diff --git a/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md new file mode 100644 index 000000000000..4a18b5304723 --- /dev/null +++ b/java/ql/lib/change-notes/2025-11-27-spring-rest-template-request-forgery-sinks.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* URI template variables of all Spring `RestTemplate` methods are now considered as request forgery sinks. Previously only the `getForObject` method was considered. This may lead to more alerts for the query `java/ssrf`. diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll index 0580415a3448..6f10cf3bad4f 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll @@ -31,50 +31,79 @@ class SpringWebClient extends Interface { } } -/** The method `getForObject` on `org.springframework.web.reactive.function.client.RestTemplate`. */ -class SpringRestTemplateGetForObjectMethod extends Method { - SpringRestTemplateGetForObjectMethod() { +/** + * A method on `org.springframework.web.client.RestTemplate` + * which has a parameter `uriVariables` (which can have type `Object..` or + * `Map`) which contains variables to be expanded into the URL + * template in parameter 0. + */ +private class SpringRestTemplateMethodWithUriVariablesParameter extends Method { + int pos; + + SpringRestTemplateMethodWithUriVariablesParameter() { this.getDeclaringType() instanceof SpringRestTemplate and - this.hasName("getForObject") + ( + this.hasName("delete") and pos = 1 + or + this.hasName("exchange") and pos = 4 + or + this.hasName("execute") and pos = 4 + or + this.hasName("getForEntity") and pos = 2 + or + this.hasName("getForObject") and pos = 2 + or + this.hasName("headForHeaders") and pos = 1 + or + this.hasName("optionsForAllow") and pos = 1 + or + this.hasName("patchForObject") and pos = 3 + or + this.hasName("postForEntity") and pos = 3 + or + this.hasName("postForLocation") and pos = 2 + or + this.hasName("postForObject") and pos = 3 + or + this.hasName("put") and pos = 2 + ) } -} -/** A call to the method `getForObject` on `org.springframework.web.reactive.function.client.RestTemplate`. */ -class SpringRestTemplateGetForObjectMethodCall extends MethodCall { - SpringRestTemplateGetForObjectMethodCall() { - this.getMethod() instanceof SpringRestTemplateGetForObjectMethod - } + int getUriVariablesPosition() { result = pos } +} - /** Gets the first argument, if it is a compile time constant. */ - CompileTimeConstantExpr getConstantUrl() { result = this.getArgument(0) } +/** Gets the first argument of `mc`, if it is a compile-time constant. */ +pragma[inline] +private CompileTimeConstantExpr getConstantUrl(MethodCall mc) { result = mc.getArgument(0) } - /** - * Holds if the first argument is a compile time constant and it has a - * placeholder at offset `offset`, and there are `idx` placeholders that - * appear before it. - */ - predicate urlHasPlaceholderAtOffset(int idx, int offset) { - exists( - this.getConstantUrl() - .getStringValue() - .replaceAll("\\{", " ") - .replaceAll("\\}", " ") - .regexpFind("\\{[^}]*\\}", idx, offset) - ) - } +/** + * Holds if the first argument of `mc` is a compile-time constant URL template + * which has its `idx`-th placeholder at the offset `offset`. + */ +pragma[inline] +private predicate urlHasPlaceholderAtOffset(MethodCall mc, int idx, int offset) { + exists( + getConstantUrl(mc) + .getStringValue() + .replaceAll("\\{", " ") + .replaceAll("\\}", " ") + .regexpFind("\\{[^}]*\\}", idx, offset) + ) } -private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink { - SpringWebClientRestTemplateGetForObject() { - exists(SpringRestTemplateGetForObjectMethodCall mc, int i | - // Note that the first argument is modeled as a request forgery sink - // separately. This model is for arguments beyond the first two. There - // are two relevant overloads, one with third parameter type `Object...` - // and one with third parameter type `Map`. For the latter we - // cannot deal with MapValue content easily but there is a default - // implicit taint read at sinks that will catch it. +private class SpringWebClientRestTemplateUriVariable extends RequestForgerySink { + SpringWebClientRestTemplateUriVariable() { + exists(SpringRestTemplateMethodWithUriVariablesParameter m, MethodCall mc, int i | + // Note that the first argument of `m` is modeled as a request forgery + // sink separately. This model is for arguments corresponding to the + // `uriVariables` parameter. There are always two relevant overloads, one + // with parameter type `Object...` and one with parameter type + // `Map`. For the latter we cannot deal with MapValue content + // easily but there is a default implicit taint read at sinks that will + // catch it. + mc.getMethod() = m and i >= 0 and - this.asExpr() = mc.getArgument(i + 2) + this.asExpr() = mc.getArgument(m.getUriVariablesPosition() + i) | // If we can determine that part of mc.getArgument(0) is a hostname // sanitizing prefix, then we count how many placeholders occur before it @@ -83,8 +112,8 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink // considering the map values as sinks if there is at least one // placeholder in the URL before the hostname sanitizing prefix. exists(int offset | - mc.urlHasPlaceholderAtOffset(i, offset) and - offset < mc.getConstantUrl().(HostnameSanitizingPrefix).getOffset() + urlHasPlaceholderAtOffset(mc, i, offset) and + offset < getConstantUrl(mc).(HostnameSanitizingPrefix).getOffset() ) or // If we cannot determine that part of mc.getArgument(0) is a hostname @@ -94,12 +123,12 @@ private class SpringWebClientRestTemplateGetForObject extends RequestForgerySink // For the `Map` overload this has the effect of only // considering the map values as sinks if there is at least one // placeholder in the URL. - not mc.getConstantUrl() instanceof HostnameSanitizingPrefix and - mc.urlHasPlaceholderAtOffset(i, _) + not getConstantUrl(mc) instanceof HostnameSanitizingPrefix and + urlHasPlaceholderAtOffset(mc, i, _) or // If we cannot determine the string value of mc.getArgument(0), then we // conservatively consider all arguments as sinks. - not exists(mc.getConstantUrl().getStringValue()) + not exists(getConstantUrl(mc).getStringValue()) ) } } diff --git a/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected b/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected index b08273da0ca9..c61fbdf81b85 100644 --- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected +++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected @@ -253,35 +253,91 @@ | SanitizationTests.java:120:60:120:79 | new URI(...) | SanitizationTests.java:119:94:119:125 | getParameter(...) : String | SanitizationTests.java:120:60:120:79 | new URI(...) | Potential server-side request forgery due to a $@. | SanitizationTests.java:119:94:119:125 | getParameter(...) | user-provided value | | SanitizationTests.java:121:25:121:33 | unsafer10 | SanitizationTests.java:119:94:119:125 | getParameter(...) : String | SanitizationTests.java:121:25:121:33 | unsafer10 | Potential server-side request forgery due to a $@. | SanitizationTests.java:119:94:119:125 | getParameter(...) | user-provided value | | SpringSSRF.java:32:39:32:59 | ... + ... | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:33:35:33:48 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:35:33:48 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:34:34:34:47 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:34:34:47 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:35:39:35:52 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:39:35:52 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:36:69:36:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:36:69:36:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:37:73:37:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:37:73:37:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:40:69:40:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:69:40:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:42:69:42:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:42:69:42:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:44:41:44:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:41:44:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:45:40:45:62 | new URI(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:40:45:62 | new URI(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:46:42:46:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:42:46:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:47:40:47:53 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:47:40:47:53 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:48:30:48:43 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:48:30:48:43 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:49:33:49:46 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:33:49:46 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:50:41:50:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:50:41:50:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:51:42:51:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:42:51:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:56:44:56:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:44:56:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:58:35:58:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:58:35:58:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:59:35:59:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:59:35:59:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:60:38:60:40 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:38:60:40 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:61:39:61:41 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:61:39:61:41 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:62:37:62:39 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:37:62:39 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:63:36:63:38 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:63:36:63:38 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:64:44:64:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:64:44:64:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:70:49:70:51 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:70:49:70:51 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:71:58:71:60 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:58:71:60 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:72:57:72:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:72:57:72:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:73:66:73:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:66:73:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:74:57:74:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:74:57:74:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | -| SpringSSRF.java:75:66:75:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:75:66:75:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:33:69:33:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:34:73:34:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:35:87:35:100 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:38:69:38:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:69:38:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:40:69:40:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:69:40:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:43:35:43:48 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:44:91:44:104 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:45:95:45:108 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:46:109:46:122 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:49:91:49:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:91:49:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:51:91:51:141 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:91:51:141 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:54:34:54:47 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:55:79:55:92 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:56:83:56:96 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:57:97:57:110 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:60:79:60:107 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:79:60:107 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:62:79:62:129 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:79:62:129 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:65:39:65:52 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:66:69:66:82 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:67:73:67:86 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:68:87:68:100 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:71:69:71:97 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:69:71:97 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:73:69:73:119 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:69:73:119 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:76:41:76:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:77:93:77:106 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:78:97:78:110 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:79:111:79:124 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:82:93:82:121 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:93:82:121 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:84:93:84:143 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:93:84:143 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:87:40:87:62 | new URI(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:40:87:62 | new URI(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:88:92:88:105 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:89:96:89:109 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:89:96:89:109 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:90:110:90:123 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:90:110:90:123 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:93:92:93:120 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:93:92:93:120 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:95:92:95:142 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:95:92:95:142 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:98:42:98:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:99:80:99:93 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:99:80:99:93 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:100:84:100:97 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:100:84:100:97 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:101:98:101:111 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:101:98:101:111 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:104:80:104:108 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:104:80:104:108 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:106:80:106:130 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:106:80:106:130 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:109:40:109:53 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:110:92:110:105 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:110:92:110:105 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:111:96:111:109 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:111:96:111:109 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:112:110:112:123 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:112:110:112:123 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:115:92:115:120 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:115:92:115:120 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:117:92:117:142 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:117:92:117:142 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:120:30:120:43 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:121:68:121:81 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:121:68:121:81 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:122:72:122:85 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:122:72:122:85 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:123:86:123:99 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:123:86:123:99 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:126:68:126:96 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:126:68:126:96 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:128:68:128:118 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:128:68:128:118 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:131:33:131:46 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:132:49:132:62 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:132:49:132:62 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:133:53:133:66 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:133:53:133:66 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:134:67:134:80 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:134:67:134:80 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:137:49:137:77 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:137:49:137:77 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:139:49:139:99 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:139:49:139:99 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:142:41:142:54 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:143:57:143:70 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:143:57:143:70 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:144:61:144:74 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:144:61:144:74 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:145:75:145:88 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:145:75:145:88 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:148:57:148:85 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:148:57:148:85 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:150:57:150:107 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:150:57:150:107 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:153:42:153:55 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:154:58:154:71 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:154:58:154:71 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:155:62:155:75 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:155:62:155:75 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:156:76:156:89 | fooResourceUrl | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:156:76:156:89 | fooResourceUrl | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:159:58:159:86 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:159:58:159:86 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:161:58:161:108 | of(...) | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:161:58:161:108 | of(...) | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:168:44:168:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:168:44:168:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:170:35:170:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:170:35:170:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:171:35:171:37 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:171:35:171:37 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:172:38:172:40 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:172:38:172:40 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:173:39:173:41 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:173:39:173:41 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:174:37:174:39 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:174:37:174:39 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:175:36:175:38 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:175:36:175:38 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:176:44:176:46 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:176:44:176:46 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:182:49:182:51 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:182:49:182:51 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:183:58:183:60 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:183:58:183:60 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:184:57:184:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:184:57:184:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:185:66:185:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:185:66:185:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:186:57:186:59 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:186:57:186:59 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | +| SpringSSRF.java:187:66:187:68 | uri | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:187:66:187:68 | uri | Potential server-side request forgery due to a $@. | SpringSSRF.java:28:33:28:60 | getParameter(...) | user-provided value | | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) | user-provided value | | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) : String | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) | user-provided value | | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) : String | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | Potential server-side request forgery due to a $@. | URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) | user-provided value | @@ -778,45 +834,123 @@ edges | SanitizationTests.java:120:68:120:78 | unsafeUri10 : String | SanitizationTests.java:120:60:120:79 | new URI(...) : URI | provenance | Config | | SanitizationTests.java:120:68:120:78 | unsafeUri10 : String | SanitizationTests.java:120:60:120:79 | new URI(...) : URI | provenance | MaD:285 | | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | provenance | Src:MaD:277 Sink:MaD:264 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:35:33:48 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:262 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:34:34:47 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:263 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:39:35:52 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:265 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:36:69:36:82 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:37:73:37:86 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:41:44:54 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:268 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | SpringSSRF.java:40:69:40:97 | of(...) | provenance | MaD:289 | -| SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | SpringSSRF.java:42:69:42:119 | of(...) | provenance | MaD:290 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:45:40:45:62 | new URI(...) | provenance | Config Sink:MaD:269 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:45:40:45:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:46:42:46:55 | fooResourceUrl | provenance | Sink:MaD:270 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:47:40:47:53 | fooResourceUrl | provenance | Sink:MaD:271 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:48:30:48:43 | fooResourceUrl | provenance | Sink:MaD:272 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:49:33:49:46 | fooResourceUrl | provenance | Sink:MaD:261 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:50:41:50:54 | fooResourceUrl | provenance | Sink:MaD:266 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:51:42:51:55 | fooResourceUrl | provenance | Sink:MaD:267 | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:56:44:56:46 | uri | provenance | Sink:MaD:255 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:58:35:58:37 | uri | provenance | Sink:MaD:250 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:59:35:59:37 | uri | provenance | Sink:MaD:256 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:60:38:60:40 | uri | provenance | Sink:MaD:249 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:61:39:61:41 | uri | provenance | Sink:MaD:253 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:62:37:62:39 | uri | provenance | Sink:MaD:254 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:63:36:63:38 | uri | provenance | Sink:MaD:251 | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | SpringSSRF.java:64:44:64:46 | uri | provenance | Sink:MaD:252 | -| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:54:27:54:49 | new URI(...) : URI | provenance | Config | -| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:54:27:54:49 | new URI(...) : URI | provenance | MaD:285 | -| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:70:49:70:51 | uri | provenance | Sink:MaD:243 | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:71:58:71:60 | uri | provenance | Sink:MaD:244 | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:72:57:72:59 | uri | provenance | Sink:MaD:245 | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:73:66:73:68 | uri | provenance | Sink:MaD:247 | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:74:57:74:59 | uri | provenance | Sink:MaD:246 | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | SpringSSRF.java:75:66:75:68 | uri | provenance | Sink:MaD:248 | -| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | SpringSSRF.java:67:27:67:49 | new URI(...) : URI | provenance | Config | -| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | SpringSSRF.java:67:27:67:49 | new URI(...) : URI | provenance | MaD:285 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:262 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:263 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:265 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:268 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | provenance | Src:MaD:277 | +| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | Config Sink:MaD:269 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:89:96:89:109 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:90:110:90:123 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | provenance | Sink:MaD:270 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:99:80:99:93 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:100:84:100:97 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:101:98:101:111 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | provenance | Sink:MaD:271 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:110:92:110:105 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:111:96:111:109 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:112:110:112:123 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | provenance | Sink:MaD:272 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:121:68:121:81 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:122:72:122:85 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:123:86:123:99 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | provenance | Sink:MaD:261 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:132:49:132:62 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:133:53:133:66 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:134:67:134:80 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | provenance | Sink:MaD:266 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:143:57:143:70 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:144:61:144:74 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:145:75:145:88 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | provenance | Sink:MaD:267 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:154:58:154:71 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:155:62:155:75 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:156:76:156:89 | fooResourceUrl | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:289 | +| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:290 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:168:44:168:46 | uri | provenance | Sink:MaD:255 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:170:35:170:37 | uri | provenance | Sink:MaD:250 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:171:35:171:37 | uri | provenance | Sink:MaD:256 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:172:38:172:40 | uri | provenance | Sink:MaD:249 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:173:39:173:41 | uri | provenance | Sink:MaD:253 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:174:37:174:39 | uri | provenance | Sink:MaD:254 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:175:36:175:38 | uri | provenance | Sink:MaD:251 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:176:44:176:46 | uri | provenance | Sink:MaD:252 | +| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | Config | +| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | MaD:285 | +| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | provenance | | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:182:49:182:51 | uri | provenance | Sink:MaD:243 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:183:58:183:60 | uri | provenance | Sink:MaD:244 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:184:57:184:59 | uri | provenance | Sink:MaD:245 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:185:66:185:68 | uri | provenance | Sink:MaD:247 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:186:57:186:59 | uri | provenance | Sink:MaD:246 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:187:66:187:68 | uri | provenance | Sink:MaD:248 | +| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | Config | +| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | MaD:285 | | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:17:31:17:33 | url : String | provenance | Src:MaD:277 | | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | URLClassLoaderSSRF.java:18:74:18:76 | uri : URI | provenance | | | URLClassLoaderSSRF.java:17:31:17:33 | url : String | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | provenance | Config | @@ -1683,42 +1817,120 @@ nodes | SanitizationTests.java:121:25:121:33 | unsafer10 | semmle.label | unsafer10 | | SpringSSRF.java:28:33:28:60 | getParameter(...) : String | semmle.label | getParameter(...) : String | | SpringSSRF.java:32:39:32:59 | ... + ... | semmle.label | ... + ... | -| SpringSSRF.java:33:35:33:48 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:34:34:34:47 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:35:39:35:52 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:36:69:36:82 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:37:73:37:86 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:40:69:40:97 | of(...) | semmle.label | of(...) | -| SpringSSRF.java:40:83:40:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | -| SpringSSRF.java:42:69:42:119 | of(...) | semmle.label | of(...) | -| SpringSSRF.java:42:105:42:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | -| SpringSSRF.java:44:41:44:54 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:45:40:45:62 | new URI(...) | semmle.label | new URI(...) | -| SpringSSRF.java:45:48:45:61 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | -| SpringSSRF.java:46:42:46:55 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:47:40:47:53 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:48:30:48:43 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:49:33:49:46 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:50:41:50:54 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:51:42:51:55 | fooResourceUrl | semmle.label | fooResourceUrl | -| SpringSSRF.java:54:27:54:49 | new URI(...) : URI | semmle.label | new URI(...) : URI | -| SpringSSRF.java:54:35:54:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | -| SpringSSRF.java:56:44:56:46 | uri | semmle.label | uri | -| SpringSSRF.java:58:35:58:37 | uri | semmle.label | uri | -| SpringSSRF.java:59:35:59:37 | uri | semmle.label | uri | -| SpringSSRF.java:60:38:60:40 | uri | semmle.label | uri | -| SpringSSRF.java:61:39:61:41 | uri | semmle.label | uri | -| SpringSSRF.java:62:37:62:39 | uri | semmle.label | uri | -| SpringSSRF.java:63:36:63:38 | uri | semmle.label | uri | -| SpringSSRF.java:64:44:64:46 | uri | semmle.label | uri | -| SpringSSRF.java:67:27:67:49 | new URI(...) : URI | semmle.label | new URI(...) : URI | -| SpringSSRF.java:67:35:67:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | -| SpringSSRF.java:70:49:70:51 | uri | semmle.label | uri | -| SpringSSRF.java:71:58:71:60 | uri | semmle.label | uri | -| SpringSSRF.java:72:57:72:59 | uri | semmle.label | uri | -| SpringSSRF.java:73:66:73:68 | uri | semmle.label | uri | -| SpringSSRF.java:74:57:74:59 | uri | semmle.label | uri | -| SpringSSRF.java:75:66:75:68 | uri | semmle.label | uri | +| SpringSSRF.java:33:69:33:82 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:34:73:34:86 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:35:87:35:100 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:38:69:38:97 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:40:69:40:119 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:43:35:43:48 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:44:91:44:104 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:45:95:45:108 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:46:109:46:122 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:49:91:49:119 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:51:91:51:141 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:54:34:54:47 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:55:79:55:92 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:56:83:56:96 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:57:97:57:110 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:60:79:60:107 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:62:79:62:129 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:65:39:65:52 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:66:69:66:82 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:67:73:67:86 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:68:87:68:100 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:71:69:71:97 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:73:69:73:119 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:76:41:76:54 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:77:93:77:106 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:78:97:78:110 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:79:111:79:124 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:82:93:82:121 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:84:93:84:143 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:87:40:87:62 | new URI(...) | semmle.label | new URI(...) | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:88:92:88:105 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:89:96:89:109 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:90:110:90:123 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:93:92:93:120 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:95:92:95:142 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:98:42:98:55 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:99:80:99:93 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:100:84:100:97 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:101:98:101:111 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:104:80:104:108 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:106:80:106:130 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:109:40:109:53 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:110:92:110:105 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:111:96:111:109 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:112:110:112:123 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:115:92:115:120 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:117:92:117:142 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:120:30:120:43 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:121:68:121:81 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:122:72:122:85 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:123:86:123:99 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:126:68:126:96 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:128:68:128:118 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:131:33:131:46 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:132:49:132:62 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:133:53:133:66 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:134:67:134:80 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:137:49:137:77 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:139:49:139:99 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:142:41:142:54 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:143:57:143:70 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:144:61:144:74 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:145:75:145:88 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:148:57:148:85 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:150:57:150:107 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:153:42:153:55 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:154:58:154:71 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:155:62:155:75 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:156:76:156:89 | fooResourceUrl | semmle.label | fooResourceUrl | +| SpringSSRF.java:159:58:159:86 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:161:58:161:108 | of(...) | semmle.label | of(...) | +| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | semmle.label | new URI(...) : URI | +| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:168:44:168:46 | uri | semmle.label | uri | +| SpringSSRF.java:170:35:170:37 | uri | semmle.label | uri | +| SpringSSRF.java:171:35:171:37 | uri | semmle.label | uri | +| SpringSSRF.java:172:38:172:40 | uri | semmle.label | uri | +| SpringSSRF.java:173:39:173:41 | uri | semmle.label | uri | +| SpringSSRF.java:174:37:174:39 | uri | semmle.label | uri | +| SpringSSRF.java:175:36:175:38 | uri | semmle.label | uri | +| SpringSSRF.java:176:44:176:46 | uri | semmle.label | uri | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | semmle.label | new URI(...) : URI | +| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | semmle.label | fooResourceUrl : String | +| SpringSSRF.java:182:49:182:51 | uri | semmle.label | uri | +| SpringSSRF.java:183:58:183:60 | uri | semmle.label | uri | +| SpringSSRF.java:184:57:184:59 | uri | semmle.label | uri | +| SpringSSRF.java:185:66:185:68 | uri | semmle.label | uri | +| SpringSSRF.java:186:57:186:59 | uri | semmle.label | uri | +| SpringSSRF.java:187:66:187:68 | uri | semmle.label | uri | | URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | semmle.label | getParameter(...) : String | | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | semmle.label | new URI(...) : URI | | URLClassLoaderSSRF.java:17:31:17:33 | url : String | semmle.label | url : String | diff --git a/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java b/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java index 446e774214dc..dd1ffd60367c 100644 --- a/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java +++ b/java/ql/test/query-tests/security/CWE-918/SpringSSRF.java @@ -30,25 +30,137 @@ protected void doGet(HttpServletRequest request2, HttpServletResponse response2) HttpEntity request = new HttpEntity<>(new String("bar")); try { restTemplate.getForEntity(fooResourceUrl + "/1", String.class); // $ Alert + restTemplate.getForEntity("http://{foo}", String.class, fooResourceUrl); // $ Alert + restTemplate.getForEntity("http://{foo}/a/b", String.class, fooResourceUrl); // $ Alert + restTemplate.getForEntity("{protocol}://{foo}/a/b", String.class, "http", fooResourceUrl); // $ Alert + restTemplate.getForEntity("http://safe.com/{foo}", String.class, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.getForEntity("http://{foo}", String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.getForEntity("http://safe.com/{foo}", String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.getForEntity("http://{foo}", String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.exchange(fooResourceUrl, HttpMethod.POST, request, String.class); // $ Alert + restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, fooResourceUrl); // $ Alert + restTemplate.exchange("http://{foo}/a/b", HttpMethod.POST, request, String.class, fooResourceUrl); // $ Alert + restTemplate.exchange("{protocol}://{foo}/a/b", HttpMethod.POST, request, String.class, "http", fooResourceUrl); // $ Alert + restTemplate.exchange("http://safe.com/{foo}", HttpMethod.POST, request, String.class, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.exchange("http://safe.com/{foo}", HttpMethod.POST, request, String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.exchange("http://{foo}", HttpMethod.POST, request, String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.execute(fooResourceUrl, HttpMethod.POST, null, null, "test"); // $ Alert + restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, fooResourceUrl); // $ Alert + restTemplate.execute("http://{foo}/a/b", HttpMethod.POST, null, null, fooResourceUrl); // $ Alert + restTemplate.execute("{protocol}://{foo}/a/b", HttpMethod.POST, null, null, "http", fooResourceUrl); // $ Alert + restTemplate.execute("http://safe.com/{foo}", HttpMethod.POST, null, null, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.execute("http://safe.com/{foo}", HttpMethod.POST, null, null, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.execute("http://{foo}", HttpMethod.POST, null, null, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.getForObject(fooResourceUrl, String.class, "test"); // $ Alert restTemplate.getForObject("http://{foo}", String.class, fooResourceUrl); // $ Alert restTemplate.getForObject("http://{foo}/a/b", String.class, fooResourceUrl); // $ Alert + restTemplate.getForObject("{protocol}://{foo}/a/b", String.class, "http", fooResourceUrl); // $ Alert restTemplate.getForObject("http://safe.com/{foo}", String.class, fooResourceUrl); // not bad - the tainted value does not affect the host restTemplate.getForObject("http://{foo}", String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", fooResourceUrl)); // $ Alert restTemplate.getForObject("http://safe.com/{foo}", String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused restTemplate.getForObject("http://{foo}", String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.patchForObject(fooResourceUrl, new String("object"), String.class, "hi"); // $ Alert + restTemplate.patchForObject("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.patchForObject("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.patchForObject("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert + restTemplate.patchForObject("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.patchForObject("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.patchForObject("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.patchForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.postForEntity(new URI(fooResourceUrl), new String("object"), String.class); // $ Alert + restTemplate.postForEntity("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.postForEntity("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.postForEntity("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert + restTemplate.postForEntity("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.postForEntity("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.postForEntity("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.postForEntity("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.postForLocation(fooResourceUrl, new String("object")); // $ Alert + restTemplate.postForLocation("http://{foo}", new String("object"), fooResourceUrl); // $ Alert + restTemplate.postForLocation("http://{foo}/a/b", new String("object"), fooResourceUrl); // $ Alert + restTemplate.postForLocation("{protocol}://{foo}/a/b", new String("object"), "http", fooResourceUrl); // $ Alert + restTemplate.postForLocation("http://safe.com/{foo}", new String("object"), fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.postForLocation("http://{foo}", new String("object"), "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.postForLocation("http://safe.com/{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.postForLocation("http://{foo}", new String("object"), Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.postForObject(fooResourceUrl, new String("object"), String.class); // $ Alert + restTemplate.postForObject("http://{foo}", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.postForObject("http://{foo}/a/b", new String("object"), String.class, fooResourceUrl); // $ Alert + restTemplate.postForObject("{protocol}://{foo}/a/b", new String("object"), String.class, "http", fooResourceUrl); // $ Alert + restTemplate.postForObject("http://safe.com/{foo}", new String("object"), String.class, fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.postForObject("http://{foo}", new String("object"), String.class, "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.postForObject("http://safe.com/{foo}", new String("object"), String.class, Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.postForObject("http://{foo}", new String("object"), String.class, Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.put(fooResourceUrl, new String("object")); // $ Alert + restTemplate.put("http://{foo}", new String("object"), fooResourceUrl); // $ Alert + restTemplate.put("http://{foo}/a/b", new String("object"), fooResourceUrl); // $ Alert + restTemplate.put("{protocol}://{foo}/a/b", new String("object"), "http", fooResourceUrl); // $ Alert + restTemplate.put("http://safe.com/{foo}", new String("object"), fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.put("http://{foo}", new String("object"), "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.put("http://{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.put("http://safe.com/{foo}", new String("object"), Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.put("http://{foo}", new String("object"), Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.put("http://{foo}", new String("object"), Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.delete(fooResourceUrl); // $ Alert + restTemplate.delete("http://{foo}", fooResourceUrl); // $ Alert + restTemplate.delete("http://{foo}/a/b", fooResourceUrl); // $ Alert + restTemplate.delete("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert + restTemplate.delete("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.delete("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.delete("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.delete("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.delete("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.delete("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.headForHeaders(fooResourceUrl); // $ Alert + restTemplate.headForHeaders("http://{foo}", fooResourceUrl); // $ Alert + restTemplate.headForHeaders("http://{foo}/a/b", fooResourceUrl); // $ Alert + restTemplate.headForHeaders("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert + restTemplate.headForHeaders("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.headForHeaders("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.headForHeaders("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.headForHeaders("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.headForHeaders("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.headForHeaders("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + restTemplate.optionsForAllow(fooResourceUrl); // $ Alert + restTemplate.optionsForAllow("http://{foo}", fooResourceUrl); // $ Alert + restTemplate.optionsForAllow("http://{foo}/a/b", fooResourceUrl); // $ Alert + restTemplate.optionsForAllow("{protocol}://{foo}/a/b", "http", fooResourceUrl); // $ Alert + restTemplate.optionsForAllow("http://safe.com/{foo}", fooResourceUrl); // not bad - the tainted value does not affect the host + restTemplate.optionsForAllow("http://{foo}", "safe.com", fooResourceUrl); // not bad - the tainted value is unused + restTemplate.optionsForAllow("http://{foo}", Map.of("foo", fooResourceUrl)); // $ Alert + restTemplate.optionsForAllow("http://safe.com/{foo}", Map.of("foo", fooResourceUrl)); // not bad - the tainted value does not affect the host + restTemplate.optionsForAllow("http://{foo}", Map.of("foo", "safe.com", "unused", fooResourceUrl)); // $ SPURIOUS: Alert // not bad - the key for the tainted value is unused + restTemplate.optionsForAllow("http://{foo}", Map.of("foo", "safe.com", fooResourceUrl, "unused")); // not bad - the tainted value is in a map key + { String body = new String("body"); URI uri = new URI(fooResourceUrl);