Add test case based on missing result

egregius313 · egregius313 · commit 774baead603b · 2023-05-22T15:57:15.000-04:00
diff --git a/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java b/java/ql/test/query-tests/security/CWE-918/SanitizationTests.java
@@ -116,6 +116,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
             HttpRequest unsafer9 = HttpRequest.newBuilder(new URI(unsafeUri9)).build(); // $ SSRF
             client.send(unsafer9, null);
 
+            String unsafeUri10 = String.format("%s://%s:%s%s", "http", "myserver.com", "80", request.getParameter("baduri10"));
+            HttpRequest unsafer10 = HttpRequest.newBuilder(new URI(unsafeUri10)).build(); // $ SSRF
+            client.send(unsafer10, null);
         } catch (Exception e) {
             // TODO: handle exception
         }

Original file line number	Diff line number	Diff line change
`@@ -116,6 +116,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)`
`116`	`116`	`HttpRequest unsafer9 = HttpRequest.newBuilder(new URI(unsafeUri9)).build(); // $ SSRF`
`117`	`117`	`client.send(unsafer9, null);`
`118`	`118`
	`119`	`+ String unsafeUri10 = String.format("%s://%s:%s%s", "http", "myserver.com", "80", request.getParameter("baduri10"));`
	`120`	`+ HttpRequest unsafer10 = HttpRequest.newBuilder(new URI(unsafeUri10)).build(); // $ SSRF`
	`121`	`+ client.send(unsafer10, null);`
`119`	`122`	`} catch (Exception e) {`
`120`	`123`	`// TODO: handle exception`
`121`	`124`	`}`