameter(...) : String | SanitizationTests.java:102:60:102:90 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:100:77:100:105 | getParameter(...) | user-provided value |
| SanitizationTests.java:103:25:103:33 | unsafer5c | SanitizationTests.java:100:77:100:105 | getParameter(...) : String | SanitizationTests.java:103:25:103:33 | unsafer5c | Potential server-side request forgery due to a $@. | SanitizationTests.java:100:77:100:105 | getParameter(...) | user-provided value |
| SanitizationTests.java:106:59:106:77 | new URI(...) | SanitizationTests.java:105:73:105:103 | getParameter(...) : String | SanitizationTests.java:106:59:106:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:105:73:105:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:107:25:107:32 | unsafer6 | SanitizationTests.java:105:73:105:103 | getParameter(...) : String | SanitizationTests.java:107:25:107:32 | unsafer6 | Potential server-side request forgery due to a $@. | SanitizationTests.java:105:73:105:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:110:59:110:77 | new URI(...) | SanitizationTests.java:109:56:109:86 | getParameter(...) : String | SanitizationTests.java:110:59:110:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:109:56:109:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:111:25:111:32 | unsafer7 | SanitizationTests.java:109:56:109:86 | getParameter(...) : String | SanitizationTests.java:111:25:111:32 | unsafer7 | Potential server-side request forgery due to a $@. | SanitizationTests.java:109:56:109:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:114:59:114:77 | new URI(...) | SanitizationTests.java:113:55:113:85 | getParameter(...) : String | SanitizationTests.java:114:59:114:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:113:55:113:85 | getParameter(...) | user-provided value |
| SanitizationTests.java:115:25:115:32 | unsafer8 | SanitizationTests.java:113:55:113:85 | getParameter(...) : String | SanitizationTests.java:115:25:115:32 | unsafer8 | Potential server-side request forgery due to a $@. | SanitizationTests.java:113:55:113:85 | getParameter(...) | user-provided value |
| SanitizationTests.java:118:59:118:77 | new URI(...) | SanitizationTests.java:117:33:117:63 | getParameter(...) : String | SanitizationTests.java:118:59:118:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:117:33:117:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:119:25:119:32 | unsafer9 | SanitizationTests.java:117:33:117:63 | getParameter(...) : String | SanitizationTests.java:119:25:119:32 | unsafer9 | Potential server-side request forgery due to a $@. | SanitizationTests.java:117:33:117:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:122:60:122:79 | new URI(...) | SanitizationTests.java:121:94:121:125 | getParameter(...) : String | SanitizationTests.java:122:60:122:79 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:121:94:121:125 | getParameter(...) | user-provided value |
| SanitizationTests.java:123:25:123:33 | unsafer10 | SanitizationTests.java:121:94:121:125 | getParameter(...) : String | SanitizationTests.java:123:25:123:33 | unsafer10 | Potential server-side request forgery due to a $@. | SanitizationTests.java:121:94:121:125 | getParameter(...) | user-provided value |
| SanitizationTests.java:25:52:25:54 | uri | SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:25:52:25:54 | uri | Potential server-side request forgery due to a $@. | SanitizationTests.java:22:31:22:57 | getParameter(...) | user-provided value |
| SanitizationTests.java:26:25:26:25 | r | SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:26:25:26:25 | r | Potential server-side request forgery due to a $@. | SanitizationTests.java:22:31:22:57 | getParameter(...) | user-provided value |
| SanitizationTests.java:79:59:79:77 | new URI(...) | SanitizationTests.java:78:33:78:63 | getParameter(...) : String | SanitizationTests.java:79:59:79:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:78:33:78:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:80:25:80:32 | unsafer3 | SanitizationTests.java:78:33:78:63 | getParameter(...) : String | SanitizationTests.java:80:25:80:32 | unsafer3 | Potential server-side request forgery due to a $@. | SanitizationTests.java:78:33:78:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:83:59:83:77 | new URI(...) | SanitizationTests.java:82:49:82:79 | getParameter(...) : String | SanitizationTests.java:83:59:83:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:82:49:82:79 | getParameter(...) | user-provided value |
| SanitizationTests.java:84:25:84:32 | unsafer4 | SanitizationTests.java:82:49:82:79 | getParameter(...) : String | SanitizationTests.java:84:25:84:32 | unsafer4 | Potential server-side request forgery due to a $@. | SanitizationTests.java:82:49:82:79 | getParameter(...) | user-provided value |
| SanitizationTests.java:88:59:88:88 | new URI(...) | SanitizationTests.java:87:31:87:61 | getParameter(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:87:31:87:61 | getParameter(...) | user-provided value |
| SanitizationTests.java:89:25:89:32 | unsafer5 | SanitizationTests.java:87:31:87:61 | getParameter(...) : String | SanitizationTests.java:89:25:89:32 | unsafer5 | Potential server-side request forgery due to a $@. | SanitizationTests.java:87:31:87:61 | getParameter(...) | user-provided value |
| SanitizationTests.java:93:60:93:89 | new URI(...) | SanitizationTests.java:91:58:91:86 | getParameter(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:91:58:91:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:94:25:94:33 | unsafer5a | SanitizationTests.java:91:58:91:86 | getParameter(...) : String | SanitizationTests.java:94:25:94:33 | unsafer5a | Potential server-side request forgery due to a $@. | SanitizationTests.java:91:58:91:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:98:60:98:90 | new URI(...) | SanitizationTests.java:96:60:96:88 | getParameter(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:96:60:96:88 | getParameter(...) | user-provided value |
| SanitizationTests.java:99:25:99:33 | unsafer5b | SanitizationTests.java:96:60:96:88 | getParameter(...) : String | SanitizationTests.java:99:25:99:33 | unsafer5b | Potential server-side request forgery due to a $@. | SanitizationTests.java:96:60:96:88 | getParameter(...) | user-provided value |
| SanitizationTests.java:103:60:103:90 | new URI(...) | SanitizationTests.java:101:77:101:105 | getParameter(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:101:77:101:105 | getParameter(...) | user-provided value |
| SanitizationTests.java:104:25:104:33 | unsafer5c | SanitizationTests.java:101:77:101:105 | getParameter(...) : String | SanitizationTests.java:104:25:104:33 | unsafer5c | Potential server-side request forgery due to a $@. | SanitizationTests.java:101:77:101:105 | getParameter(...) | user-provided value |
| SanitizationTests.java:107:59:107:77 | new URI(...) | SanitizationTests.java:106:73:106:103 | getParameter(...) : String | SanitizationTests.java:107:59:107:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:106:73:106:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:108:25:108:32 | unsafer6 | SanitizationTests.java:106:73:106:103 | getParameter(...) : String | SanitizationTests.java:108:25:108:32 | unsafer6 | Potential server-side request forgery due to a $@. | SanitizationTests.java:106:73:106:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:111:59:111:77 | new URI(...) | SanitizationTests.java:110:56:110:86 | getParameter(...) : String | SanitizationTests.java:111:59:111:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:110:56:110:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:112:25:112:32 | unsafer7 | SanitizationTests.java:110:56:110:86 | getParameter(...) : String | SanitizationTests.java:112:25:112:32 | unsafer7 | Potential server-side request forgery due to a $@. | SanitizationTests.java:110:56:110:86 | getParameter(...) | user-provided value |
| SanitizationTests.java:115:59:115:77 | new URI(...) | SanitizationTests.java:114:55:114:85 | getParameter(...) : String | SanitizationTests.java:115:59:115:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:114:55:114:85 | getParameter(...) | user-provided value |
| SanitizationTests.java:116:25:116:32 | unsafer8 | SanitizationTests.java:114:55:114:85 | getParameter(...) : String | SanitizationTests.java:116:25:116:32 | unsafer8 | Potential server-side request forgery due to a $@. | SanitizationTests.java:114:55:114:85 | getParameter(...) | user-provided value |
| SanitizationTests.java:119:59:119:77 | new URI(...) | SanitizationTests.java:118:33:118:63 | getParameter(...) : String | SanitizationTests.java:119:59:119:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:118:33:118:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:120:25:120:32 | unsafer9 | SanitizationTests.java:118:33:118:63 | getParameter(...) : String | SanitizationTests.java:120:25:120:32 | unsafer9 | Potential server-side request forgery due to a $@. | SanitizationTests.java:118:33:118:63 | getParameter(...) | user-provided value |
| SanitizationTests.java:123:60:123:79 | new URI(...) | SanitizationTests.java:122:94:122:125 | getParameter(...) : String | SanitizationTests.java:123:60:123:79 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:122:94:122:125 | getParameter(...) | user-provided value |
| SanitizationTests.java:124:25:124:33 | unsafer10 | SanitizationTests.java:122:94:122:125 | getParameter(...) : String | SanitizationTests.java:124:25:124:33 | unsafer10 | Potential server-side request forgery due to a $@. | SanitizationTests.java:122:94:122:125 | getParameter(...) | user-provided value |
| SanitizationTests.java:154:55:154:72 | new URI(...) | SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:154:55:154:72 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:153:67:153:95 | getParameter(...) | user-provided value |
| SanitizationTests.java:155:25:155:28 | r14a | SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:155:25:155:28 | r14a | Potential server-side request forgery due to a $@. | SanitizationTests.java:153:67:153:95 | getParameter(...) | user-provided value |
| SanitizationTests.java:156:55:156:77 | new URI(...) | SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:156:55:156:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:153:67:153:95 | getParameter(...) | user-provided value |
| SanitizationTests.java:157:25:157:28 | r14b | SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:157:25:157:28 | r14b | Potential server-side request forgery due to a $@. | SanitizationTests.java:153:67:153:95 | getParameter(...) | user-provided value |
| SanitizationTests.java:161:55:161:72 | new URI(...) | SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:161:55:161:72 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:160:75:160:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:162:25:162:28 | r15a | SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:162:25:162:28 | r15a | Potential server-side request forgery due to a $@. | SanitizationTests.java:160:75:160:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:163:55:163:77 | new URI(...) | SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:163:55:163:77 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:160:75:160:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:164:25:164:28 | r15b | SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:164:25:164:28 | r15b | Potential server-side request forgery due to a $@. | SanitizationTests.java:160:75:160:103 | getParameter(...) | user-provided value |
| SanitizationTests.java:167:54:167:102 | new URI(...) | SanitizationTests.java:167:72:167:100 | getParameter(...) : String | SanitizationTests.java:167:54:167:102 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:167:72:167:100 | getParameter(...) | user-provided value |
| SanitizationTests.java:168:25:168:27 | r16 | SanitizationTests.java:167:72:167:100 | getParameter(...) : String | SanitizationTests.java:168:25:168:27 | r16 | Potential server-side request forgery due to a $@. | SanitizationTests.java:167:72:167:100 | getParameter(...) | user-provided value |
| SanitizationTests.java:171:54:171:102 | new URI(...) | SanitizationTests.java:171:72:171:100 | getParameter(...) : String | SanitizationTests.java:171:54:171:102 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:171:72:171:100 | getParameter(...) | user-provided value |
| SanitizationTests.java:172:25:172:27 | r17 | SanitizationTests.java:171:72:171:100 | getParameter(...) : String | SanitizationTests.java:172:25:172:27 | r17 | Potential server-side request forgery due to a $@. | SanitizationTests.java:171:72:171:100 | getParameter(...) | user-provided value |
| SanitizationTests.java:175:54:175:113 | new URI(...) | SanitizationTests.java:175:82:175:110 | getParameter(...) : String | SanitizationTests.java:175:54:175:113 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:175:82:175:110 | getParameter(...) | user-provided value |
| SanitizationTests.java:176:25:176:27 | r18 | SanitizationTests.java:175:82:175:110 | getParameter(...) : String | SanitizationTests.java:176:25:176:27 | r18 | Potential server-side request forgery due to a $@. | SanitizationTests.java:175:82:175:110 | getParameter(...) | user-provided value |
| SpringSSRF.java:32:39:32:59 | ... + ... | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
| SpringSSRF.java:33:69:33:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
| SpringSSRF.java:34:73:34:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value |
@@ -403,11 +417,11 @@ edges
| ApacheHttpSSRF.java:28:31:28:34 | sink : String | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | provenance | Config |
| ApacheHttpSSRF.java:28:31:28:34 | sink : String | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | provenance | MaD:285 |
| ApacheHttpSSRF.java:42:62:42:64 | uri : URI | ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | provenance | MaD:286 |
| ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | ApacheHttpSSRF.java:42:34:42:82 | new BasicRequestLine(...) | provenance | MaD:293 Sink:MaD:231 |
| ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | ApacheHttpSSRF.java:42:34:42:82 | new BasicRequestLine(...) | provenance | MaD:295 Sink:MaD:231 |
| ApacheHttpSSRF.java:43:41:43:43 | uri : URI | ApacheHttpSSRF.java:43:41:43:54 | toString(...) | provenance | MaD:286 Sink:MaD:232 |
| ApacheHttpSSRF.java:44:41:44:43 | uri : URI | ApacheHttpSSRF.java:44:41:44:54 | toString(...) | provenance | MaD:286 Sink:MaD:233 |
| ApacheHttpSSRF.java:46:77:46:79 | uri : URI | ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | provenance | MaD:286 |
| ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | ApacheHttpSSRF.java:46:49:46:97 | new BasicRequestLine(...) | provenance | MaD:293 Sink:MaD:228 |
| ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | ApacheHttpSSRF.java:46:49:46:97 | new BasicRequestLine(...) | provenance | MaD:295 Sink:MaD:228 |
| ApacheHttpSSRF.java:47:56:47:58 | uri : URI | ApacheHttpSSRF.java:47:56:47:69 | toString(...) | provenance | MaD:286 Sink:MaD:229 |
| ApacheHttpSSRF.java:48:56:48:58 | uri : URI | ApacheHttpSSRF.java:48:56:48:69 | toString(...) | provenance | MaD:286 Sink:MaD:230 |
| ApacheHttpSSRFVersion5.java:41:30:41:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | provenance | Src:MaD:277 |
@@ -501,7 +515,7 @@ edges
| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:132:36:132:39 | host | provenance | Sink:MaD:100 |
| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:136:38:136:41 | host | provenance | Sink:MaD:103 |
| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:162:52:162:55 | host | provenance | Sink:MaD:204 |
| ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | provenance | MaD:292 |
| ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 |
| ApacheHttpSSRFVersion5.java:49:54:49:56 | uri : URI | ApacheHttpSSRFVersion5.java:49:54:49:67 | toString(...) | provenance | MaD:286 Sink:MaD:39 |
| ApacheHttpSSRFVersion5.java:51:48:51:50 | uri : URI | ApacheHttpSSRFVersion5.java:51:48:51:61 | toString(...) | provenance | MaD:286 Sink:MaD:41 |
| ApacheHttpSSRFVersion5.java:55:38:55:40 | uri : URI | ApacheHttpSSRFVersion5.java:55:38:55:51 | toString(...) | provenance | MaD:286 Sink:MaD:44 |
@@ -631,7 +645,7 @@ edges
| ApacheHttpSSRFVersion5.java:298:31:298:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | provenance | Src:MaD:277 |
| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:303:34:303:37 | host | provenance | Sink:MaD:178 |
| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:304:34:304:37 | host | provenance | Sink:MaD:179 |
| ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | provenance | MaD:292 |
| ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 |
| ApacheHttpSSRFVersion5.java:308:60:308:62 | uri : URI | ApacheHttpSSRFVersion5.java:308:60:308:73 | toString(...) | provenance | MaD:286 Sink:MaD:208 |
| ApacheHttpSSRFVersion5.java:313:53:313:55 | uri : URI | ApacheHttpSSRFVersion5.java:313:53:313:66 | toString(...) | provenance | MaD:286 Sink:MaD:208 |
| ApacheHttpSSRFVersion5.java:326:30:326:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | provenance | Src:MaD:277 |
@@ -657,7 +671,7 @@ edges
| ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | provenance | MaD:285 |
| ApacheHttpSSRFVersion5.java:329:31:329:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | provenance | Src:MaD:277 |
| ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:354:53:354:56 | host | provenance | Sink:MaD:204 |
| ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | provenance | MaD:292 |
| ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 |
| ApacheHttpSSRFVersion5.java:333:42:333:44 | uri : URI | ApacheHttpSSRFVersion5.java:333:42:333:55 | toString(...) | provenance | MaD:286 Sink:MaD:180 |
| ApacheHttpSSRFVersion5.java:336:39:336:41 | uri : URI | ApacheHttpSSRFVersion5.java:336:39:336:52 | toString(...) | provenance | MaD:286 Sink:MaD:182 |
| ApacheHttpSSRFVersion5.java:339:40:339:42 | uri : URI | ApacheHttpSSRFVersion5.java:339:40:339:53 | toString(...) | provenance | MaD:286 Sink:MaD:184 |
@@ -681,7 +695,7 @@ edges
| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:381:51:381:54 | host | provenance | Sink:MaD:198 |
| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:385:50:385:53 | host | provenance | Sink:MaD:200 |
| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:387:44:387:47 | host | provenance | Sink:MaD:202 |
| ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | provenance | MaD:292 |
| ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 |
| JakartaWsSSRF.java:14:22:14:48 | getParameter(...) : String | JakartaWsSSRF.java:15:23:15:25 | url | provenance | Src:MaD:277 Sink:MaD:3 |
| JavaNetHttpSSRF.java:25:27:25:53 | getParameter(...) : String | JavaNetHttpSSRF.java:26:31:26:34 | sink : String | provenance | Src:MaD:277 |
| JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | JavaNetHttpSSRF.java:39:59:39:61 | uri | provenance | Sink:MaD:6 |
@@ -708,7 +722,7 @@ edges
| JdbcUrlSSRF.java:52:9:52:13 | props : Properties | JdbcUrlSSRF.java:54:49:54:53 | props | provenance | Sink:MaD:1 |
| JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [<map.value>] : String | JdbcUrlSSRF.java:54:49:54:53 | props | provenance | Sink:MaD:1 |
| JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props : Properties | provenance | Config |
| JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [<map.value>] : String | provenance | MaD:291 |
| JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [<map.value>] : String | provenance | MaD:293 |
| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:65:27:65:33 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:257 |
| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:67:75:67:81 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:258 |
| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:70:75:70:81 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:260 |
@@ -721,118 +735,202 @@ edges
| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:240 |
| ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:16:52:16:54 | url | provenance | Src:MaD:277 Sink:MaD:274 |
| ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:35:30:35:32 | url | provenance | Src:MaD:277 Sink:MaD:273 |
| SanitizationTests.java:21:23:21:58 | new URI(...) : URI | SanitizationTests.java:24:52:24:54 | uri | provenance | Sink:MaD:6 |
| SanitizationTests.java:21:23:21:58 | new URI(...) : URI | SanitizationTests.java:24:52:24:54 | uri : URI | provenance | |
| SanitizationTests.java:21:31:21:57 | getParameter(...) : String | SanitizationTests.java:21:23:21:58 | new URI(...) : URI | provenance | Src:MaD:277 Config |
| SanitizationTests.java:21:31:21:57 | getParameter(...) : String | SanitizationTests.java:21:23:21:58 | new URI(...) : URI | provenance | Src:MaD:277 MaD:285 |
| SanitizationTests.java:24:29:24:55 | newBuilder(...) : Builder | SanitizationTests.java:24:29:24:63 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:24:29:24:63 | build(...) : HttpRequest | SanitizationTests.java:25:25:25:25 | r | provenance | Sink:MaD:4 |
| SanitizationTests.java:24:52:24:54 | uri : URI | SanitizationTests.java:24:29:24:55 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:77:33:77:63 | getParameter(...) : String | SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:78:36:78:78 | newBuilder(...) : Builder | SanitizationTests.java:78:36:78:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:78:36:78:86 | build(...) : HttpRequest | SanitizationTests.java:79:25:79:32 | unsafer3 | provenance | Sink:MaD:4 |
| SanitizationTests.java:78:59:78:77 | new URI(...) : URI | SanitizationTests.java:78:36:78:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | SanitizationTests.java:78:59:78:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | SanitizationTests.java:78:59:78:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | SanitizationTests.java:78:59:78:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | SanitizationTests.java:78:59:78:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:81:49:81:79 | getParameter(...) : String | SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:82:36:82:78 | newBuilder(...) : Builder | SanitizationTests.java:82:36:82:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:82:36:82:86 | build(...) : HttpRequest | SanitizationTests.java:83:25:83:32 | unsafer4 | provenance | Sink:MaD:4 |
| SanitizationTests.java:82:59:82:77 | new URI(...) : URI | SanitizationTests.java:82:36:82:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | SanitizationTests.java:82:59:82:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | SanitizationTests.java:82:59:82:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | SanitizationTests.java:82:59:82:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | SanitizationTests.java:82:59:82:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:86:13:86:22 | unsafeUri5 [post update] : StringBuilder | SanitizationTests.java:87:67:87:76 | unsafeUri5 : StringBuilder | provenance | |
| SanitizationTests.java:86:31:86:61 | getParameter(...) : String | SanitizationTests.java:86:13:86:22 | unsafeUri5 [post update] : StringBuilder | provenance | Src:MaD:277 MaD:278 |
| SanitizationTests.java:87:36:87:89 | newBuilder(...) : Builder | SanitizationTests.java:87:36:87:97 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:87:36:87:97 | build(...) : HttpRequest | SanitizationTests.java:88:25:88:32 | unsafer5 | provenance | Sink:MaD:4 |
| SanitizationTests.java:87:59:87:88 | new URI(...) : URI | SanitizationTests.java:87:36:87:89 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:87:67:87:76 | unsafeUri5 : StringBuilder | SanitizationTests.java:87:67:87:87 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:87:67:87:87 | toString(...) : String | SanitizationTests.java:87:59:87:88 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:87:67:87:87 | toString(...) : String | SanitizationTests.java:87:59:87:88 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:87:67:87:87 | toString(...) : String | SanitizationTests.java:87:59:87:88 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:87:67:87:87 | toString(...) : String | SanitizationTests.java:87:59:87:88 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:90:40:90:87 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:92:68:92:77 | unafeUri5a : StringBuilder | provenance | |
| SanitizationTests.java:90:58:90:86 | getParameter(...) : String | SanitizationTests.java:90:40:90:87 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 |
| SanitizationTests.java:92:37:92:90 | newBuilder(...) : Builder | SanitizationTests.java:92:37:92:98 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:92:37:92:98 | build(...) : HttpRequest | SanitizationTests.java:93:25:93:33 | unsafer5a | provenance | Sink:MaD:4 |
| SanitizationTests.java:92:60:92:89 | new URI(...) : URI | SanitizationTests.java:92:37:92:90 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:92:68:92:77 | unafeUri5a : StringBuilder | SanitizationTests.java:92:68:92:88 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:92:68:92:88 | toString(...) : String | SanitizationTests.java:92:60:92:89 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:92:68:92:88 | toString(...) : String | SanitizationTests.java:92:60:92:89 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:92:68:92:88 | toString(...) : String | SanitizationTests.java:92:60:92:89 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:92:68:92:88 | toString(...) : String | SanitizationTests.java:92:60:92:89 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:95:41:95:105 | append(...) : StringBuilder | SanitizationTests.java:97:68:97:78 | unsafeUri5b : StringBuilder | provenance | |
| SanitizationTests.java:95:42:95:89 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:95:41:95:105 | append(...) : StringBuilder | provenance | MaD:279 |
| SanitizationTests.java:95:60:95:88 | getParameter(...) : String | SanitizationTests.java:95:42:95:89 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 |
| SanitizationTests.java:97:37:97:91 | newBuilder(...) : Builder | SanitizationTests.java:97:37:97:99 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:97:37:97:99 | build(...) : HttpRequest | SanitizationTests.java:98:25:98:33 | unsafer5b | provenance | Sink:MaD:4 |
| SanitizationTests.java:97:60:97:90 | new URI(...) : URI | SanitizationTests.java:97:37:97:91 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:97:68:97:78 | unsafeUri5b : StringBuilder | SanitizationTests.java:97:68:97:89 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:97:68:97:89 | toString(...) : String | SanitizationTests.java:97:60:97:90 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:97:68:97:89 | toString(...) : String | SanitizationTests.java:97:60:97:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:97:68:97:89 | toString(...) : String | SanitizationTests.java:97:60:97:90 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:97:68:97:89 | toString(...) : String | SanitizationTests.java:97:60:97:90 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:100:41:100:106 | append(...) : StringBuilder | SanitizationTests.java:102:68:102:78 | unsafeUri5c : StringBuilder | provenance | |
| SanitizationTests.java:100:77:100:105 | getParameter(...) : String | SanitizationTests.java:100:41:100:106 | append(...) : StringBuilder | provenance | Src:MaD:277 MaD:278+MaD:279 |
| SanitizationTests.java:102:37:102:91 | newBuilder(...) : Builder | SanitizationTests.java:102:37:102:99 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:102:37:102:99 | build(...) : HttpRequest | SanitizationTests.java:103:25:103:33 | unsafer5c | provenance | Sink:MaD:4 |
| SanitizationTests.java:102:60:102:90 | new URI(...) : URI | SanitizationTests.java:102:37:102:91 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:102:68:102:78 | unsafeUri5c : StringBuilder | SanitizationTests.java:102:68:102:89 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:102:68:102:89 | toString(...) : String | SanitizationTests.java:102:60:102:90 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:102:68:102:89 | toString(...) : String | SanitizationTests.java:102:60:102:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:102:68:102:89 | toString(...) : String | SanitizationTests.java:102:60:102:90 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:102:68:102:89 | toString(...) : String | SanitizationTests.java:102:60:102:90 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:105:33:105:104 | format(...) : String | SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | provenance | |
| SanitizationTests.java:105:33:105:104 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:105:33:105:104 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:105:73:105:103 | getParameter(...) : String | SanitizationTests.java:105:33:105:104 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:106:36:106:78 | newBuilder(...) : Builder | SanitizationTests.java:106:36:106:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:106:36:106:86 | build(...) : HttpRequest | SanitizationTests.java:107:25:107:32 | unsafer6 | provenance | Sink:MaD:4 |
| SanitizationTests.java:106:59:106:77 | new URI(...) : URI | SanitizationTests.java:106:36:106:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | SanitizationTests.java:106:59:106:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | SanitizationTests.java:106:59:106:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | SanitizationTests.java:106:59:106:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | SanitizationTests.java:106:59:106:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:109:33:109:110 | format(...) : String | SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | provenance | |
| SanitizationTests.java:109:33:109:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:109:33:109:110 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:109:56:109:86 | getParameter(...) : String | SanitizationTests.java:109:33:109:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:110:36:110:78 | newBuilder(...) : Builder | SanitizationTests.java:110:36:110:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:110:36:110:86 | build(...) : HttpRequest | SanitizationTests.java:111:25:111:32 | unsafer7 | provenance | Sink:MaD:4 |
| SanitizationTests.java:110:59:110:77 | new URI(...) : URI | SanitizationTests.java:110:36:110:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | SanitizationTests.java:110:59:110:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | SanitizationTests.java:110:59:110:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | SanitizationTests.java:110:59:110:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | SanitizationTests.java:110:59:110:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:113:33:113:110 | format(...) : String | SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | provenance | |
| SanitizationTests.java:113:33:113:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:113:33:113:110 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:113:55:113:85 | getParameter(...) : String | SanitizationTests.java:113:33:113:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:114:36:114:78 | newBuilder(...) : Builder | SanitizationTests.java:114:36:114:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:114:36:114:86 | build(...) : HttpRequest | SanitizationTests.java:115:25:115:32 | unsafer8 | provenance | Sink:MaD:4 |
| SanitizationTests.java:114:59:114:77 | new URI(...) : URI | SanitizationTests.java:114:36:114:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | SanitizationTests.java:114:59:114:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | SanitizationTests.java:114:59:114:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | SanitizationTests.java:114:59:114:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | SanitizationTests.java:114:59:114:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:117:33:117:63 | getParameter(...) : String | SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:118:36:118:78 | newBuilder(...) : Builder | SanitizationTests.java:118:36:118:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:118:36:118:86 | build(...) : HttpRequest | SanitizationTests.java:119:25:119:32 | unsafer9 | provenance | Sink:MaD:4 |
| SanitizationTests.java:118:59:118:77 | new URI(...) : URI | SanitizationTests.java:118:36:118:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | SanitizationTests.java:118:59:118:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | SanitizationTests.java:118:59:118:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | SanitizationTests.java:118:59:118:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | SanitizationTests.java:118:59:118:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:121:34:121:126 | format(...) : String | SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | provenance | |
| SanitizationTests.java:121:34:121:126 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:121:34:121:126 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:121:94:121:125 | getParameter(...) : String | SanitizationTests.java:121:34:121:126 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:122:37:122:80 | newBuilder(...) : Builder | SanitizationTests.java:122:37:122:88 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:122:37:122:88 | build(...) : HttpRequest | SanitizationTests.java:123:25:123:33 | unsafer10 | provenance | Sink:MaD:4 |
| SanitizationTests.java:122:60:122:79 | new URI(...) : URI | SanitizationTests.java:122:37:122:80 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | SanitizationTests.java:122:60:122:79 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:22:23:22:58 | new URI(...) : URI | SanitizationTests.java:25:52:25:54 | uri | provenance | Sink:MaD:6 |
| SanitizationTests.java:22:23:22:58 | new URI(...) : URI | SanitizationTests.java:25:52:25:54 | uri : URI | provenance | |
| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:277 Config |
| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:277 MaD:285 |
| SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | SanitizationTests.java:26:25:26:25 | r | provenance | Sink:MaD:4 |
| SanitizationTests.java:25:52:25:54 | uri : URI | SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:78:33:78:63 | getParameter(...) : String | SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | SanitizationTests.java:80:25:80:32 | unsafer3 | provenance | Sink:MaD:4 |
| SanitizationTests.java:79:59:79:77 | new URI(...) : URI | SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:82:49:82:79 | getParameter(...) : String | SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | SanitizationTests.java:84:25:84:32 | unsafer4 | provenance | Sink:MaD:4 |
| SanitizationTests.java:83:59:83:77 | new URI(...) : URI | SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | provenance | |
| SanitizationTests.java:87:31:87:61 | getParameter(...) : String | SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | provenance | Src:MaD:277 MaD:278 |
| SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | SanitizationTests.java:89:25:89:32 | unsafer5 | provenance | Sink:MaD:4 |
| SanitizationTests.java:88:59:88:88 | new URI(...) : URI | SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | SanitizationTests.java:88:67:88:87 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | provenance | |
| SanitizationTests.java:91:58:91:86 | getParameter(...) : String | SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 |
| SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | SanitizationTests.java:94:25:94:33 | unsafer5a | provenance | Sink:MaD:4 |
| SanitizationTests.java:93:60:93:89 | new URI(...) : URI | SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | SanitizationTests.java:93:68:93:88 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | provenance | |
| SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | provenance | MaD:279 |
| SanitizationTests.java:96:60:96:88 | getParameter(...) : String | SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 |
| SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | SanitizationTests.java:99:25:99:33 | unsafer5b | provenance | Sink:MaD:4 |
| SanitizationTests.java:98:60:98:90 | new URI(...) : URI | SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | SanitizationTests.java:98:68:98:89 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | provenance | |
| SanitizationTests.java:101:77:101:105 | getParameter(...) : String | SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | provenance | Src:MaD:277 MaD:278+MaD:279 |
| SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | SanitizationTests.java:104:25:104:33 | unsafer5c | provenance | Sink:MaD:4 |
| SanitizationTests.java:103:60:103:90 | new URI(...) : URI | SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | SanitizationTests.java:103:68:103:89 | toString(...) : String | provenance | MaD:280 |
| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:106:33:106:104 | format(...) : String | SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | provenance | |
| SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:106:33:106:104 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:106:73:106:103 | getParameter(...) : String | SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | SanitizationTests.java:108:25:108:32 | unsafer6 | provenance | Sink:MaD:4 |
| SanitizationTests.java:107:59:107:77 | new URI(...) : URI | SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:110:33:110:110 | format(...) : String | SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | provenance | |
| SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:110:33:110:110 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:110:56:110:86 | getParameter(...) : String | SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | SanitizationTests.java:112:25:112:32 | unsafer7 | provenance | Sink:MaD:4 |
| SanitizationTests.java:111:59:111:77 | new URI(...) : URI | SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:114:33:114:110 | format(...) : String | SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | provenance | |
| SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:114:33:114:110 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:114:55:114:85 | getParameter(...) : String | SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | SanitizationTests.java:116:25:116:32 | unsafer8 | provenance | Sink:MaD:4 |
| SanitizationTests.java:115:59:115:77 | new URI(...) : URI | SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:118:33:118:63 | getParameter(...) : String | SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | provenance | Src:MaD:277 |
| SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | SanitizationTests.java:120:25:120:32 | unsafer9 | provenance | Sink:MaD:4 |
| SanitizationTests.java:119:59:119:77 | new URI(...) : URI | SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:122:34:122:126 | format(...) : String | SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | provenance | |
| SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:122:34:122:126 | format(...) : String | provenance | MaD:281 |
| SanitizationTests.java:122:94:122:125 | getParameter(...) : String | SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | SanitizationTests.java:124:25:124:33 | unsafer10 | provenance | Sink:MaD:4 |
| SanitizationTests.java:123:60:123:79 | new URI(...) : URI | SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:153:42:153:96 | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String | SanitizationTests.java:154:63:154:67 | obj14 : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:153:42:153:96 | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String | SanitizationTests.java:156:63:156:67 | obj14 : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:153:42:153:96 | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:207:37:207:46 | uri : String | provenance | Src:MaD:277 |
| SanitizationTests.java:154:32:154:73 | newBuilder(...) : Builder | SanitizationTests.java:154:32:154:81 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:154:32:154:81 | build(...) : HttpRequest | SanitizationTests.java:155:25:155:28 | r14a | provenance | Sink:MaD:4 |
| SanitizationTests.java:154:55:154:72 | new URI(...) : URI | SanitizationTests.java:154:32:154:73 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:154:63:154:67 | obj14 : AnnotatedFieldObject [uri] : String | SanitizationTests.java:154:63:154:71 | obj14.uri : String | provenance | |
| SanitizationTests.java:154:63:154:71 | obj14.uri : String | SanitizationTests.java:154:55:154:72 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:154:63:154:71 | obj14.uri : String | SanitizationTests.java:154:55:154:72 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:154:63:154:71 | obj14.uri : String | SanitizationTests.java:154:55:154:72 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:154:63:154:71 | obj14.uri : String | SanitizationTests.java:154:55:154:72 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:156:32:156:78 | newBuilder(...) : Builder | SanitizationTests.java:156:32:156:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:156:32:156:86 | build(...) : HttpRequest | SanitizationTests.java:157:25:157:28 | r14b | provenance | Sink:MaD:4 |
| SanitizationTests.java:156:55:156:77 | new URI(...) : URI | SanitizationTests.java:156:32:156:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:156:63:156:67 | obj14 : AnnotatedFieldObject [uri] : String | SanitizationTests.java:156:63:156:76 | getUri(...) : String | provenance | |
| SanitizationTests.java:156:63:156:67 | obj14 : AnnotatedFieldObject [uri] : String | SanitizationTests.java:211:23:211:28 | parameter this : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:156:63:156:76 | getUri(...) : String | SanitizationTests.java:156:55:156:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:156:63:156:76 | getUri(...) : String | SanitizationTests.java:156:55:156:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:156:63:156:76 | getUri(...) : String | SanitizationTests.java:156:55:156:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:156:63:156:76 | getUri(...) : String | SanitizationTests.java:156:55:156:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:160:46:160:104 | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String | SanitizationTests.java:161:63:161:67 | obj15 : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:160:46:160:104 | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String | SanitizationTests.java:163:63:163:67 | obj15 : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:160:46:160:104 | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String | provenance | Src:MaD:277 |
| SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:219:41:219:115 | uri : String | provenance | Src:MaD:277 |
| SanitizationTests.java:161:32:161:73 | newBuilder(...) : Builder | SanitizationTests.java:161:32:161:81 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:161:32:161:81 | build(...) : HttpRequest | SanitizationTests.java:162:25:162:28 | r15a | provenance | Sink:MaD:4 |
| SanitizationTests.java:161:55:161:72 | new URI(...) : URI | SanitizationTests.java:161:32:161:73 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:161:63:161:67 | obj15 : AnnotatedParameterObject [uri] : String | SanitizationTests.java:161:63:161:71 | obj15.uri : String | provenance | |
| SanitizationTests.java:161:63:161:71 | obj15.uri : String | SanitizationTests.java:161:55:161:72 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:161:63:161:71 | obj15.uri : String | SanitizationTests.java:161:55:161:72 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:161:63:161:71 | obj15.uri : String | SanitizationTests.java:161:55:161:72 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:161:63:161:71 | obj15.uri : String | SanitizationTests.java:161:55:161:72 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:163:32:163:78 | newBuilder(...) : Builder | SanitizationTests.java:163:32:163:86 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:163:32:163:86 | build(...) : HttpRequest | SanitizationTests.java:164:25:164:28 | r15b | provenance | Sink:MaD:4 |
| SanitizationTests.java:163:55:163:77 | new URI(...) : URI | SanitizationTests.java:163:32:163:78 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:163:63:163:67 | obj15 : AnnotatedParameterObject [uri] : String | SanitizationTests.java:163:63:163:76 | getUri(...) : String | provenance | |
| SanitizationTests.java:163:63:163:67 | obj15 : AnnotatedParameterObject [uri] : String | SanitizationTests.java:223:23:223:28 | parameter this : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:163:63:163:76 | getUri(...) : String | SanitizationTests.java:163:55:163:77 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:163:63:163:76 | getUri(...) : String | SanitizationTests.java:163:55:163:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:163:63:163:76 | getUri(...) : String | SanitizationTests.java:163:55:163:77 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:163:63:163:76 | getUri(...) : String | SanitizationTests.java:163:55:163:77 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:167:31:167:103 | newBuilder(...) : Builder | SanitizationTests.java:167:31:167:111 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:167:31:167:111 | build(...) : HttpRequest | SanitizationTests.java:168:25:168:27 | r16 | provenance | Sink:MaD:4 |
| SanitizationTests.java:167:54:167:102 | new URI(...) : URI | SanitizationTests.java:167:31:167:103 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:167:62:167:101 | identity1(...) : String | SanitizationTests.java:167:54:167:102 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:167:62:167:101 | identity1(...) : String | SanitizationTests.java:167:54:167:102 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:167:62:167:101 | identity1(...) : String | SanitizationTests.java:167:54:167:102 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:167:62:167:101 | identity1(...) : String | SanitizationTests.java:167:54:167:102 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | SanitizationTests.java:167:62:167:101 | identity1(...) : String | provenance | Src:MaD:277 |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | SanitizationTests.java:188:29:188:103 | uri : String | provenance | Src:MaD:277 |
| SanitizationTests.java:171:31:171:103 | newBuilder(...) : Builder | SanitizationTests.java:171:31:171:111 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:171:31:171:111 | build(...) : HttpRequest | SanitizationTests.java:172:25:172:27 | r17 | provenance | Sink:MaD:4 |
| SanitizationTests.java:171:54:171:102 | new URI(...) : URI | SanitizationTests.java:171:31:171:103 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:171:62:171:101 | identity2(...) : String | SanitizationTests.java:171:54:171:102 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:171:62:171:101 | identity2(...) : String | SanitizationTests.java:171:54:171:102 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:171:62:171:101 | identity2(...) : String | SanitizationTests.java:171:54:171:102 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:171:62:171:101 | identity2(...) : String | SanitizationTests.java:171:54:171:102 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | SanitizationTests.java:171:62:171:101 | identity2(...) : String | provenance | Src:MaD:277 |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | SanitizationTests.java:193:29:193:38 | uri : String | provenance | Src:MaD:277 |
| SanitizationTests.java:175:31:175:114 | newBuilder(...) : Builder | SanitizationTests.java:175:31:175:122 | build(...) : HttpRequest | provenance | MaD:283 |
| SanitizationTests.java:175:31:175:122 | build(...) : HttpRequest | SanitizationTests.java:176:25:176:27 | r18 | provenance | Sink:MaD:4 |
| SanitizationTests.java:175:54:175:113 | new URI(...) : URI | SanitizationTests.java:175:31:175:114 | newBuilder(...) : Builder | provenance | MaD:284 |
| SanitizationTests.java:175:62:175:112 | getFromList(...) : String | SanitizationTests.java:175:54:175:113 | new URI(...) | provenance | Config Sink:MaD:6 |
| SanitizationTests.java:175:62:175:112 | getFromList(...) : String | SanitizationTests.java:175:54:175:113 | new URI(...) | provenance | MaD:285 Sink:MaD:6 |
| SanitizationTests.java:175:62:175:112 | getFromList(...) : String | SanitizationTests.java:175:54:175:113 | new URI(...) : URI | provenance | Config |
| SanitizationTests.java:175:62:175:112 | getFromList(...) : String | SanitizationTests.java:175:54:175:113 | new URI(...) : URI | provenance | MaD:285 |
| SanitizationTests.java:175:74:175:111 | of(...) : List [<element>] : String | SanitizationTests.java:175:62:175:112 | getFromList(...) : String | provenance | MaD:290 |
| SanitizationTests.java:175:74:175:111 | of(...) : List [<element>] : String | SanitizationTests.java:197:31:197:112 | list : List [<element>] : String | provenance | |
| SanitizationTests.java:175:82:175:110 | getParameter(...) : String | SanitizationTests.java:175:74:175:111 | of(...) : List [<element>] : String | provenance | Src:MaD:277 MaD:289 |
| SanitizationTests.java:188:29:188:103 | uri : String | SanitizationTests.java:189:16:189:18 | uri : String | provenance | |
| SanitizationTests.java:193:29:193:38 | uri : String | SanitizationTests.java:194:16:194:18 | uri : String | provenance | |
| SanitizationTests.java:197:31:197:112 | list : List [<element>] : String | SanitizationTests.java:198:16:198:19 | list : List [<element>] : String | provenance | |
| SanitizationTests.java:198:16:198:19 | list : List [<element>] : String | SanitizationTests.java:198:16:198:26 | get(...) : String | provenance | MaD:290 |
| SanitizationTests.java:207:37:207:46 | uri : String | SanitizationTests.java:208:24:208:26 | uri : String | provenance | |
| SanitizationTests.java:208:13:208:16 | this [post update] : AnnotatedFieldObject [uri] : String | SanitizationTests.java:207:16:207:35 | parameter this [Return] : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:208:24:208:26 | uri : String | SanitizationTests.java:208:13:208:16 | this [post update] : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:211:23:211:28 | parameter this : AnnotatedFieldObject [uri] : String | SanitizationTests.java:212:20:212:22 | this <.field> : AnnotatedFieldObject [uri] : String | provenance | |
| SanitizationTests.java:212:20:212:22 | this <.field> : AnnotatedFieldObject [uri] : String | SanitizationTests.java:212:20:212:22 | uri : String | provenance | |
| SanitizationTests.java:219:41:219:115 | uri : String | SanitizationTests.java:220:24:220:26 | uri : String | provenance | |
| SanitizationTests.java:220:13:220:16 | this [post update] : AnnotatedParameterObject [uri] : String | SanitizationTests.java:219:16:219:39 | parameter this [Return] : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:220:24:220:26 | uri : String | SanitizationTests.java:220:13:220:16 | this [post update] : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:223:23:223:28 | parameter this : AnnotatedParameterObject [uri] : String | SanitizationTests.java:224:20:224:22 | this <.field> : AnnotatedParameterObject [uri] : String | provenance | |
| SanitizationTests.java:224:20:224:22 | this <.field> : AnnotatedParameterObject [uri] : String | SanitizationTests.java:224:20:224:22 | uri : String | provenance | |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | provenance | Src:MaD:277 Sink:MaD:264 |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | provenance | Src:MaD:277 |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | provenance | Src:MaD:277 |
@@ -864,16 +962,16 @@ edges
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | provenance | Src:MaD:277 |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | provenance | Src:MaD:277 |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | provenance | Src:MaD:277 |
| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | Config Sink:MaD:269 |
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 |
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | provenance | |
@@ -918,20 +1016,20 @@ edges
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | provenance | |
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | provenance | |
| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | provenance | |
| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:289 |
| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:290 |
| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:291 |
| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:292 |
| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:168:44:168:46 | uri | provenance | Sink:MaD:255 |
| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:170:35:170:37 | uri | provenance | Sink:MaD:250 |
| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:171:35:171:37 | uri | provenance | Sink:MaD:256 |
@@ -1352,11 +1450,13 @@ models
| 286 | Summary: java.net; URI; false; toString; ; ; Argument[this]; ReturnValue; taint; manual |
| 287 | Summary: java.net; URI; false; toURL; ; ; Argument[this]; ReturnValue; taint; manual |
| 288 | Summary: java.net; URL; false; URL; (String); ; Argument[0]; Argument[this]; taint; manual |
| 289 | Summary: java.util; Map; false; of; ; ; Argument[1]; ReturnValue.MapValue; value; manual |
| 290 | Summary: java.util; Map; false; of; ; ; Argument[3]; ReturnValue.MapValue; value; manual |
| 291 | Summary: java.util; Properties; true; setProperty; (String,String); ; Argument[1]; Argument[this].MapValue; value; manual |
| 292 | Summary: org.apache.hc.core5.http; HttpHost; true; HttpHost; (String); ; Argument[0]; Argument[this]; taint; hq-manual |
| 293 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual |
| 289 | Summary: java.util; List; false; of; (Object); ; Argument[0]; ReturnValue.Element; value; manual |
| 290 | Summary: java.util; List; true; get; (int); ; Argument[this].Element; ReturnValue; value; manual |
| 291 | Summary: java.util; Map; false; of; ; ; Argument[1]; ReturnValue.MapValue; value; manual |
| 292 | Summary: java.util; Map; false; of; ; ; Argument[3]; ReturnValue.MapValue; value; manual |
| 293 | Summary: java.util; Properties; true; setProperty; (String,String); ; Argument[1]; Argument[this].MapValue; value; manual |
| 294 | Summary: org.apache.hc.core5.http; HttpHost; true; HttpHost; (String); ; Argument[0]; Argument[this]; taint; hq-manual |
| 295 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual |
nodes
| ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | semmle.label | new URI(...) : URI |
@@ -1714,107 +1814,182 @@ nodes
| ReactiveWebClientSSRF.java:16:52:16:54 | url | semmle.label | url |
| ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| ReactiveWebClientSSRF.java:35:30:35:32 | url | semmle.label | url |
| SanitizationTests.java:21:23:21:58 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:21:31:21:57 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:24:29:24:55 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:24:29:24:63 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:24:52:24:54 | uri | semmle.label | uri |
| SanitizationTests.java:24:52:24:54 | uri : URI | semmle.label | uri : URI |
| SanitizationTests.java:25:25:25:25 | r | semmle.label | r |
| SanitizationTests.java:77:33:77:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:78:36:78:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:78:36:78:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:78:59:78:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:78:59:78:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:78:67:78:76 | unsafeUri3 : String | semmle.label | unsafeUri3 : String |
| SanitizationTests.java:79:25:79:32 | unsafer3 | semmle.label | unsafer3 |
| SanitizationTests.java:81:49:81:79 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:82:36:82:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:82:36:82:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:82:59:82:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:82:59:82:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:82:67:82:76 | unsafeUri4 : String | semmle.label | unsafeUri4 : String |
| SanitizationTests.java:83:25:83:32 | unsafer4 | semmle.label | unsafer4 |
| SanitizationTests.java:86:13:86:22 | unsafeUri5 [post update] : StringBuilder | semmle.label | unsafeUri5 [post update] : StringBuilder |
| SanitizationTests.java:86:31:86:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:87:36:87:89 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:87:36:87:97 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:87:59:87:88 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:87:59:87:88 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:87:67:87:76 | unsafeUri5 : StringBuilder | semmle.label | unsafeUri5 : StringBuilder |
| SanitizationTests.java:87:67:87:87 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:88:25:88:32 | unsafer5 | semmle.label | unsafer5 |
| SanitizationTests.java:90:40:90:87 | new StringBuilder(...) : StringBuilder | semmle.label | new StringBuilder(...) : StringBuilder |
| SanitizationTests.java:90:58:90:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:92:37:92:90 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:92:37:92:98 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:92:60:92:89 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:92:60:92:89 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:92:68:92:77 | unafeUri5a : StringBuilder | semmle.label | unafeUri5a : StringBuilder |
| SanitizationTests.java:92:68:92:88 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:93:25:93:33 | unsafer5a | semmle.label | unsafer5a |
| SanitizationTests.java:95:41:95:105 | append(...) : StringBuilder | semmle.label | append(...) : StringBuilder |
| SanitizationTests.java:95:42:95:89 | new StringBuilder(...) : StringBuilder | semmle.label | new StringBuilder(...) : StringBuilder |
| SanitizationTests.java:95:60:95:88 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:97:37:97:91 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:97:37:97:99 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:97:60:97:90 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:97:60:97:90 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:97:68:97:78 | unsafeUri5b : StringBuilder | semmle.label | unsafeUri5b : StringBuilder |
| SanitizationTests.java:97:68:97:89 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:98:25:98:33 | unsafer5b | semmle.label | unsafer5b |
| SanitizationTests.java:100:41:100:106 | append(...) : StringBuilder | semmle.label | append(...) : StringBuilder |
| SanitizationTests.java:100:77:100:105 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:102:37:102:91 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:102:37:102:99 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:102:60:102:90 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:102:60:102:90 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:102:68:102:78 | unsafeUri5c : StringBuilder | semmle.label | unsafeUri5c : StringBuilder |
| SanitizationTests.java:102:68:102:89 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:103:25:103:33 | unsafer5c | semmle.label | unsafer5c |
| SanitizationTests.java:105:33:105:104 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:105:33:105:104 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:105:73:105:103 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:106:36:106:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:106:36:106:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:106:59:106:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:106:59:106:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:106:67:106:76 | unsafeUri6 : String | semmle.label | unsafeUri6 : String |
| SanitizationTests.java:107:25:107:32 | unsafer6 | semmle.label | unsafer6 |
| SanitizationTests.java:109:33:109:110 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:109:33:109:110 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:109:56:109:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:110:36:110:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:110:36:110:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:110:59:110:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:110:59:110:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:110:67:110:76 | unsafeUri7 : String | semmle.label | unsafeUri7 : String |
| SanitizationTests.java:111:25:111:32 | unsafer7 | semmle.label | unsafer7 |
| SanitizationTests.java:113:33:113:110 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:113:33:113:110 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:113:55:113:85 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:114:36:114:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:114:36:114:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:114:59:114:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:114:59:114:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:114:67:114:76 | unsafeUri8 : String | semmle.label | unsafeUri8 : String |
| SanitizationTests.java:115:25:115:32 | unsafer8 | semmle.label | unsafer8 |
| SanitizationTests.java:117:33:117:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:118:36:118:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:118:36:118:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:118:59:118:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:118:59:118:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:118:67:118:76 | unsafeUri9 : String | semmle.label | unsafeUri9 : String |
| SanitizationTests.java:119:25:119:32 | unsafer9 | semmle.label | unsafer9 |
| SanitizationTests.java:121:34:121:126 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:121:34:121:126 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:121:94:121:125 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:122:37:122:80 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:122:37:122:88 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:122:60:122:79 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:122:60:122:79 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:122:68:122:78 | unsafeUri10 : String | semmle.label | unsafeUri10 : String |
| SanitizationTests.java:123:25:123:33 | unsafer10 | semmle.label | unsafer10 |
| SanitizationTests.java:22:23:22:58 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:25:52:25:54 | uri | semmle.label | uri |
| SanitizationTests.java:25:52:25:54 | uri : URI | semmle.label | uri : URI |
| SanitizationTests.java:26:25:26:25 | r | semmle.label | r |
| SanitizationTests.java:78:33:78:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:79:59:79:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:79:59:79:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | semmle.label | unsafeUri3 : String |
| SanitizationTests.java:80:25:80:32 | unsafer3 | semmle.label | unsafer3 |
| SanitizationTests.java:82:49:82:79 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:83:59:83:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:83:59:83:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | semmle.label | unsafeUri4 : String |
| SanitizationTests.java:84:25:84:32 | unsafer4 | semmle.label | unsafer4 |
| SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | semmle.label | unsafeUri5 [post update] : StringBuilder |
| SanitizationTests.java:87:31:87:61 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:88:59:88:88 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:88:59:88:88 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | semmle.label | unsafeUri5 : StringBuilder |
| SanitizationTests.java:88:67:88:87 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:89:25:89:32 | unsafer5 | semmle.label | unsafer5 |
| SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | semmle.label | new StringBuilder(...) : StringBuilder |
| SanitizationTests.java:91:58:91:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:93:60:93:89 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:93:60:93:89 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | semmle.label | unafeUri5a : StringBuilder |
| SanitizationTests.java:93:68:93:88 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:94:25:94:33 | unsafer5a | semmle.label | unsafer5a |
| SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | semmle.label | append(...) : StringBuilder |
| SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | semmle.label | new StringBuilder(...) : StringBuilder |
| SanitizationTests.java:96:60:96:88 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:98:60:98:90 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:98:60:98:90 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | semmle.label | unsafeUri5b : StringBuilder |
| SanitizationTests.java:98:68:98:89 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:99:25:99:33 | unsafer5b | semmle.label | unsafer5b |
| SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | semmle.label | append(...) : StringBuilder |
| SanitizationTests.java:101:77:101:105 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:103:60:103:90 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:103:60:103:90 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | semmle.label | unsafeUri5c : StringBuilder |
| SanitizationTests.java:103:68:103:89 | toString(...) : String | semmle.label | toString(...) : String |
| SanitizationTests.java:104:25:104:33 | unsafer5c | semmle.label | unsafer5c |
| SanitizationTests.java:106:33:106:104 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:106:73:106:103 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:107:59:107:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:107:59:107:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | semmle.label | unsafeUri6 : String |
| SanitizationTests.java:108:25:108:32 | unsafer6 | semmle.label | unsafer6 |
| SanitizationTests.java:110:33:110:110 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:110:56:110:86 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:111:59:111:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:111:59:111:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | semmle.label | unsafeUri7 : String |
| SanitizationTests.java:112:25:112:32 | unsafer7 | semmle.label | unsafer7 |
| SanitizationTests.java:114:33:114:110 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:114:55:114:85 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:115:59:115:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:115:59:115:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | semmle.label | unsafeUri8 : String |
| SanitizationTests.java:116:25:116:32 | unsafer8 | semmle.label | unsafer8 |
| SanitizationTests.java:118:33:118:63 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:119:59:119:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:119:59:119:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | semmle.label | unsafeUri9 : String |
| SanitizationTests.java:120:25:120:32 | unsafer9 | semmle.label | unsafer9 |
| SanitizationTests.java:122:34:122:126 | format(...) : String | semmle.label | format(...) : String |
| SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | semmle.label | new ..[] { .. } : Object[] [[]] : String |
| SanitizationTests.java:122:94:122:125 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:123:60:123:79 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:123:60:123:79 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | semmle.label | unsafeUri10 : String |
| SanitizationTests.java:124:25:124:33 | unsafer10 | semmle.label | unsafer10 |
| SanitizationTests.java:153:42:153:96 | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String | semmle.label | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:153:67:153:95 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:154:32:154:73 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:154:32:154:81 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:154:55:154:72 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:154:55:154:72 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:154:63:154:67 | obj14 : AnnotatedFieldObject [uri] : String | semmle.label | obj14 : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:154:63:154:71 | obj14.uri : String | semmle.label | obj14.uri : String |
| SanitizationTests.java:155:25:155:28 | r14a | semmle.label | r14a |
| SanitizationTests.java:156:32:156:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:156:32:156:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:156:55:156:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:156:55:156:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:156:63:156:67 | obj14 : AnnotatedFieldObject [uri] : String | semmle.label | obj14 : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:156:63:156:76 | getUri(...) : String | semmle.label | getUri(...) : String |
| SanitizationTests.java:157:25:157:28 | r14b | semmle.label | r14b |
| SanitizationTests.java:160:46:160:104 | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String | semmle.label | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:160:75:160:103 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:161:32:161:73 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:161:32:161:81 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:161:55:161:72 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:161:55:161:72 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:161:63:161:67 | obj15 : AnnotatedParameterObject [uri] : String | semmle.label | obj15 : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:161:63:161:71 | obj15.uri : String | semmle.label | obj15.uri : String |
| SanitizationTests.java:162:25:162:28 | r15a | semmle.label | r15a |
| SanitizationTests.java:163:32:163:78 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:163:32:163:86 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:163:55:163:77 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:163:55:163:77 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:163:63:163:67 | obj15 : AnnotatedParameterObject [uri] : String | semmle.label | obj15 : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:163:63:163:76 | getUri(...) : String | semmle.label | getUri(...) : String |
| SanitizationTests.java:164:25:164:28 | r15b | semmle.label | r15b |
| SanitizationTests.java:167:31:167:103 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:167:31:167:111 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:167:54:167:102 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:167:54:167:102 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:167:62:167:101 | identity1(...) : String | semmle.label | identity1(...) : String |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:168:25:168:27 | r16 | semmle.label | r16 |
| SanitizationTests.java:171:31:171:103 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:171:31:171:111 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:171:54:171:102 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:171:54:171:102 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:171:62:171:101 | identity2(...) : String | semmle.label | identity2(...) : String |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:172:25:172:27 | r17 | semmle.label | r17 |
| SanitizationTests.java:175:31:175:114 | newBuilder(...) : Builder | semmle.label | newBuilder(...) : Builder |
| SanitizationTests.java:175:31:175:122 | build(...) : HttpRequest | semmle.label | build(...) : HttpRequest |
| SanitizationTests.java:175:54:175:113 | new URI(...) | semmle.label | new URI(...) |
| SanitizationTests.java:175:54:175:113 | new URI(...) : URI | semmle.label | new URI(...) : URI |
| SanitizationTests.java:175:62:175:112 | getFromList(...) : String | semmle.label | getFromList(...) : String |
| SanitizationTests.java:175:74:175:111 | of(...) : List [<element>] : String | semmle.label | of(...) : List [<element>] : String |
| SanitizationTests.java:175:82:175:110 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SanitizationTests.java:176:25:176:27 | r18 | semmle.label | r18 |
| SanitizationTests.java:188:29:188:103 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:189:16:189:18 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:193:29:193:38 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:194:16:194:18 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:197:31:197:112 | list : List [<element>] : String | semmle.label | list : List [<element>] : String |
| SanitizationTests.java:198:16:198:19 | list : List [<element>] : String | semmle.label | list : List [<element>] : String |
| SanitizationTests.java:198:16:198:26 | get(...) : String | semmle.label | get(...) : String |
| SanitizationTests.java:207:16:207:35 | parameter this [Return] : AnnotatedFieldObject [uri] : String | semmle.label | parameter this [Return] : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:207:37:207:46 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:208:13:208:16 | this [post update] : AnnotatedFieldObject [uri] : String | semmle.label | this [post update] : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:208:24:208:26 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:211:23:211:28 | parameter this : AnnotatedFieldObject [uri] : String | semmle.label | parameter this : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:212:20:212:22 | this <.field> : AnnotatedFieldObject [uri] : String | semmle.label | this <.field> : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:212:20:212:22 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:219:16:219:39 | parameter this [Return] : AnnotatedParameterObject [uri] : String | semmle.label | parameter this [Return] : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:219:41:219:115 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:220:13:220:16 | this [post update] : AnnotatedParameterObject [uri] : String | semmle.label | this [post update] : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:220:24:220:26 | uri : String | semmle.label | uri : String |
| SanitizationTests.java:223:23:223:28 | parameter this : AnnotatedParameterObject [uri] : String | semmle.label | parameter this : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:224:20:224:22 | this <.field> : AnnotatedParameterObject [uri] : String | semmle.label | this <.field> : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:224:20:224:22 | uri : String | semmle.label | uri : String |
| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| SpringSSRF.java:32:39:32:59 | ... + ... | semmle.label | ... + ... |
| SpringSSRF.java:33:69:33:82 | fooResourceUrl | semmle.label | fooResourceUrl |
@@ -2035,3 +2210,29 @@ nodes
| mad/Test.java:112:15:112:31 | (...)... | semmle.label | (...)... |
| mad/Test.java:112:24:112:31 | source(...) : String | semmle.label | source(...) : String |
subpaths
| SanitizationTests.java:153:67:153:95 | getParameter(...) : String | SanitizationTests.java:207:37:207:46 | uri : String | SanitizationTests.java:207:16:207:35 | parameter this [Return] : AnnotatedFieldObject [uri] : String | SanitizationTests.java:153:42:153:96 | new AnnotatedFieldObject(...) : AnnotatedFieldObject [uri] : String |
| SanitizationTests.java:156:63:156:67 | obj14 : AnnotatedFieldObject [uri] : String | SanitizationTests.java:211:23:211:28 | parameter this : AnnotatedFieldObject [uri] : String | SanitizationTests.java:212:20:212:22 | uri : String | SanitizationTests.java:156:63:156:76 | getUri(...) : String |
| SanitizationTests.java:160:75:160:103 | getParameter(...) : String | SanitizationTests.java:219:41:219:115 | uri : String | SanitizationTests.java:219:16:219:39 | parameter this [Return] : AnnotatedParameterObject [uri] : String | SanitizationTests.java:160:46:160:104 | new AnnotatedParameterObject(...) : AnnotatedParameterObject [uri] : String |
| SanitizationTests.java:163:63:163:67 | obj15 : AnnotatedParameterObject [uri] : String | SanitizationTests.java:223:23:223:28 | parameter this : AnnotatedParameterObject [uri] : String | SanitizationTests.java:224:20:224:22 | uri : String | SanitizationTests.java:163:63:163:76 | getUri(...) : String |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | SanitizationTests.java:188:29:188:103 | uri : String | SanitizationTests.java:189:16:189:18 | uri : String | SanitizationTests.java:167:62:167:101 | identity1(...) : String |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | SanitizationTests.java:193:29:193:38 | uri : String | SanitizationTests.java:194:16:194:18 | uri : String | SanitizationTests.java:171:62:171:101 | identity2(...) : String |
| SanitizationTests.java:175:74:175:111 | of(...) : List [<element>] : String | SanitizationTests.java:197:31:197:112 | list : List [<element>] : String | SanitizationTests.java:198:16:198:26 | get(...) : String | SanitizationTests.java:175:62:175:112 | getFromList(...) : String |
testFailures
| SanitizationTests.java:153:67:153:95 | getParameter(...) : String | Unexpected result: Source |
| SanitizationTests.java:154:55:154:72 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:155:25:155:28 | r14a | Unexpected result: Alert |
| SanitizationTests.java:156:55:156:77 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:157:25:157:28 | r14b | Unexpected result: Alert |
| SanitizationTests.java:160:75:160:103 | getParameter(...) : String | Unexpected result: Source |
| SanitizationTests.java:161:55:161:72 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:162:25:162:28 | r15a | Unexpected result: Alert |
| SanitizationTests.java:163:55:163:77 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:164:25:164:28 | r15b | Unexpected result: Alert |
| SanitizationTests.java:167:54:167:102 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | Unexpected result: Alert |
| SanitizationTests.java:167:72:167:100 | getParameter(...) : String | Unexpected result: Source |
| SanitizationTests.java:168:25:168:27 | r16 | Unexpected result: Alert |
| SanitizationTests.java:171:54:171:102 | new URI(...) | Unexpected result: Alert |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | Unexpected result: Alert |
| SanitizationTests.java:171:72:171:100 | getParameter(...) : String | Unexpected result: Source |
| SanitizationTests.java:172:25:172:27 | r17 | Unexpected result: Alert |

69
java/ql/test/query-tests/security/CWE-918/SanitizationTests.java
View File

@@ -2,8 +2,9 @@ import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
@@ -147,6 +148,32 @@ public class SanitizationTests extends HttpServlet {
HttpRequest r13 = HttpRequest.newBuilder(new URI(param13)).build();
client.send(r13, null);
}
// GOOD: sanitisation by @Pattern annotation on a field
AnnotatedFieldObject obj14 = new AnnotatedFieldObject(request.getParameter("uri14"));
HttpRequest r14a = HttpRequest.newBuilder(new URI(obj14.uri)).build();
client.send(r14a, null);
HttpRequest r14b = HttpRequest.newBuilder(new URI(obj14.getUri())).build();
client.send(r14b, null);
// GOOD: sanitisation by @Pattern annotation on a parameter of a constructor
AnnotatedParameterObject obj15 = new AnnotatedParameterObject(request.getParameter("uri15"));
HttpRequest r15a = HttpRequest.newBuilder(new URI(obj15.uri)).build();
client.send(r15a, null);
HttpRequest r15b = HttpRequest.newBuilder(new URI(obj15.getUri())).build();
client.send(r15b, null);
// GOOD: sanitisation by @Pattern annotation on a parameter of a method
HttpRequest r16 = HttpRequest.newBuilder(new URI(identity1(request.getParameter("uri16")))).build();
client.send(r16, null);
// GOOD: sanitisation by @Pattern annotation on a method (which constrains the return value)
HttpRequest r17 = HttpRequest.newBuilder(new URI(identity2(request.getParameter("uri17")))).build();
client.send(r17, null);
// GOOD: sanitisation by @Pattern annotation on a type (we do not recognise this, so we get an FP)
HttpRequest r18 = HttpRequest.newBuilder(new URI(getFromList(List.of(request.getParameter("uri18"))))).build(); // $ SPURIOUS: Source Alert
client.send(r18, null); // $ SPURIOUS: Alert
} catch (Exception e) {
// TODO: handle exception
}
@@ -157,4 +184,44 @@ public class SanitizationTests extends HttpServlet {
throw new IllegalArgumentException("Invalid ID");
}
}
public String identity1(@javax.validation.constraints.Pattern(regexp = "[a-zA-Z0-9_-]+") String uri) {
return uri;
}
@javax.validation.constraints.Pattern(regexp = "[a-zA-Z0-9_-]+")
public String identity2(String uri) {
return uri;
}
public String getFromList(List<@javax.validation.constraints.Pattern(regexp = "[a-zA-Z0-9_-]+") String> list) {
return list.get(0);
}
public class AnnotatedFieldObject {
@javax.validation.constraints.Pattern(regexp = "[a-zA-Z0-9_-]+")
String uri;
String otherField;
public AnnotatedFieldObject(String uri) {
this.uri = uri;
}
public String getUri() {
return uri;
}
}
public class AnnotatedParameterObject {
String uri;
public AnnotatedParameterObject(@javax.validation.constraints.Pattern(regexp = "[a-zA-Z0-9_-]+") String uri) {
this.uri = uri;
}
public String getUri() {
return uri;
}
}
}

2
java/ql/test/query-tests/security/CWE-918/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf

88
java/ql/test/stubs/javax-validation-constraints/javax/validation/Constraint.java generated Normal file
View File

@@ -0,0 +1,88 @@
/*
* Bean Validation API
*
* License: Apache License, Version 2.0
* See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
*/
package javax.validation;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
/**
* Marks an annotation as being a Bean Validation constraint.
* <p>
* A given constraint annotation must be annotated by a {@code @Constraint}
* annotation which refers to its list of constraint validation implementations.
* <p>
* Each constraint annotation must host the following attributes:
* <ul>
* <li>{@code String message() default [...];} which should default to an error
* message key made of the fully-qualified class name of the constraint followed by
* {@code .message}. For example {@code "{com.acme.constraints.NotSafe.message}"}</li>
* <li>{@code Class<?>[] groups() default {};} for user to customize the targeted
* groups</li>
* <li>{@code Class<? extends Payload>[] payload() default {};} for
* extensibility purposes</li>
* </ul>
* <p>
* When building a constraint that is both generic and cross-parameter, the constraint
* annotation must host the {@code validationAppliesTo()} property.
* A constraint is generic if it targets the annotated element and is cross-parameter if
* it targets the array of parameters of a method or constructor.
* <pre>
* ConstraintTarget validationAppliesTo() default ConstraintTarget.IMPLICIT;
* </pre>
* This property allows the constraint user to choose whether the constraint
* targets the return type of the executable or its array of parameters.
*
* A constraint is both generic and cross-parameter if
* <ul>
* <li>two kinds of {@code ConstraintValidator}s are attached to the
* constraint, one targeting {@link ValidationTarget#ANNOTATED_ELEMENT}
* and one targeting {@link ValidationTarget#PARAMETERS},</li>
* <li>or if a {@code ConstraintValidator} targets both
* {@code ANNOTATED_ELEMENT} and {@code PARAMETERS}.</li>
* </ul>
*
* Such dual constraints are rare. See {@link SupportedValidationTarget} for more info.
* <p>
* Here is an example of constraint definition:
* <pre>
* &#64;Documented
* &#64;Constraint(validatedBy = OrderNumberValidator.class)
* &#64;Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER, TYPE_USE })
* &#64;Retention(RUNTIME)
* public &#64;interface OrderNumber {
* String message() default "{com.acme.constraint.OrderNumber.message}";
* Class&lt;?&gt;[] groups() default {};
* Class&lt;? extends Payload&gt;[] payload() default {};
* }
* </pre>
*
* @author Emmanuel Bernard
* @author Gavin King
* @author Hardy Ferentschik
*/
@Documented
@Target({ ANNOTATION_TYPE })
@Retention(RUNTIME)
public @interface Constraint {
/**
* {@link ConstraintValidator} classes implementing the constraint. The given classes
* must reference distinct target types for a given {@link ValidationTarget}. If two
* {@code ConstraintValidator}s refer to the same type, an exception will occur.
* <p>
* At most one {@code ConstraintValidator} targeting the array of parameters of
* methods or constructors (aka cross-parameter) is accepted. If two or more
* are present, an exception will occur.
*
* @return array of {@code ConstraintValidator} classes implementing the constraint
*/
Class<?>[] validatedBy();
}

23
java/ql/test/stubs/javax-validation-constraints/javax/validation/Payload.java generated Normal file
View File

@@ -0,0 +1,23 @@
/*
* Bean Validation API
*
* License: Apache License, Version 2.0
* See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
*/
package javax.validation;
/**
* Payload type that can be attached to a given
* constraint declaration.
* <p>
* Payloads are typically used to carry on metadata information
* consumed by a validation client.
* </p>
* With the exception of the {@link Unwrapping} payload types, the use of payloads is not
* considered portable.
*
* @author Emmanuel Bernard
* @author Gerhard Petracek
*/
public interface Payload {
}

148
java/ql/test/stubs/javax-validation-constraints/javax/validation/constraints/Pattern.java generated Normal file
View File

@@ -0,0 +1,148 @@
/*
* Bean Validation API
*
* License: Apache License, Version 2.0
* See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
*/
package javax.validation.constraints;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.ElementType.CONSTRUCTOR;
import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.ElementType.TYPE_USE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Documented;
import java.lang.annotation.Repeatable;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import javax.validation.Constraint;
import javax.validation.Payload;
import javax.validation.constraints.Pattern.List;
/**
* The annotated {@code CharSequence} must match the specified regular expression.
* The regular expression follows the Java regular expression conventions
* see {@link java.util.regex.Pattern}.
* <p>
* Accepts {@code CharSequence}. {@code null} elements are considered valid.
*
* @author Emmanuel Bernard
*/
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER, TYPE_USE })
@Retention(RUNTIME)
@Repeatable(List.class)
@Documented
@Constraint(validatedBy = { })
public @interface Pattern {
/**
* @return the regular expression to match
*/
String regexp();
/**
* @return array of {@code Flag}s considered when resolving the regular expression
*/
Flag[] flags() default { };
/**
* @return the error message template
*/
String message() default "{javax.validation.constraints.Pattern.message}";
/**
* @return the groups the constraint belongs to
*/
Class<?>[] groups() default { };
/**
* @return the payload associated to the constraint
*/
Class<? extends Payload>[] payload() default { };
/**
* Possible Regexp flags.
*/
public static enum Flag {
/**
* Enables Unix lines mode.
*
* @see java.util.regex.Pattern#UNIX_LINES
*/
UNIX_LINES( java.util.regex.Pattern.UNIX_LINES ),
/**
* Enables case-insensitive matching.
*
* @see java.util.regex.Pattern#CASE_INSENSITIVE
*/
CASE_INSENSITIVE( java.util.regex.Pattern.CASE_INSENSITIVE ),
/**
* Permits whitespace and comments in pattern.
*
* @see java.util.regex.Pattern#COMMENTS
*/
COMMENTS( java.util.regex.Pattern.COMMENTS ),
/**
* Enables multiline mode.
*
* @see java.util.regex.Pattern#MULTILINE
*/
MULTILINE( java.util.regex.Pattern.MULTILINE ),
/**
* Enables dotall mode.
*
* @see java.util.regex.Pattern#DOTALL
*/
DOTALL( java.util.regex.Pattern.DOTALL ),
/**
* Enables Unicode-aware case folding.
*
* @see java.util.regex.Pattern#UNICODE_CASE
*/
UNICODE_CASE( java.util.regex.Pattern.UNICODE_CASE ),
/**
* Enables canonical equivalence.
*
* @see java.util.regex.Pattern#CANON_EQ
*/
CANON_EQ( java.util.regex.Pattern.CANON_EQ );
//JDK flag value
private final int value;
private Flag(int value) {
this.value = value;
}
/**
* @return flag value as defined in {@link java.util.regex.Pattern}
*/
public int getValue() {
return value;
}
}
/**
* Defines several {@link Pattern} annotations on the same element.
*
* @see Pattern
*/
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER, TYPE_USE })
@Retention(RUNTIME)
@Documented
@interface List {
Pattern[] value();
}
}