Java: add comment about request-forgery sinks

Jami Cogswell · Jami Cogswell · commit ca8ac0c93fbd · 2023-05-31T15:51:07.000-04:00
diff --git a/java/ql/lib/semmle/code/java/security/HttpsUrls.qll b/java/ql/lib/semmle/code/java/security/HttpsUrls.qll
@@ -30,6 +30,7 @@ class HttpStringLiteral extends StringLiteral {
 abstract class UrlOpenSink extends DataFlow::Node { }
 
 private class DefaultUrlOpenSink extends UrlOpenSink {
+  // request-forgery sinks control the URL of a request
   DefaultUrlOpenSink() { sinkNode(this, "request-forgery") }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ class HttpStringLiteral extends StringLiteral {`
`30`	`30`	`abstract class UrlOpenSink extends DataFlow::Node { }`
`31`	`31`
`32`	`32`	`private class DefaultUrlOpenSink extends UrlOpenSink {`
	`33`	`+ // request-forgery sinks control the URL of a request`
`33`	`34`	`DefaultUrlOpenSink() { sinkNode(this, "request-forgery") }`
`34`	`35`	`}`
`35`	`36`