Java: add spurious test case for StringBuilder.append

Jami Cogswell · Jami Cogswell · commit 5ac453eb3881 · 2024-03-13T16:28:45.000-04:00
diff --git a/java/ql/test/query-tests/security/CWE-552/UrlForwardTest.java b/java/ql/test/query-tests/security/CWE-552/UrlForwardTest.java
@@ -388,4 +388,25 @@ protected void doGet2(HttpServletRequest request, HttpServletResponse response)
 			sc.getRequestDispatcher(VALID_FORWARD).forward(request, response);
 		}
 	}
+
+	// Test `StringBuilder.append` sequence with `?` appended before the user input
+	private static final String LOGIN_URL = "/UI/Login";
+
+	public void doPost2(HttpServletRequest request, HttpServletResponse response)
+			throws ServletException, IOException {
+		StringBuilder forwardUrl = new StringBuilder(200);
+		forwardUrl.append(LOGIN_URL);
+
+		String queryString = request.getQueryString();
+
+		// should be sanitized due to the `?` appended
+		forwardUrl.append('?').append(queryString);
+
+		String fUrl = forwardUrl.toString();
+
+		ServletConfig config = getServletConfig();
+
+        RequestDispatcher dispatcher = config.getServletContext().getRequestDispatcher(fUrl); // $ SPURIOUS: hasUrlForward
+        dispatcher.forward(request, response);
+	}
 }
