diff --git a/java/ql/lib/change-notes/2026-02-27-micronaut.md b/java/ql/lib/change-notes/2026-02-27-micronaut.md new file mode 100644 index 000000000000..36c978c372a7 --- /dev/null +++ b/java/ql/lib/change-notes/2026-02-27-micronaut.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added modeling for the Micronaut framework, including HTTP controllers, WebSocket endpoints, configuration injection, data access, security annotations, and HTTP client sinks. diff --git a/java/ql/lib/ext/io.micronaut.http.client.model.yml b/java/ql/lib/ext/io.micronaut.http.client.model.yml new file mode 100644 index 000000000000..05741c4902de --- /dev/null +++ b/java/ql/lib/ext/io.micronaut.http.client.model.yml @@ -0,0 +1,33 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # HttpClient.toBlocking() returns BlockingHttpClient; retrieve/exchange with String URL are SSRF sinks + - ["io.micronaut.http.client", "BlockingHttpClient", True, "retrieve", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["io.micronaut.http.client", "BlockingHttpClient", True, "retrieve", "(String,Class)", "", "Argument[0]", "request-forgery", "manual"] + - ["io.micronaut.http.client", "BlockingHttpClient", True, "exchange", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - ["io.micronaut.http.client", "BlockingHttpClient", True, "exchange", "(String,Class)", "", "Argument[0]", "request-forgery", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # HttpClient.toBlocking() taint propagation + - ["io.micronaut.http.client", "HttpClient", True, "toBlocking", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + # HttpRequest.GET/POST/PUT/DELETE/PATCH factory methods propagate URI taint + - ["io.micronaut.http", "HttpRequest", True, "GET", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "POST", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "PUT", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "DELETE", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "PATCH", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "HEAD", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "OPTIONS", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # UriBuilder taint propagation + - ["io.micronaut.http.uri", "UriBuilder", True, "of", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "host", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "path", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "queryParam", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "queryParam", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "fragment", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.uri", "UriBuilder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/lib/ext/io.micronaut.http.model.yml b/java/ql/lib/ext/io.micronaut.http.model.yml new file mode 100644 index 000000000000..53edff0983ec --- /dev/null +++ b/java/ql/lib/ext/io.micronaut.http.model.yml @@ -0,0 +1,38 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["io.micronaut.http", "HttpRequest", True, "getBody", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getParameters", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getCookies", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getUri", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getPath", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getContentType", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getContentLength", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http", "HttpRequest", True, "getMethodName", "", "", "ReturnValue", "remote", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["io.micronaut.http", "HttpHeaders", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpHeaders", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpHeaders", True, "getFirst", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpHeaders", True, "values", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpParameters", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpParameters", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http", "HttpParameters", True, "getFirst", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookies", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookies", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookies", True, "findCookie", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookie", True, "getValue", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookie", True, "getName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookie", True, "getDomain", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["io.micronaut.http.cookie", "Cookie", True, "getPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["io.micronaut.http", "MutableHttpResponse", True, "header", "(CharSequence,CharSequence)", "", "Argument[1]", "response-splitting", "manual"] + - ["io.micronaut.http", "HttpResponse", True, "redirect", "(URI)", "", "Argument[0]", "url-redirection", "manual"] diff --git a/java/ql/lib/ext/io.micronaut.http.multipart.model.yml b/java/ql/lib/ext/io.micronaut.http.multipart.model.yml new file mode 100644 index 000000000000..36116e12f08f --- /dev/null +++ b/java/ql/lib/ext/io.micronaut.http.multipart.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getBytes", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getInputStream", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getFilename", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getContentType", "", "", "ReturnValue", "remote", "manual"] + - ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getSize", "", "", "ReturnValue", "remote", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll index 8c6ac60eb24f..41aca7a05c41 100644 --- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll +++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll @@ -30,6 +30,9 @@ import semmle.code.java.frameworks.Guice import semmle.code.java.frameworks.struts.StrutsActions import semmle.code.java.frameworks.Thrift import semmle.code.java.frameworks.javaee.jsf.JSFRenderer +import semmle.code.java.frameworks.micronaut.MicronautController +import semmle.code.java.frameworks.micronaut.MicronautWebSocket +import semmle.code.java.frameworks.micronaut.MicronautConfig private import semmle.code.java.dataflow.ExternalFlow private import codeql.threatmodels.ThreatModels @@ -187,6 +190,38 @@ private class AndroidExternalStorageSource extends RemoteFlowSource { override string getSourceType() { result = "Android external storage" } } +private class MicronautHttpInputParameterSource extends RemoteFlowSource { + MicronautHttpInputParameterSource() { + this.asParameter() = any(MicronautRequestMappingParameter mrmp | mrmp.isTaintedInput()) + } + + override string getSourceType() { result = "Micronaut HTTP input parameter" } +} + +private class MicronautWebSocketParameterSource extends RemoteFlowSource { + MicronautWebSocketParameterSource() { this.asParameter() instanceof MicronautWebSocketParameter } + + override string getSourceType() { result = "Micronaut WebSocket parameter" } +} + +private class MicronautConfigSource extends LocalUserInput { + MicronautConfigSource() { + this.asExpr() = any(MicronautConfigField f).getAnAccess() + or + this.asParameter() instanceof MicronautConfigParameter + } + + override string getThreatModel() { result = "environment" } +} + +private class MicronautErrorHandlerSource extends RemoteFlowSource { + MicronautErrorHandlerSource() { + this.asParameter() = any(MicronautErrorHandler h).getARemoteParameter() + } + + override string getSourceType() { result = "Micronaut error handler parameter" } +} + /** Class for `tainted` user input. */ abstract class UserInput extends SourceNode { } diff --git a/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautConfig.qll b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautConfig.qll new file mode 100644 index 000000000000..3d1b3c5126b3 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautConfig.qll @@ -0,0 +1,41 @@ +/** Provides classes for identifying Micronaut configuration injection sources. */ +overlay[local?] +module; + +import java + +/** The annotation type `@Value` from `io.micronaut.context.annotation`. */ +class MicronautValueAnnotation extends AnnotationType { + MicronautValueAnnotation() { this.hasQualifiedName("io.micronaut.context.annotation", "Value") } +} + +/** The annotation type `@Property` from `io.micronaut.context.annotation`. */ +class MicronautPropertyAnnotation extends AnnotationType { + MicronautPropertyAnnotation() { + this.hasQualifiedName("io.micronaut.context.annotation", "Property") + } +} + +/** + * A field annotated with Micronaut's `@Value` or `@Property` annotation, + * representing an injected configuration value. + */ +class MicronautConfigField extends Field { + MicronautConfigField() { + this.getAnAnnotation().getType() instanceof MicronautValueAnnotation + or + this.getAnAnnotation().getType() instanceof MicronautPropertyAnnotation + } +} + +/** + * A parameter annotated with Micronaut's `@Value` or `@Property` annotation, + * representing an injected configuration value. + */ +class MicronautConfigParameter extends Parameter { + MicronautConfigParameter() { + this.getAnAnnotation().getType() instanceof MicronautValueAnnotation + or + this.getAnAnnotation().getType() instanceof MicronautPropertyAnnotation + } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautController.qll b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautController.qll new file mode 100644 index 000000000000..5be5308b3661 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautController.qll @@ -0,0 +1,142 @@ +/** + * Provides classes for identifying Micronaut HTTP controllers and their request handling methods. + */ +overlay[local?] +module; + +import java + +/** An annotation type that identifies Micronaut controllers. */ +class MicronautControllerAnnotation extends AnnotationType { + MicronautControllerAnnotation() { + this.hasQualifiedName("io.micronaut.http.annotation", "Controller") + } +} + +/** + * A class annotated as a Micronaut `@Controller`. + */ +class MicronautController extends Class { + MicronautController() { + this.getAnAnnotation().getType() instanceof MicronautControllerAnnotation + } +} + +/** An annotation type that identifies Micronaut HTTP method mappings. */ +class MicronautHttpMethodAnnotation extends AnnotationType { + MicronautHttpMethodAnnotation() { + this.getPackage().hasName("io.micronaut.http.annotation") and + this.hasName([ + "Get", "Post", "Put", "Delete", "Patch", "Head", "Options", "Trace", "CustomHttpMethod" + ]) + } +} + +/** + * A method on a Micronaut controller that is executed in response to an HTTP request. + */ +class MicronautRequestMappingMethod extends Method { + MicronautRequestMappingMethod() { + this.getDeclaringType() instanceof MicronautController and + this.getAnAnnotation().getType() instanceof MicronautHttpMethodAnnotation + } + + /** Gets a request mapping parameter. */ + MicronautRequestMappingParameter getARequestParameter() { result = this.getAParameter() } +} + +/** A Micronaut annotation indicating remote user input from HTTP requests. */ +class MicronautHttpInputAnnotation extends Annotation { + MicronautHttpInputAnnotation() { + exists(AnnotationType a | + a = this.getType() and + a.getPackage().hasName("io.micronaut.http.annotation") + | + a.hasName([ + "PathVariable", "QueryValue", "Body", "Header", "CookieValue", "Part", "RequestAttribute" + ]) + ) + } +} + +/** A parameter of a `MicronautRequestMappingMethod`. */ +class MicronautRequestMappingParameter extends Parameter { + MicronautRequestMappingParameter() { this.getCallable() instanceof MicronautRequestMappingMethod } + + /** Holds if the parameter should not be considered a direct source of taint. */ + predicate isNotDirectlyTaintedInput() { + this.getType().(RefType).getAnAncestor().hasQualifiedName("io.micronaut.http", "HttpResponse") + or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName("io.micronaut.http", "MutableHttpResponse") + or + this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") + or + this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale") + or + this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone") + or + this.getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId") + or + // @Value/@Property parameters are configuration injection, not HTTP input + this.getAnAnnotation() + .getType() + .hasQualifiedName("io.micronaut.context.annotation", ["Value", "Property"]) + } + + private predicate isExplicitlyTaintedInput() { + // The MicronautHttpInputAnnotation allows access to the URI path, + // request parameters, cookie values, headers, and the body of the request. + this.getAnAnnotation() instanceof MicronautHttpInputAnnotation + or + // A @RequestBean parameter binds multiple request attributes into a POJO + this.getAnAnnotation().getType() instanceof MicronautRequestBeanAnnotation + or + // An HttpRequest parameter provides access to request data + this.getType() + .(RefType) + .getASourceSupertype*() + .hasQualifiedName("io.micronaut.http", "HttpRequest") + or + // InputStream or Reader parameters allow access to the body of a request + this.getType().(RefType).getAnAncestor() instanceof TypeInputStream + or + this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader") + } + + /** Holds if the input is tainted (i.e. comes from user-controlled input). */ + predicate isTaintedInput() { + this.isExplicitlyTaintedInput() + or + not this.isNotDirectlyTaintedInput() + } +} + +/** An annotation type that identifies Micronaut error handler methods. */ +class MicronautErrorAnnotation extends AnnotationType { + MicronautErrorAnnotation() { this.hasQualifiedName("io.micronaut.http.annotation", "Error") } +} + +/** A method annotated with Micronaut's `@Error` that handles exceptions. */ +class MicronautErrorHandler extends Method { + MicronautErrorHandler() { this.getAnAnnotation().getType() instanceof MicronautErrorAnnotation } + + /** Gets a parameter that carries user-controlled request data. */ + Parameter getARemoteParameter() { + result = this.getAParameter() and + result + .getType() + .(RefType) + .getASourceSupertype*() + .hasQualifiedName("io.micronaut.http", "HttpRequest") + } +} + +/** An annotation type that identifies Micronaut request bean parameters. */ +class MicronautRequestBeanAnnotation extends AnnotationType { + MicronautRequestBeanAnnotation() { + this.hasQualifiedName("io.micronaut.http.annotation", "RequestBean") + } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautData.qll b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautData.qll new file mode 100644 index 000000000000..0ae6f1e516f9 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautData.qll @@ -0,0 +1,32 @@ +/** Provides classes for identifying Micronaut Data repositories and query annotations. */ +overlay[local?] +module; + +import java + +/** + * The annotation type `@Query` from `io.micronaut.data.annotation`. + */ +class MicronautQueryAnnotation extends AnnotationType { + MicronautQueryAnnotation() { this.hasQualifiedName("io.micronaut.data.annotation", "Query") } +} + +/** + * The annotation type `@Repository` from `io.micronaut.data.annotation`. + */ +class MicronautRepositoryAnnotation extends AnnotationType { + MicronautRepositoryAnnotation() { + this.hasQualifiedName("io.micronaut.data.annotation", "Repository") + } +} + +/** + * A class annotated with Micronaut's `@Repository` annotation. + */ +class MicronautRepositoryClass extends RefType { + MicronautRepositoryClass() { + this.getAnAnnotation().getType() instanceof MicronautRepositoryAnnotation + or + this.getAnAncestor().hasQualifiedName("io.micronaut.data.repository", "GenericRepository") + } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautSecurity.qll b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautSecurity.qll new file mode 100644 index 000000000000..299d64a246e0 --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautSecurity.qll @@ -0,0 +1,38 @@ +/** + * Provides classes for identifying Micronaut Security annotations. + * + * Micronaut Security provides the `@Secured` annotation and integrates + * with standard `@RolesAllowed` for method-level access control. + */ +overlay[local?] +module; + +import java + +/** + * The annotation type `@Secured` from `io.micronaut.security.annotation`. + */ +class MicronautSecuredAnnotation extends AnnotationType { + MicronautSecuredAnnotation() { + this.hasQualifiedName("io.micronaut.security.annotation", "Secured") + } +} + +/** + * A callable (method or constructor) that is annotated with Micronaut's `@Secured` + * annotation, either directly or via its declaring type. + */ +class MicronautSecuredCallable extends Callable { + MicronautSecuredCallable() { + this.getAnAnnotation().getType() instanceof MicronautSecuredAnnotation + or + this.getDeclaringType().getAnAnnotation().getType() instanceof MicronautSecuredAnnotation + } +} + +/** + * A class annotated with Micronaut's `@Secured` annotation. + */ +class MicronautSecuredClass extends Class { + MicronautSecuredClass() { this.getAnAnnotation().getType() instanceof MicronautSecuredAnnotation } +} diff --git a/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautWebSocket.qll b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautWebSocket.qll new file mode 100644 index 000000000000..eafbca58e69c --- /dev/null +++ b/java/ql/lib/semmle/code/java/frameworks/micronaut/MicronautWebSocket.qll @@ -0,0 +1,53 @@ +/** Provides classes for identifying Micronaut WebSocket endpoints. */ +overlay[local?] +module; + +import java + +/** + * The annotation type `@ServerWebSocket` from `io.micronaut.websocket.annotation`. + */ +class MicronautServerWebSocketAnnotation extends AnnotationType { + MicronautServerWebSocketAnnotation() { + this.hasQualifiedName("io.micronaut.websocket.annotation", "ServerWebSocket") + } +} + +/** + * A class annotated with `@ServerWebSocket`, representing a Micronaut WebSocket endpoint. + */ +class MicronautServerWebSocketClass extends Class { + MicronautServerWebSocketClass() { + this.getAnAnnotation().getType() instanceof MicronautServerWebSocketAnnotation + } +} + +/** An annotation type for Micronaut WebSocket message handler methods. */ +class MicronautWebSocketHandlerAnnotation extends AnnotationType { + MicronautWebSocketHandlerAnnotation() { + this.getPackage().hasName("io.micronaut.websocket.annotation") and + this.hasName(["OnMessage", "OnOpen"]) + } +} + +/** + * A method on a Micronaut `@ServerWebSocket` class that handles WebSocket messages. + */ +class MicronautWebSocketMessageHandler extends Method { + MicronautWebSocketMessageHandler() { + this.getDeclaringType() instanceof MicronautServerWebSocketClass and + this.getAnAnnotation().getType() instanceof MicronautWebSocketHandlerAnnotation + } +} + +/** A parameter of a Micronaut WebSocket message handler that receives user-controlled data. */ +class MicronautWebSocketParameter extends Parameter { + MicronautWebSocketParameter() { + this.getCallable() instanceof MicronautWebSocketMessageHandler and + // Exclude WebSocketSession parameters + not this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName("io.micronaut.websocket", "WebSocketSession") + } +} diff --git a/java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java b/java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java new file mode 100644 index 000000000000..4b2367fec27e --- /dev/null +++ b/java/ql/test/library-tests/dataflow/taintsources/MicronautConfig.java @@ -0,0 +1,30 @@ +import io.micronaut.context.annotation.Value; +import io.micronaut.context.annotation.Property; +import io.micronaut.http.annotation.*; + +@Controller("/config") +class MicronautConfig { + + private static void sink(Object o) {} + + @Value("${app.secret}") + String secretValue; + + @Property(name = "app.api-key") + String apiKey; + + @Get("/secret") + void testValueField() { + sink(secretValue); // $hasLocalValueFlow + } + + @Get("/key") + void testPropertyField() { + sink(apiKey); // $hasLocalValueFlow + } + + @Get("/param") + void testValueParam(@Value("${app.name}") String appName) { + sink(appName); // $hasLocalValueFlow + } +} diff --git a/java/ql/test/library-tests/dataflow/taintsources/options b/java/ql/test/library-tests/dataflow/taintsources/options index 1ae3d158cec8..04284151d078 100644 --- a/java/ql/test/library-tests/dataflow/taintsources/options +++ b/java/ql/test/library-tests/dataflow/taintsources/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263 \ No newline at end of file +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/micronaut-4.x \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautConfigTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautConfigTest.java new file mode 100644 index 000000000000..f5e8a36cda80 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautConfigTest.java @@ -0,0 +1,30 @@ +import io.micronaut.context.annotation.Value; +import io.micronaut.context.annotation.Property; +import io.micronaut.http.annotation.*; + +@Controller("/config") +class MicronautConfigTest { + + void sink(Object o) {} + + @Value("${app.secret}") + String secretValue; + + @Property(name = "app.api-key") + String apiKey; + + @Get("/secret") + void testValueField() { + sink(secretValue); + } + + @Get("/key") + void testPropertyField() { + sink(apiKey); + } + + @Get("/param") + void testValueParam(@Value("${app.name}") String appName) { + sink(appName); + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautControllerTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautControllerTest.java new file mode 100644 index 000000000000..3a1b2caaf6a0 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautControllerTest.java @@ -0,0 +1,95 @@ +import io.micronaut.http.annotation.*; +import io.micronaut.http.*; +import java.io.InputStream; +import java.io.Reader; + +@Controller("/test") +class MicronautControllerTest { + + void sink(Object o) {} + + @Get("/path/{id}") + void testPathVariable(@PathVariable String id) { + sink(id); // $hasTaintFlow + } + + @Get("/query") + void testQueryValue(@QueryValue String name) { + sink(name); // $hasTaintFlow + } + + @Post("/body") + void testBody(@Body String body) { + sink(body); // $hasTaintFlow + } + + @Get("/header") + void testHeader(@Header String authorization) { + sink(authorization); // $hasTaintFlow + } + + @Get("/cookie") + void testCookieValue(@CookieValue String sessionId) { + sink(sessionId); // $hasTaintFlow + } + + @Post("/part") + void testPart(@Part String name) { + sink(name); // $hasTaintFlow + } + + @Get("/attr") + void testRequestAttribute(@RequestAttribute String attr) { + sink(attr); // $hasTaintFlow + } + + @Post("/bean") + void testRequestBean(@RequestBean Object bean) { + sink(bean); // $hasTaintFlow + } + + @Get("/implicit") + void testImplicitParam(String implicitParam) { + sink(implicitParam); // $hasTaintFlow + } + + @Get("/request") + void testHttpRequest(HttpRequest request) { + sink(request); // $hasTaintFlow + } + + @Post("/stream") + void testInputStream(InputStream stream) { + sink(stream); // $hasTaintFlow + } + + @Post("/reader") + void testReader(Reader reader) { + sink(reader); // $hasTaintFlow + } + + @Post("/post") + void testPostMethod(@Body String data) { + sink(data); // $hasTaintFlow + } + + @Put("/put") + void testPutMethod(@Body String data) { + sink(data); // $hasTaintFlow + } + + @Delete("/delete/{id}") + void testDeleteMethod(@PathVariable String id) { + sink(id); // $hasTaintFlow + } + + @Patch("/patch") + void testPatchMethod(@Body String data) { + sink(data); // $hasTaintFlow + } + + @io.micronaut.http.annotation.Error + void testErrorHandler(HttpRequest request) { + sink(request); // $hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautFileUploadTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautFileUploadTest.java new file mode 100644 index 000000000000..3ede38626a38 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautFileUploadTest.java @@ -0,0 +1,18 @@ +import io.micronaut.http.annotation.*; +import io.micronaut.http.multipart.CompletedFileUpload; +import java.io.IOException; + +@Controller("/upload") +class MicronautFileUploadTest { + + void sink(Object o) {} + + @Post("/file") + void testFileUpload(CompletedFileUpload file) throws IOException { + sink(file.getFilename()); // $hasTaintFlow + sink(file.getBytes()); // $hasTaintFlow + sink(file.getInputStream()); // $hasTaintFlow + sink(file.getContentType()); // $hasTaintFlow + sink(file.getSize()); // $hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpClientTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpClientTest.java new file mode 100644 index 000000000000..86e045f6f8dd --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpClientTest.java @@ -0,0 +1,106 @@ +import io.micronaut.http.*; +import io.micronaut.http.client.HttpClient; +import io.micronaut.http.client.BlockingHttpClient; +import io.micronaut.http.uri.UriBuilder; +import java.net.URI; + +class MicronautHttpClientTest { + + void sink(Object o) {} + + String taint() { + return null; + } + + HttpClient client; + + void testRetrieveString() { + String url = taint(); + client.toBlocking().retrieve(url); // $hasTaintFlow + } + + void testRetrieveStringClass() { + String url = taint(); + client.toBlocking().retrieve(url, String.class); // $hasTaintFlow + } + + void testExchangeString() { + String url = taint(); + client.toBlocking().exchange(url); // $hasTaintFlow + } + + void testExchangeStringClass() { + String url = taint(); + client.toBlocking().exchange(url, String.class); // $hasTaintFlow + } + + void testGetFactory() { + HttpRequest req = HttpRequest.GET(taint()); + sink(req); // $hasTaintFlow + } + + void testPostFactory() { + HttpRequest req = HttpRequest.POST(taint(), "body"); + sink(req); // $hasTaintFlow + } + + void testPutFactory() { + HttpRequest req = HttpRequest.PUT(taint(), "body"); + sink(req); // $hasTaintFlow + } + + void testDeleteFactory() { + HttpRequest req = HttpRequest.DELETE(taint()); + sink(req); // $hasTaintFlow + } + + void testPatchFactory() { + HttpRequest req = HttpRequest.PATCH(taint(), "body"); + sink(req); // $hasTaintFlow + } + + void testHeadFactory() { + HttpRequest req = HttpRequest.HEAD(taint()); + sink(req); // $hasTaintFlow + } + + void testOptionsFactory() { + HttpRequest req = HttpRequest.OPTIONS(taint()); + sink(req); // $hasTaintFlow + } + + void testUriBuilderOfCharSequence() { + URI uri = UriBuilder.of(taint()).build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderOfUri() { + URI uri = UriBuilder.of(URI.create(taint())).build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderHost() { + URI uri = UriBuilder.of("http://example.com").host(taint()).build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderPath() { + URI uri = UriBuilder.of("http://example.com").path(taint()).build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderQueryParamName() { + URI uri = UriBuilder.of("http://example.com").queryParam(taint(), "value").build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderQueryParamValue() { + URI uri = UriBuilder.of("http://example.com").queryParam("key", taint()).build(); + sink(uri); // $hasTaintFlow + } + + void testUriBuilderFragment() { + URI uri = UriBuilder.of("http://example.com").fragment(taint()).build(); + sink(uri); // $hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpRequestTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpRequestTest.java new file mode 100644 index 000000000000..0fc55343122c --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautHttpRequestTest.java @@ -0,0 +1,67 @@ +import io.micronaut.http.annotation.*; +import io.micronaut.http.*; +import io.micronaut.http.cookie.*; + +@Controller("/http") +class MicronautHttpRequestTest { + + void sink(Object o) {} + + @Get("/headers") + void testHeaders(HttpRequest request) { + sink(request.getHeaders()); // $hasTaintFlow + sink(request.getHeaders().get("X-Custom")); // $hasTaintFlow + sink(request.getHeaders().getAll("X-Custom")); // $hasTaintFlow + sink(request.getHeaders().getFirst("X-Custom")); // $hasTaintFlow + sink(request.getHeaders().values()); // $hasTaintFlow + } + + @Get("/params") + void testParameters(HttpRequest request) { + sink(request.getParameters()); // $hasTaintFlow + sink(request.getParameters().get("q")); // $hasTaintFlow + sink(request.getParameters().getAll("q")); // $hasTaintFlow + sink(request.getParameters().getFirst("q")); // $hasTaintFlow + } + + @Get("/cookies") + void testCookies(HttpRequest request) { + sink(request.getCookies()); // $hasTaintFlow + Cookie cookie = request.getCookies().get("session"); + sink(cookie); // $hasTaintFlow + sink(cookie.getValue()); // $hasTaintFlow + sink(cookie.getName()); // $hasTaintFlow + sink(cookie.getDomain()); // $hasTaintFlow + sink(cookie.getPath()); // $hasTaintFlow + sink(request.getCookies().getAll()); // $hasTaintFlow + sink(request.getCookies().findCookie("session")); // $hasTaintFlow + } + + @Get("/uri") + void testUri(HttpRequest request) { + sink(request.getUri()); // $hasTaintFlow + sink(request.getPath()); // $hasTaintFlow + sink(request.getMethodName()); // $hasTaintFlow + } + + @Post("/body") + void testBody(HttpRequest request) { + sink(request.getBody()); // $hasTaintFlow + } + + @Get("/content") + void testContent(HttpRequest request) { + sink(request.getContentType()); // $hasTaintFlow + sink(request.getContentLength()); // $hasTaintFlow + } + + @Get("/redirect") + HttpResponse testRedirect(HttpRequest request) { + return HttpResponse.redirect(request.getUri()); // $hasTaintFlow + } + + @Get("/header-set") + HttpResponse testHeaderSplitting(HttpRequest request) { + return HttpResponse.ok().header("X-Custom", request.getHeaders().get("User-Input")); // $hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/MicronautWebSocketTest.java b/java/ql/test/library-tests/frameworks/micronaut/MicronautWebSocketTest.java new file mode 100644 index 000000000000..0c46a311b2bd --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/MicronautWebSocketTest.java @@ -0,0 +1,18 @@ +import io.micronaut.websocket.annotation.*; +import io.micronaut.websocket.WebSocketSession; + +@ServerWebSocket("/chat/{room}") +class MicronautWebSocketTest { + + void sink(Object o) {} + + @OnMessage + void onMessage(String message, WebSocketSession session) { + sink(message); // $hasTaintFlow + } + + @OnOpen + void onOpen(String room, WebSocketSession session) { + sink(room); // $hasTaintFlow + } +} diff --git a/java/ql/test/library-tests/frameworks/micronaut/flow.expected b/java/ql/test/library-tests/frameworks/micronaut/flow.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/test/library-tests/frameworks/micronaut/flow.ql b/java/ql/test/library-tests/frameworks/micronaut/flow.ql new file mode 100644 index 000000000000..587269f818c1 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/flow.ql @@ -0,0 +1,25 @@ +import java +import semmle.code.java.security.RequestForgery +import semmle.code.java.security.UrlRedirect +import semmle.code.java.security.ResponseSplitting +import utils.test.InlineFlowTest + +module Config implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodCall).getMethod().hasName("taint") + or + n instanceof ActiveThreatModelSource + } + + predicate isSink(DataFlow::Node n) { + exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument()) + or + n instanceof RequestForgerySink + or + n instanceof UrlRedirectSink + or + n instanceof HeaderSplittingSink + } +} + +import TaintFlowTest diff --git a/java/ql/test/library-tests/frameworks/micronaut/options b/java/ql/test/library-tests/frameworks/micronaut/options new file mode 100644 index 000000000000..1dbd9fc24405 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/micronaut/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/micronaut-4.x diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/MicronautResponseSplitting.java b/java/ql/test/query-tests/security/CWE-113/semmle/tests/MicronautResponseSplitting.java new file mode 100644 index 000000000000..405bb66fcd4f --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/MicronautResponseSplitting.java @@ -0,0 +1,22 @@ +import io.micronaut.http.annotation.Controller; +import io.micronaut.http.annotation.Get; +import io.micronaut.http.annotation.QueryValue; +import io.micronaut.http.HttpResponse; +import io.micronaut.http.MutableHttpResponse; + +@Controller("/headers") +public class MicronautResponseSplitting { + + @Get("/bad") + public MutableHttpResponse bad(@QueryValue String headerValue) { + // BAD: user-controlled header value + return HttpResponse.ok().header("X-Custom", headerValue); + } + + @Get("/good") + public MutableHttpResponse good(@QueryValue String headerValue) { + // GOOD: sanitized header value by replacing line breaks + String sanitized = headerValue.replace('\n', ' ').replace('\r', ' '); + return HttpResponse.ok().header("X-Custom", sanitized); + } +} diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected index ed597e70eb55..ce0916a03236 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.expected @@ -1,20 +1,25 @@ #select +| MicronautResponseSplitting.java:13:53:13:63 | headerValue | MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | MicronautResponseSplitting.java:13:53:13:63 | headerValue | This header depends on a $@, which may cause a response-splitting vulnerability. | MicronautResponseSplitting.java:11:39:11:68 | headerValue | user-provided value | | ResponseSplitting.java:23:23:23:28 | cookie | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:23:23:23:28 | cookie | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:22:39:22:66 | getParameter(...) | user-provided value | | ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:28:38:28:72 | getParameter(...) | user-provided value | | ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:29:38:29:72 | getParameter(...) | user-provided value | | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:53:14:53:48 | getParameter(...) | user-provided value | edges -| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:1 | -| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:3 MaD:5 | -| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:3 | -| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:4 Sink:MaD:2 | +| MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | MicronautResponseSplitting.java:13:53:13:63 | headerValue | provenance | Sink:MaD:1 | +| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:2 | +| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:4 MaD:6 | +| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:4 | +| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:5 Sink:MaD:3 | models -| 1 | Sink: javax.servlet.http; HttpServletResponse; false; addCookie; ; ; Argument[0]; response-splitting; manual | -| 2 | Sink: javax.servlet.http; HttpServletResponse; false; setHeader; ; ; Argument[0..1]; response-splitting; manual | -| 3 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | -| 4 | Summary: java.lang; String; false; replaceFirst; ; ; Argument[this]; ReturnValue; taint; manual | -| 5 | Summary: javax.servlet.http; Cookie; false; Cookie; ; ; Argument[1]; Argument[this]; taint; manual | +| 1 | Sink: io.micronaut.http; MutableHttpResponse; true; header; (CharSequence,CharSequence); ; Argument[1]; response-splitting; manual | +| 2 | Sink: javax.servlet.http; HttpServletResponse; false; addCookie; ; ; Argument[0]; response-splitting; manual | +| 3 | Sink: javax.servlet.http; HttpServletResponse; false; setHeader; ; ; Argument[0..1]; response-splitting; manual | +| 4 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | +| 5 | Summary: java.lang; String; false; replaceFirst; ; ; Argument[this]; ReturnValue; taint; manual | +| 6 | Summary: javax.servlet.http; Cookie; false; Cookie; ; ; Argument[1]; Argument[this]; taint; manual | nodes +| MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | semmle.label | headerValue : String | +| MicronautResponseSplitting.java:13:53:13:63 | headerValue | semmle.label | headerValue | | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie | | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ResponseSplitting.java:23:23:23:28 | cookie | semmle.label | cookie | diff --git a/java/ql/test/query-tests/security/CWE-113/semmle/tests/options b/java/ql/test/query-tests/security/CWE-113/semmle/tests/options index 668a863ac607..2154955f23cb 100644 --- a/java/ql/test/query-tests/security/CWE-113/semmle/tests/options +++ b/java/ql/test/query-tests/security/CWE-113/semmle/tests/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/micronaut-4.x:${testdir}/../../../../../stubs/servlet-api-2.4 diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/MicronautUrlRedirect.java b/java/ql/test/query-tests/security/CWE-601/semmle/tests/MicronautUrlRedirect.java new file mode 100644 index 000000000000..2eeb3b50a113 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/MicronautUrlRedirect.java @@ -0,0 +1,25 @@ +import io.micronaut.http.annotation.Controller; +import io.micronaut.http.annotation.Get; +import io.micronaut.http.annotation.QueryValue; +import io.micronaut.http.HttpResponse; +import io.micronaut.http.MutableHttpResponse; +import java.net.URI; + +@Controller("/redirect") +public class MicronautUrlRedirect { + + @Get("/bad") + public MutableHttpResponse bad(@QueryValue String target) { + // BAD: user-controlled redirect target + return HttpResponse.redirect(URI.create(target)); + } + + @Get("/good") + public MutableHttpResponse good(@QueryValue String target) { + // GOOD: redirect to a fixed URL + if ("home".equals(target)) { + return HttpResponse.redirect(URI.create("/home")); + } + return HttpResponse.ok(); + } +} diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected index fdd602c616bf..79c8258c7ba8 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/UrlRedirect.expected @@ -1,4 +1,5 @@ #select +| MicronautUrlRedirect.java:14:38:14:55 | create(...) | MicronautUrlRedirect.java:12:39:12:63 | target : String | MicronautUrlRedirect.java:14:38:14:55 | create(...) | Untrusted URL redirection depends on a $@. | MicronautUrlRedirect.java:12:39:12:63 | target | user-provided value | | UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect2.java:27:25:27:54 | getParameter(...) | user-provided value | | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:23:25:23:54 | getParameter(...) | user-provided value | | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:32:37:32:66 | getParameter(...) | user-provided value | @@ -6,17 +7,24 @@ | UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:42:43:42:72 | getParameter(...) | user-provided value | | mad/Test.java:14:22:14:38 | (...)... | mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:22:14:38 | (...)... | Untrusted URL redirection depends on a $@. | mad/Test.java:9:16:9:41 | getParameter(...) | user-provided value | edges -| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:2 MaD:3 | -| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:2 | +| MicronautUrlRedirect.java:12:39:12:63 | target : String | MicronautUrlRedirect.java:14:49:14:54 | target : String | provenance | | +| MicronautUrlRedirect.java:14:49:14:54 | target : String | MicronautUrlRedirect.java:14:38:14:55 | create(...) | provenance | MaD:5 Sink:MaD:1 | +| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:3 MaD:4 | +| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:3 | | UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:14 | input : String | provenance | | -| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:3 | -| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:2 | -| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:1 | +| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:4 | +| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:3 | +| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:2 | models -| 1 | Sink: org.kohsuke.stapler; HttpResponses; true; redirectTo; (String); ; Argument[0]; url-redirection; ai-manual | -| 2 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | -| 3 | Summary: java.lang; String; false; replaceAll; ; ; Argument[this]; ReturnValue; taint; manual | +| 1 | Sink: io.micronaut.http; HttpResponse; true; redirect; (URI); ; Argument[0]; url-redirection; manual | +| 2 | Sink: org.kohsuke.stapler; HttpResponses; true; redirectTo; (String); ; Argument[0]; url-redirection; ai-manual | +| 3 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | +| 4 | Summary: java.lang; String; false; replaceAll; ; ; Argument[this]; ReturnValue; taint; manual | +| 5 | Summary: java.net; URI; false; create; ; ; Argument[0]; ReturnValue; taint; manual | nodes +| MicronautUrlRedirect.java:12:39:12:63 | target : String | semmle.label | target : String | +| MicronautUrlRedirect.java:14:38:14:55 | create(...) | semmle.label | create(...) | +| MicronautUrlRedirect.java:14:49:14:54 | target : String | semmle.label | target : String | | UrlRedirect2.java:27:25:27:54 | getParameter(...) | semmle.label | getParameter(...) | | UrlRedirect.java:23:25:23:54 | getParameter(...) | semmle.label | getParameter(...) | | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | semmle.label | weakCleanup(...) | diff --git a/java/ql/test/query-tests/security/CWE-601/semmle/tests/options b/java/ql/test/query-tests/security/CWE-601/semmle/tests/options index 637c329a9143..e0a964b29dc4 100644 --- a/java/ql/test/query-tests/security/CWE-601/semmle/tests/options +++ b/java/ql/test/query-tests/security/CWE-601/semmle/tests/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/micronaut-4.x:${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0 diff --git a/java/ql/test/query-tests/security/CWE-918/MicronautSSRF.java b/java/ql/test/query-tests/security/CWE-918/MicronautSSRF.java new file mode 100644 index 000000000000..128a0cfa710a --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-918/MicronautSSRF.java @@ -0,0 +1,33 @@ +import io.micronaut.http.annotation.Controller; +import io.micronaut.http.annotation.Get; +import io.micronaut.http.annotation.QueryValue; +import io.micronaut.http.client.HttpClient; +import io.micronaut.http.uri.UriBuilder; +import java.net.URI; + +@Controller("/ssrf") +public class MicronautSSRF { + + private HttpClient client; + + @Get("/retrieve") + public String testRetrieve(@QueryValue String url) { // $ Source + return client.toBlocking().retrieve(url); // $ Alert + } + + @Get("/exchange-string") + public Object testExchangeWithString(@QueryValue String url) { // $ Source + return client.toBlocking().exchange(url); // $ Alert + } + + @Get("/retrieve-typed") + public Object testRetrieveTyped(@QueryValue String url) { // $ Source + return client.toBlocking().retrieve(url, String.class); // $ Alert + } + + @Get("/uri-builder") + public String testUriBuilder(@QueryValue String host) { // $ Source + URI uri = UriBuilder.of("http://example.com").host(host).build(); + return client.toBlocking().retrieve(uri.toString()); // $ Alert + } +} diff --git a/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected b/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected index a0bbc205a39f..9c44be4a3867 100644 --- a/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected +++ b/java/ql/test/query-tests/security/CWE-918/RequestForgery.expected @@ -226,6 +226,10 @@ | JdbcUrlSSRF.java:86:19:86:25 | jdbcUrl | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:86:19:86:25 | jdbcUrl | Potential server-side request forgery due to a $@. | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) | user-provided value | | JdbcUrlSSRF.java:87:19:87:25 | jdbcUrl | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:87:19:87:25 | jdbcUrl | Potential server-side request forgery due to a $@. | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) | user-provided value | | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | Potential server-side request forgery due to a $@. | JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) | user-provided value | +| MicronautSSRF.java:15:45:15:47 | url | MicronautSSRF.java:14:32:14:53 | url : String | MicronautSSRF.java:15:45:15:47 | url | Potential server-side request forgery due to a $@. | MicronautSSRF.java:14:32:14:53 | url | user-provided value | +| MicronautSSRF.java:20:45:20:47 | url | MicronautSSRF.java:19:42:19:63 | url : String | MicronautSSRF.java:20:45:20:47 | url | Potential server-side request forgery due to a $@. | MicronautSSRF.java:19:42:19:63 | url | user-provided value | +| MicronautSSRF.java:25:45:25:47 | url | MicronautSSRF.java:24:37:24:58 | url : String | MicronautSSRF.java:25:45:25:47 | url | Potential server-side request forgery due to a $@. | MicronautSSRF.java:24:37:24:58 | url | user-provided value | +| MicronautSSRF.java:31:45:31:58 | toString(...) | MicronautSSRF.java:29:34:29:56 | host : String | MicronautSSRF.java:31:45:31:58 | toString(...) | Potential server-side request forgery due to a $@. | MicronautSSRF.java:29:34:29:56 | host | user-provided value | | ReactiveWebClientSSRF.java:16:52:16:54 | url | ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:16:52:16:54 | url | Potential server-side request forgery due to a $@. | ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) | user-provided value | | ReactiveWebClientSSRF.java:35:30:35:32 | url | ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:35:30:35:32 | url | Potential server-side request forgery due to a $@. | ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) | user-provided value | | SanitizationTests.java:25:52:25:54 | uri | SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:25:52:25:54 | uri | Potential server-side request forgery due to a $@. | SanitizationTests.java:22:31:22:57 | getParameter(...) | user-provided value | @@ -377,1002 +381,1015 @@ | mad/Test.java:107:15:107:31 | (...)... | mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:107:15:107:31 | (...)... | Potential server-side request forgery due to a $@. | mad/Test.java:26:16:26:41 | getParameter(...) | user-provided value | | mad/Test.java:112:15:112:31 | (...)... | mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:112:15:112:31 | (...)... | Potential server-side request forgery due to a $@. | mad/Test.java:26:16:26:41 | getParameter(...) | user-provided value | edges -| ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:28:31:28:34 | sink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:30:43:30:45 | uri | provenance | Sink:MaD:211 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:32:29:32:31 | uri | provenance | Sink:MaD:217 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:34:26:34:28 | uri | provenance | Sink:MaD:212 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:35:26:35:28 | uri | provenance | Sink:MaD:215 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:36:25:36:27 | uri | provenance | Sink:MaD:216 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:37:28:37:30 | uri | provenance | Sink:MaD:210 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:38:29:38:31 | uri | provenance | Sink:MaD:213 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:39:27:39:29 | uri | provenance | Sink:MaD:218 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:40:27:40:29 | uri | provenance | Sink:MaD:214 | +| ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | ApacheHttpSSRF.java:28:31:28:34 | sink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:30:43:30:45 | uri | provenance | Sink:MaD:214 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:32:29:32:31 | uri | provenance | Sink:MaD:220 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:34:26:34:28 | uri | provenance | Sink:MaD:215 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:35:26:35:28 | uri | provenance | Sink:MaD:218 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:36:25:36:27 | uri | provenance | Sink:MaD:219 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:37:28:37:30 | uri | provenance | Sink:MaD:213 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:38:29:38:31 | uri | provenance | Sink:MaD:216 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:39:27:39:29 | uri | provenance | Sink:MaD:221 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:40:27:40:29 | uri | provenance | Sink:MaD:217 | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:42:62:42:64 | uri : URI | provenance | | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:43:41:43:43 | uri : URI | provenance | | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:44:41:44:43 | uri : URI | provenance | | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:46:77:46:79 | uri : URI | provenance | | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:47:56:47:58 | uri : URI | provenance | | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:48:56:48:58 | uri : URI | provenance | | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:50:32:50:34 | uri | provenance | Sink:MaD:220 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:51:33:51:35 | uri | provenance | Sink:MaD:224 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:52:32:52:34 | uri | provenance | Sink:MaD:225 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:53:35:53:37 | uri | provenance | Sink:MaD:219 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:54:36:54:38 | uri | provenance | Sink:MaD:222 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:55:33:55:35 | uri | provenance | Sink:MaD:221 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:56:34:56:36 | uri | provenance | Sink:MaD:227 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:57:34:57:36 | uri | provenance | Sink:MaD:223 | -| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:58:43:58:45 | uri | provenance | Sink:MaD:226 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:50:32:50:34 | uri | provenance | Sink:MaD:223 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:51:33:51:35 | uri | provenance | Sink:MaD:227 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:52:32:52:34 | uri | provenance | Sink:MaD:228 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:53:35:53:37 | uri | provenance | Sink:MaD:222 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:54:36:54:38 | uri | provenance | Sink:MaD:225 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:55:33:55:35 | uri | provenance | Sink:MaD:224 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:56:34:56:36 | uri | provenance | Sink:MaD:230 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:57:34:57:36 | uri | provenance | Sink:MaD:226 | +| ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | ApacheHttpSSRF.java:58:43:58:45 | uri | provenance | Sink:MaD:229 | | ApacheHttpSSRF.java:28:31:28:34 | sink : String | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRF.java:28:31:28:34 | sink : String | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRF.java:42:62:42:64 | uri : URI | ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | provenance | MaD:286 | -| ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | ApacheHttpSSRF.java:42:34:42:82 | new BasicRequestLine(...) | provenance | MaD:295 Sink:MaD:231 | -| ApacheHttpSSRF.java:43:41:43:43 | uri : URI | ApacheHttpSSRF.java:43:41:43:54 | toString(...) | provenance | MaD:286 Sink:MaD:232 | -| ApacheHttpSSRF.java:44:41:44:43 | uri : URI | ApacheHttpSSRF.java:44:41:44:54 | toString(...) | provenance | MaD:286 Sink:MaD:233 | -| ApacheHttpSSRF.java:46:77:46:79 | uri : URI | ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | provenance | MaD:286 | -| ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | ApacheHttpSSRF.java:46:49:46:97 | new BasicRequestLine(...) | provenance | MaD:295 Sink:MaD:228 | -| ApacheHttpSSRF.java:47:56:47:58 | uri : URI | ApacheHttpSSRF.java:47:56:47:69 | toString(...) | provenance | MaD:286 Sink:MaD:229 | -| ApacheHttpSSRF.java:48:56:48:58 | uri : URI | ApacheHttpSSRF.java:48:56:48:69 | toString(...) | provenance | MaD:286 Sink:MaD:230 | -| ApacheHttpSSRFVersion5.java:41:30:41:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | provenance | Src:MaD:277 | +| ApacheHttpSSRF.java:28:31:28:34 | sink : String | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRF.java:42:62:42:64 | uri : URI | ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | provenance | MaD:291 | +| ApacheHttpSSRF.java:42:62:42:75 | toString(...) : String | ApacheHttpSSRF.java:42:34:42:82 | new BasicRequestLine(...) | provenance | MaD:300 Sink:MaD:234 | +| ApacheHttpSSRF.java:43:41:43:43 | uri : URI | ApacheHttpSSRF.java:43:41:43:54 | toString(...) | provenance | MaD:291 Sink:MaD:235 | +| ApacheHttpSSRF.java:44:41:44:43 | uri : URI | ApacheHttpSSRF.java:44:41:44:54 | toString(...) | provenance | MaD:291 Sink:MaD:236 | +| ApacheHttpSSRF.java:46:77:46:79 | uri : URI | ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | provenance | MaD:291 | +| ApacheHttpSSRF.java:46:77:46:90 | toString(...) : String | ApacheHttpSSRF.java:46:49:46:97 | new BasicRequestLine(...) | provenance | MaD:300 Sink:MaD:231 | +| ApacheHttpSSRF.java:47:56:47:58 | uri : URI | ApacheHttpSSRF.java:47:56:47:69 | toString(...) | provenance | MaD:291 Sink:MaD:232 | +| ApacheHttpSSRF.java:48:56:48:58 | uri : URI | ApacheHttpSSRF.java:48:56:48:69 | toString(...) | provenance | MaD:291 Sink:MaD:233 | +| ApacheHttpSSRFVersion5.java:41:30:41:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | provenance | Src:MaD:280 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:49:54:49:56 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:50:54:50:56 | uri | provenance | Sink:MaD:40 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:50:54:50:56 | uri | provenance | Sink:MaD:43 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:51:48:51:50 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:52:48:52:50 | uri | provenance | Sink:MaD:42 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:52:48:52:50 | uri | provenance | Sink:MaD:45 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:55:38:55:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:56:38:56:40 | uri | provenance | Sink:MaD:45 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:56:38:56:40 | uri | provenance | Sink:MaD:48 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:59:35:59:37 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:60:35:60:37 | uri | provenance | Sink:MaD:48 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:60:35:60:37 | uri | provenance | Sink:MaD:51 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:63:36:63:38 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:64:36:64:38 | uri | provenance | Sink:MaD:51 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:64:36:64:38 | uri | provenance | Sink:MaD:54 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:67:39:67:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:68:39:68:41 | uri | provenance | Sink:MaD:54 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:68:39:68:41 | uri | provenance | Sink:MaD:57 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:71:37:71:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:72:37:72:39 | uri | provenance | Sink:MaD:57 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:72:37:72:39 | uri | provenance | Sink:MaD:60 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:75:36:75:38 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:76:36:76:38 | uri | provenance | Sink:MaD:60 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:76:36:76:38 | uri | provenance | Sink:MaD:63 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:79:35:79:37 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:80:35:80:37 | uri | provenance | Sink:MaD:63 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:80:35:80:37 | uri | provenance | Sink:MaD:66 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:83:37:83:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:84:37:84:39 | uri | provenance | Sink:MaD:66 | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:88:51:88:53 | uri | provenance | Sink:MaD:68 | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:92:51:92:53 | uri | provenance | Sink:MaD:70 | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:94:45:94:47 | uri | provenance | Sink:MaD:72 | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:97:54:97:56 | uri | provenance | Sink:MaD:74 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:84:37:84:39 | uri | provenance | Sink:MaD:69 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:88:51:88:53 | uri | provenance | Sink:MaD:71 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:92:51:92:53 | uri | provenance | Sink:MaD:73 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:94:45:94:47 | uri | provenance | Sink:MaD:75 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:97:54:97:56 | uri | provenance | Sink:MaD:77 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:98:48:98:50 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:99:48:99:50 | uri | provenance | Sink:MaD:76 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:99:48:99:50 | uri | provenance | Sink:MaD:79 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:103:55:103:57 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:104:55:104:57 | uri | provenance | Sink:MaD:79 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:104:55:104:57 | uri | provenance | Sink:MaD:82 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:105:49:105:51 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:106:49:106:51 | uri | provenance | Sink:MaD:81 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:106:49:106:51 | uri | provenance | Sink:MaD:84 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:109:39:109:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:110:39:110:41 | uri | provenance | Sink:MaD:84 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:110:39:110:41 | uri | provenance | Sink:MaD:87 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:113:36:113:38 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:114:36:114:38 | uri | provenance | Sink:MaD:87 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:114:36:114:38 | uri | provenance | Sink:MaD:90 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:117:37:117:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:118:37:118:39 | uri | provenance | Sink:MaD:90 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:118:37:118:39 | uri | provenance | Sink:MaD:93 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:121:40:121:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:122:40:122:42 | uri | provenance | Sink:MaD:93 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:122:40:122:42 | uri | provenance | Sink:MaD:96 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:125:38:125:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:126:38:126:40 | uri | provenance | Sink:MaD:96 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:126:38:126:40 | uri | provenance | Sink:MaD:99 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:129:37:129:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:130:37:130:39 | uri | provenance | Sink:MaD:99 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:130:37:130:39 | uri | provenance | Sink:MaD:102 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:133:36:133:38 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:134:36:134:38 | uri | provenance | Sink:MaD:102 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:134:36:134:38 | uri | provenance | Sink:MaD:105 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:137:38:137:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:138:38:138:40 | uri | provenance | Sink:MaD:105 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:138:38:138:40 | uri | provenance | Sink:MaD:108 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:141:41:141:43 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:142:41:142:43 | uri | provenance | Sink:MaD:107 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:142:41:142:43 | uri | provenance | Sink:MaD:110 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:144:38:144:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:145:38:145:40 | uri | provenance | Sink:MaD:109 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:145:38:145:40 | uri | provenance | Sink:MaD:112 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:147:39:147:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:148:39:148:41 | uri | provenance | Sink:MaD:111 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:148:39:148:41 | uri | provenance | Sink:MaD:114 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:150:42:150:44 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:151:42:151:44 | uri | provenance | Sink:MaD:113 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:151:42:151:44 | uri | provenance | Sink:MaD:116 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:153:40:153:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:154:40:154:42 | uri | provenance | Sink:MaD:115 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:154:40:154:42 | uri | provenance | Sink:MaD:118 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:156:39:156:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:157:39:157:41 | uri | provenance | Sink:MaD:117 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:157:39:157:41 | uri | provenance | Sink:MaD:120 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:159:38:159:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:160:38:160:40 | uri | provenance | Sink:MaD:119 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:160:38:160:40 | uri | provenance | Sink:MaD:122 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:164:47:164:49 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:165:47:165:49 | uri | provenance | Sink:MaD:206 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:165:47:165:49 | uri | provenance | Sink:MaD:209 | | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:167:40:167:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:168:40:168:42 | uri | provenance | Sink:MaD:121 | +| ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:168:40:168:42 | uri | provenance | Sink:MaD:124 | | ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:44:31:44:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:48:54:48:57 | host | provenance | Sink:MaD:38 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:54:38:54:41 | host | provenance | Sink:MaD:43 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:58:35:58:38 | host | provenance | Sink:MaD:46 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:62:36:62:39 | host | provenance | Sink:MaD:49 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:66:39:66:42 | host | provenance | Sink:MaD:52 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:70:37:70:40 | host | provenance | Sink:MaD:55 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:74:36:74:39 | host | provenance | Sink:MaD:58 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:78:35:78:38 | host | provenance | Sink:MaD:61 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:82:37:82:40 | host | provenance | Sink:MaD:64 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:87:51:87:54 | host | provenance | Sink:MaD:67 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:91:51:91:54 | host | provenance | Sink:MaD:69 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:93:45:93:48 | host | provenance | Sink:MaD:71 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:96:54:96:57 | host | provenance | Sink:MaD:73 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:102:55:102:58 | host | provenance | Sink:MaD:77 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:108:39:108:42 | host | provenance | Sink:MaD:82 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:112:36:112:39 | host | provenance | Sink:MaD:85 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:116:37:116:40 | host | provenance | Sink:MaD:88 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:120:40:120:43 | host | provenance | Sink:MaD:91 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:124:38:124:41 | host | provenance | Sink:MaD:94 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:128:37:128:40 | host | provenance | Sink:MaD:97 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:132:36:132:39 | host | provenance | Sink:MaD:100 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:136:38:136:41 | host | provenance | Sink:MaD:103 | -| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:162:52:162:55 | host | provenance | Sink:MaD:204 | -| ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 | -| ApacheHttpSSRFVersion5.java:49:54:49:56 | uri : URI | ApacheHttpSSRFVersion5.java:49:54:49:67 | toString(...) | provenance | MaD:286 Sink:MaD:39 | -| ApacheHttpSSRFVersion5.java:51:48:51:50 | uri : URI | ApacheHttpSSRFVersion5.java:51:48:51:61 | toString(...) | provenance | MaD:286 Sink:MaD:41 | -| ApacheHttpSSRFVersion5.java:55:38:55:40 | uri : URI | ApacheHttpSSRFVersion5.java:55:38:55:51 | toString(...) | provenance | MaD:286 Sink:MaD:44 | -| ApacheHttpSSRFVersion5.java:59:35:59:37 | uri : URI | ApacheHttpSSRFVersion5.java:59:35:59:48 | toString(...) | provenance | MaD:286 Sink:MaD:47 | -| ApacheHttpSSRFVersion5.java:63:36:63:38 | uri : URI | ApacheHttpSSRFVersion5.java:63:36:63:49 | toString(...) | provenance | MaD:286 Sink:MaD:50 | -| ApacheHttpSSRFVersion5.java:67:39:67:41 | uri : URI | ApacheHttpSSRFVersion5.java:67:39:67:52 | toString(...) | provenance | MaD:286 Sink:MaD:53 | -| ApacheHttpSSRFVersion5.java:71:37:71:39 | uri : URI | ApacheHttpSSRFVersion5.java:71:37:71:50 | toString(...) | provenance | MaD:286 Sink:MaD:56 | -| ApacheHttpSSRFVersion5.java:75:36:75:38 | uri : URI | ApacheHttpSSRFVersion5.java:75:36:75:49 | toString(...) | provenance | MaD:286 Sink:MaD:59 | -| ApacheHttpSSRFVersion5.java:79:35:79:37 | uri : URI | ApacheHttpSSRFVersion5.java:79:35:79:48 | toString(...) | provenance | MaD:286 Sink:MaD:62 | -| ApacheHttpSSRFVersion5.java:83:37:83:39 | uri : URI | ApacheHttpSSRFVersion5.java:83:37:83:50 | toString(...) | provenance | MaD:286 Sink:MaD:65 | -| ApacheHttpSSRFVersion5.java:98:48:98:50 | uri : URI | ApacheHttpSSRFVersion5.java:98:48:98:61 | toString(...) | provenance | MaD:286 Sink:MaD:75 | -| ApacheHttpSSRFVersion5.java:103:55:103:57 | uri : URI | ApacheHttpSSRFVersion5.java:103:55:103:68 | toString(...) | provenance | MaD:286 Sink:MaD:78 | -| ApacheHttpSSRFVersion5.java:105:49:105:51 | uri : URI | ApacheHttpSSRFVersion5.java:105:49:105:62 | toString(...) | provenance | MaD:286 Sink:MaD:80 | -| ApacheHttpSSRFVersion5.java:109:39:109:41 | uri : URI | ApacheHttpSSRFVersion5.java:109:39:109:52 | toString(...) | provenance | MaD:286 Sink:MaD:83 | -| ApacheHttpSSRFVersion5.java:113:36:113:38 | uri : URI | ApacheHttpSSRFVersion5.java:113:36:113:49 | toString(...) | provenance | MaD:286 Sink:MaD:86 | -| ApacheHttpSSRFVersion5.java:117:37:117:39 | uri : URI | ApacheHttpSSRFVersion5.java:117:37:117:50 | toString(...) | provenance | MaD:286 Sink:MaD:89 | -| ApacheHttpSSRFVersion5.java:121:40:121:42 | uri : URI | ApacheHttpSSRFVersion5.java:121:40:121:53 | toString(...) | provenance | MaD:286 Sink:MaD:92 | -| ApacheHttpSSRFVersion5.java:125:38:125:40 | uri : URI | ApacheHttpSSRFVersion5.java:125:38:125:51 | toString(...) | provenance | MaD:286 Sink:MaD:95 | -| ApacheHttpSSRFVersion5.java:129:37:129:39 | uri : URI | ApacheHttpSSRFVersion5.java:129:37:129:50 | toString(...) | provenance | MaD:286 Sink:MaD:98 | -| ApacheHttpSSRFVersion5.java:133:36:133:38 | uri : URI | ApacheHttpSSRFVersion5.java:133:36:133:49 | toString(...) | provenance | MaD:286 Sink:MaD:101 | -| ApacheHttpSSRFVersion5.java:137:38:137:40 | uri : URI | ApacheHttpSSRFVersion5.java:137:38:137:51 | toString(...) | provenance | MaD:286 Sink:MaD:104 | -| ApacheHttpSSRFVersion5.java:141:41:141:43 | uri : URI | ApacheHttpSSRFVersion5.java:141:41:141:54 | toString(...) | provenance | MaD:286 Sink:MaD:106 | -| ApacheHttpSSRFVersion5.java:144:38:144:40 | uri : URI | ApacheHttpSSRFVersion5.java:144:38:144:51 | toString(...) | provenance | MaD:286 Sink:MaD:108 | -| ApacheHttpSSRFVersion5.java:147:39:147:41 | uri : URI | ApacheHttpSSRFVersion5.java:147:39:147:52 | toString(...) | provenance | MaD:286 Sink:MaD:110 | -| ApacheHttpSSRFVersion5.java:150:42:150:44 | uri : URI | ApacheHttpSSRFVersion5.java:150:42:150:55 | toString(...) | provenance | MaD:286 Sink:MaD:112 | -| ApacheHttpSSRFVersion5.java:153:40:153:42 | uri : URI | ApacheHttpSSRFVersion5.java:153:40:153:53 | toString(...) | provenance | MaD:286 Sink:MaD:114 | -| ApacheHttpSSRFVersion5.java:156:39:156:41 | uri : URI | ApacheHttpSSRFVersion5.java:156:39:156:52 | toString(...) | provenance | MaD:286 Sink:MaD:116 | -| ApacheHttpSSRFVersion5.java:159:38:159:40 | uri : URI | ApacheHttpSSRFVersion5.java:159:38:159:51 | toString(...) | provenance | MaD:286 Sink:MaD:118 | -| ApacheHttpSSRFVersion5.java:164:47:164:49 | uri : URI | ApacheHttpSSRFVersion5.java:164:47:164:60 | toString(...) | provenance | MaD:286 Sink:MaD:205 | -| ApacheHttpSSRFVersion5.java:167:40:167:42 | uri : URI | ApacheHttpSSRFVersion5.java:167:40:167:53 | toString(...) | provenance | MaD:286 Sink:MaD:120 | -| ApacheHttpSSRFVersion5.java:180:30:180:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:181:31:181:37 | uriSink : String | provenance | Src:MaD:277 | +| ApacheHttpSSRFVersion5.java:42:31:42:37 | uriSink : String | ApacheHttpSSRFVersion5.java:42:23:42:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:44:31:44:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:48:54:48:57 | host | provenance | Sink:MaD:41 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:54:38:54:41 | host | provenance | Sink:MaD:46 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:58:35:58:38 | host | provenance | Sink:MaD:49 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:62:36:62:39 | host | provenance | Sink:MaD:52 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:66:39:66:42 | host | provenance | Sink:MaD:55 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:70:37:70:40 | host | provenance | Sink:MaD:58 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:74:36:74:39 | host | provenance | Sink:MaD:61 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:78:35:78:38 | host | provenance | Sink:MaD:64 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:82:37:82:40 | host | provenance | Sink:MaD:67 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:87:51:87:54 | host | provenance | Sink:MaD:70 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:91:51:91:54 | host | provenance | Sink:MaD:72 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:93:45:93:48 | host | provenance | Sink:MaD:74 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:96:54:96:57 | host | provenance | Sink:MaD:76 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:102:55:102:58 | host | provenance | Sink:MaD:80 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:108:39:108:42 | host | provenance | Sink:MaD:85 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:112:36:112:39 | host | provenance | Sink:MaD:88 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:116:37:116:40 | host | provenance | Sink:MaD:91 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:120:40:120:43 | host | provenance | Sink:MaD:94 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:124:38:124:41 | host | provenance | Sink:MaD:97 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:128:37:128:40 | host | provenance | Sink:MaD:100 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:132:36:132:39 | host | provenance | Sink:MaD:103 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:136:38:136:41 | host | provenance | Sink:MaD:106 | +| ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:162:52:162:55 | host | provenance | Sink:MaD:207 | +| ApacheHttpSSRFVersion5.java:45:42:45:49 | hostSink : String | ApacheHttpSSRFVersion5.java:45:29:45:50 | new HttpHost(...) : HttpHost | provenance | MaD:299 | +| ApacheHttpSSRFVersion5.java:49:54:49:56 | uri : URI | ApacheHttpSSRFVersion5.java:49:54:49:67 | toString(...) | provenance | MaD:291 Sink:MaD:42 | +| ApacheHttpSSRFVersion5.java:51:48:51:50 | uri : URI | ApacheHttpSSRFVersion5.java:51:48:51:61 | toString(...) | provenance | MaD:291 Sink:MaD:44 | +| ApacheHttpSSRFVersion5.java:55:38:55:40 | uri : URI | ApacheHttpSSRFVersion5.java:55:38:55:51 | toString(...) | provenance | MaD:291 Sink:MaD:47 | +| ApacheHttpSSRFVersion5.java:59:35:59:37 | uri : URI | ApacheHttpSSRFVersion5.java:59:35:59:48 | toString(...) | provenance | MaD:291 Sink:MaD:50 | +| ApacheHttpSSRFVersion5.java:63:36:63:38 | uri : URI | ApacheHttpSSRFVersion5.java:63:36:63:49 | toString(...) | provenance | MaD:291 Sink:MaD:53 | +| ApacheHttpSSRFVersion5.java:67:39:67:41 | uri : URI | ApacheHttpSSRFVersion5.java:67:39:67:52 | toString(...) | provenance | MaD:291 Sink:MaD:56 | +| ApacheHttpSSRFVersion5.java:71:37:71:39 | uri : URI | ApacheHttpSSRFVersion5.java:71:37:71:50 | toString(...) | provenance | MaD:291 Sink:MaD:59 | +| ApacheHttpSSRFVersion5.java:75:36:75:38 | uri : URI | ApacheHttpSSRFVersion5.java:75:36:75:49 | toString(...) | provenance | MaD:291 Sink:MaD:62 | +| ApacheHttpSSRFVersion5.java:79:35:79:37 | uri : URI | ApacheHttpSSRFVersion5.java:79:35:79:48 | toString(...) | provenance | MaD:291 Sink:MaD:65 | +| ApacheHttpSSRFVersion5.java:83:37:83:39 | uri : URI | ApacheHttpSSRFVersion5.java:83:37:83:50 | toString(...) | provenance | MaD:291 Sink:MaD:68 | +| ApacheHttpSSRFVersion5.java:98:48:98:50 | uri : URI | ApacheHttpSSRFVersion5.java:98:48:98:61 | toString(...) | provenance | MaD:291 Sink:MaD:78 | +| ApacheHttpSSRFVersion5.java:103:55:103:57 | uri : URI | ApacheHttpSSRFVersion5.java:103:55:103:68 | toString(...) | provenance | MaD:291 Sink:MaD:81 | +| ApacheHttpSSRFVersion5.java:105:49:105:51 | uri : URI | ApacheHttpSSRFVersion5.java:105:49:105:62 | toString(...) | provenance | MaD:291 Sink:MaD:83 | +| ApacheHttpSSRFVersion5.java:109:39:109:41 | uri : URI | ApacheHttpSSRFVersion5.java:109:39:109:52 | toString(...) | provenance | MaD:291 Sink:MaD:86 | +| ApacheHttpSSRFVersion5.java:113:36:113:38 | uri : URI | ApacheHttpSSRFVersion5.java:113:36:113:49 | toString(...) | provenance | MaD:291 Sink:MaD:89 | +| ApacheHttpSSRFVersion5.java:117:37:117:39 | uri : URI | ApacheHttpSSRFVersion5.java:117:37:117:50 | toString(...) | provenance | MaD:291 Sink:MaD:92 | +| ApacheHttpSSRFVersion5.java:121:40:121:42 | uri : URI | ApacheHttpSSRFVersion5.java:121:40:121:53 | toString(...) | provenance | MaD:291 Sink:MaD:95 | +| ApacheHttpSSRFVersion5.java:125:38:125:40 | uri : URI | ApacheHttpSSRFVersion5.java:125:38:125:51 | toString(...) | provenance | MaD:291 Sink:MaD:98 | +| ApacheHttpSSRFVersion5.java:129:37:129:39 | uri : URI | ApacheHttpSSRFVersion5.java:129:37:129:50 | toString(...) | provenance | MaD:291 Sink:MaD:101 | +| ApacheHttpSSRFVersion5.java:133:36:133:38 | uri : URI | ApacheHttpSSRFVersion5.java:133:36:133:49 | toString(...) | provenance | MaD:291 Sink:MaD:104 | +| ApacheHttpSSRFVersion5.java:137:38:137:40 | uri : URI | ApacheHttpSSRFVersion5.java:137:38:137:51 | toString(...) | provenance | MaD:291 Sink:MaD:107 | +| ApacheHttpSSRFVersion5.java:141:41:141:43 | uri : URI | ApacheHttpSSRFVersion5.java:141:41:141:54 | toString(...) | provenance | MaD:291 Sink:MaD:109 | +| ApacheHttpSSRFVersion5.java:144:38:144:40 | uri : URI | ApacheHttpSSRFVersion5.java:144:38:144:51 | toString(...) | provenance | MaD:291 Sink:MaD:111 | +| ApacheHttpSSRFVersion5.java:147:39:147:41 | uri : URI | ApacheHttpSSRFVersion5.java:147:39:147:52 | toString(...) | provenance | MaD:291 Sink:MaD:113 | +| ApacheHttpSSRFVersion5.java:150:42:150:44 | uri : URI | ApacheHttpSSRFVersion5.java:150:42:150:55 | toString(...) | provenance | MaD:291 Sink:MaD:115 | +| ApacheHttpSSRFVersion5.java:153:40:153:42 | uri : URI | ApacheHttpSSRFVersion5.java:153:40:153:53 | toString(...) | provenance | MaD:291 Sink:MaD:117 | +| ApacheHttpSSRFVersion5.java:156:39:156:41 | uri : URI | ApacheHttpSSRFVersion5.java:156:39:156:52 | toString(...) | provenance | MaD:291 Sink:MaD:119 | +| ApacheHttpSSRFVersion5.java:159:38:159:40 | uri : URI | ApacheHttpSSRFVersion5.java:159:38:159:51 | toString(...) | provenance | MaD:291 Sink:MaD:121 | +| ApacheHttpSSRFVersion5.java:164:47:164:49 | uri : URI | ApacheHttpSSRFVersion5.java:164:47:164:60 | toString(...) | provenance | MaD:291 Sink:MaD:208 | +| ApacheHttpSSRFVersion5.java:167:40:167:42 | uri : URI | ApacheHttpSSRFVersion5.java:167:40:167:53 | toString(...) | provenance | MaD:291 Sink:MaD:123 | +| ApacheHttpSSRFVersion5.java:180:30:180:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:181:31:181:37 | uriSink : String | provenance | Src:MaD:280 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:184:56:184:58 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:185:56:185:58 | uri | provenance | Sink:MaD:123 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:185:56:185:58 | uri | provenance | Sink:MaD:126 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:186:50:186:52 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:187:50:187:52 | uri | provenance | Sink:MaD:125 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:187:50:187:52 | uri | provenance | Sink:MaD:128 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:189:40:189:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:190:40:190:42 | uri | provenance | Sink:MaD:127 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:190:40:190:42 | uri | provenance | Sink:MaD:130 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:192:37:192:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:193:37:193:39 | uri | provenance | Sink:MaD:129 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:193:37:193:39 | uri | provenance | Sink:MaD:132 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:195:38:195:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:196:38:196:40 | uri | provenance | Sink:MaD:131 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:196:38:196:40 | uri | provenance | Sink:MaD:134 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:198:41:198:43 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:199:41:199:43 | uri | provenance | Sink:MaD:133 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:199:41:199:43 | uri | provenance | Sink:MaD:136 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:201:39:201:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:202:39:202:41 | uri | provenance | Sink:MaD:135 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:202:39:202:41 | uri | provenance | Sink:MaD:138 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:204:38:204:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:205:38:205:40 | uri | provenance | Sink:MaD:137 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:205:38:205:40 | uri | provenance | Sink:MaD:140 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:207:37:207:39 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:208:37:208:39 | uri | provenance | Sink:MaD:139 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:208:37:208:39 | uri | provenance | Sink:MaD:142 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:210:39:210:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:211:39:211:41 | uri | provenance | Sink:MaD:141 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:211:39:211:41 | uri | provenance | Sink:MaD:144 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:214:28:214:30 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:215:28:215:30 | uri | provenance | Sink:MaD:143 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:215:28:215:30 | uri | provenance | Sink:MaD:146 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:217:25:217:27 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:218:25:218:27 | uri | provenance | Sink:MaD:145 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:218:25:218:27 | uri | provenance | Sink:MaD:148 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:220:26:220:28 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:221:26:221:28 | uri | provenance | Sink:MaD:147 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:221:26:221:28 | uri | provenance | Sink:MaD:150 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:223:29:223:31 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:224:29:224:31 | uri | provenance | Sink:MaD:149 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:224:29:224:31 | uri | provenance | Sink:MaD:152 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:226:27:226:29 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:227:27:227:29 | uri | provenance | Sink:MaD:151 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:227:27:227:29 | uri | provenance | Sink:MaD:154 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:229:26:229:28 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:230:26:230:28 | uri | provenance | Sink:MaD:153 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:230:26:230:28 | uri | provenance | Sink:MaD:156 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:232:25:232:27 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:233:25:233:27 | uri | provenance | Sink:MaD:155 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:233:25:233:27 | uri | provenance | Sink:MaD:158 | | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:235:27:235:29 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:236:27:236:29 | uri | provenance | Sink:MaD:157 | -| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:239:46:239:48 | uri | provenance | Sink:MaD:158 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:236:27:236:29 | uri | provenance | Sink:MaD:160 | +| ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:239:46:239:48 | uri | provenance | Sink:MaD:161 | | ApacheHttpSSRFVersion5.java:181:31:181:37 | uriSink : String | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:181:31:181:37 | uriSink : String | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:184:56:184:58 | uri : URI | ApacheHttpSSRFVersion5.java:184:56:184:69 | toString(...) | provenance | MaD:286 Sink:MaD:122 | -| ApacheHttpSSRFVersion5.java:186:50:186:52 | uri : URI | ApacheHttpSSRFVersion5.java:186:50:186:63 | toString(...) | provenance | MaD:286 Sink:MaD:124 | -| ApacheHttpSSRFVersion5.java:189:40:189:42 | uri : URI | ApacheHttpSSRFVersion5.java:189:40:189:53 | toString(...) | provenance | MaD:286 Sink:MaD:126 | -| ApacheHttpSSRFVersion5.java:192:37:192:39 | uri : URI | ApacheHttpSSRFVersion5.java:192:37:192:50 | toString(...) | provenance | MaD:286 Sink:MaD:128 | -| ApacheHttpSSRFVersion5.java:195:38:195:40 | uri : URI | ApacheHttpSSRFVersion5.java:195:38:195:51 | toString(...) | provenance | MaD:286 Sink:MaD:130 | -| ApacheHttpSSRFVersion5.java:198:41:198:43 | uri : URI | ApacheHttpSSRFVersion5.java:198:41:198:54 | toString(...) | provenance | MaD:286 Sink:MaD:132 | -| ApacheHttpSSRFVersion5.java:201:39:201:41 | uri : URI | ApacheHttpSSRFVersion5.java:201:39:201:52 | toString(...) | provenance | MaD:286 Sink:MaD:134 | -| ApacheHttpSSRFVersion5.java:204:38:204:40 | uri : URI | ApacheHttpSSRFVersion5.java:204:38:204:51 | toString(...) | provenance | MaD:286 Sink:MaD:136 | -| ApacheHttpSSRFVersion5.java:207:37:207:39 | uri : URI | ApacheHttpSSRFVersion5.java:207:37:207:50 | toString(...) | provenance | MaD:286 Sink:MaD:138 | -| ApacheHttpSSRFVersion5.java:210:39:210:41 | uri : URI | ApacheHttpSSRFVersion5.java:210:39:210:52 | toString(...) | provenance | MaD:286 Sink:MaD:140 | -| ApacheHttpSSRFVersion5.java:214:28:214:30 | uri : URI | ApacheHttpSSRFVersion5.java:214:28:214:41 | toString(...) | provenance | MaD:286 Sink:MaD:142 | -| ApacheHttpSSRFVersion5.java:217:25:217:27 | uri : URI | ApacheHttpSSRFVersion5.java:217:25:217:38 | toString(...) | provenance | MaD:286 Sink:MaD:144 | -| ApacheHttpSSRFVersion5.java:220:26:220:28 | uri : URI | ApacheHttpSSRFVersion5.java:220:26:220:39 | toString(...) | provenance | MaD:286 Sink:MaD:146 | -| ApacheHttpSSRFVersion5.java:223:29:223:31 | uri : URI | ApacheHttpSSRFVersion5.java:223:29:223:42 | toString(...) | provenance | MaD:286 Sink:MaD:148 | -| ApacheHttpSSRFVersion5.java:226:27:226:29 | uri : URI | ApacheHttpSSRFVersion5.java:226:27:226:40 | toString(...) | provenance | MaD:286 Sink:MaD:150 | -| ApacheHttpSSRFVersion5.java:229:26:229:28 | uri : URI | ApacheHttpSSRFVersion5.java:229:26:229:39 | toString(...) | provenance | MaD:286 Sink:MaD:152 | -| ApacheHttpSSRFVersion5.java:232:25:232:27 | uri : URI | ApacheHttpSSRFVersion5.java:232:25:232:38 | toString(...) | provenance | MaD:286 Sink:MaD:154 | -| ApacheHttpSSRFVersion5.java:235:27:235:29 | uri : URI | ApacheHttpSSRFVersion5.java:235:27:235:40 | toString(...) | provenance | MaD:286 Sink:MaD:156 | -| ApacheHttpSSRFVersion5.java:251:30:251:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:252:31:252:37 | uriSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:255:44:255:46 | uri | provenance | Sink:MaD:159 | +| ApacheHttpSSRFVersion5.java:181:31:181:37 | uriSink : String | ApacheHttpSSRFVersion5.java:181:23:181:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:184:56:184:58 | uri : URI | ApacheHttpSSRFVersion5.java:184:56:184:69 | toString(...) | provenance | MaD:291 Sink:MaD:125 | +| ApacheHttpSSRFVersion5.java:186:50:186:52 | uri : URI | ApacheHttpSSRFVersion5.java:186:50:186:63 | toString(...) | provenance | MaD:291 Sink:MaD:127 | +| ApacheHttpSSRFVersion5.java:189:40:189:42 | uri : URI | ApacheHttpSSRFVersion5.java:189:40:189:53 | toString(...) | provenance | MaD:291 Sink:MaD:129 | +| ApacheHttpSSRFVersion5.java:192:37:192:39 | uri : URI | ApacheHttpSSRFVersion5.java:192:37:192:50 | toString(...) | provenance | MaD:291 Sink:MaD:131 | +| ApacheHttpSSRFVersion5.java:195:38:195:40 | uri : URI | ApacheHttpSSRFVersion5.java:195:38:195:51 | toString(...) | provenance | MaD:291 Sink:MaD:133 | +| ApacheHttpSSRFVersion5.java:198:41:198:43 | uri : URI | ApacheHttpSSRFVersion5.java:198:41:198:54 | toString(...) | provenance | MaD:291 Sink:MaD:135 | +| ApacheHttpSSRFVersion5.java:201:39:201:41 | uri : URI | ApacheHttpSSRFVersion5.java:201:39:201:52 | toString(...) | provenance | MaD:291 Sink:MaD:137 | +| ApacheHttpSSRFVersion5.java:204:38:204:40 | uri : URI | ApacheHttpSSRFVersion5.java:204:38:204:51 | toString(...) | provenance | MaD:291 Sink:MaD:139 | +| ApacheHttpSSRFVersion5.java:207:37:207:39 | uri : URI | ApacheHttpSSRFVersion5.java:207:37:207:50 | toString(...) | provenance | MaD:291 Sink:MaD:141 | +| ApacheHttpSSRFVersion5.java:210:39:210:41 | uri : URI | ApacheHttpSSRFVersion5.java:210:39:210:52 | toString(...) | provenance | MaD:291 Sink:MaD:143 | +| ApacheHttpSSRFVersion5.java:214:28:214:30 | uri : URI | ApacheHttpSSRFVersion5.java:214:28:214:41 | toString(...) | provenance | MaD:291 Sink:MaD:145 | +| ApacheHttpSSRFVersion5.java:217:25:217:27 | uri : URI | ApacheHttpSSRFVersion5.java:217:25:217:38 | toString(...) | provenance | MaD:291 Sink:MaD:147 | +| ApacheHttpSSRFVersion5.java:220:26:220:28 | uri : URI | ApacheHttpSSRFVersion5.java:220:26:220:39 | toString(...) | provenance | MaD:291 Sink:MaD:149 | +| ApacheHttpSSRFVersion5.java:223:29:223:31 | uri : URI | ApacheHttpSSRFVersion5.java:223:29:223:42 | toString(...) | provenance | MaD:291 Sink:MaD:151 | +| ApacheHttpSSRFVersion5.java:226:27:226:29 | uri : URI | ApacheHttpSSRFVersion5.java:226:27:226:40 | toString(...) | provenance | MaD:291 Sink:MaD:153 | +| ApacheHttpSSRFVersion5.java:229:26:229:28 | uri : URI | ApacheHttpSSRFVersion5.java:229:26:229:39 | toString(...) | provenance | MaD:291 Sink:MaD:155 | +| ApacheHttpSSRFVersion5.java:232:25:232:27 | uri : URI | ApacheHttpSSRFVersion5.java:232:25:232:38 | toString(...) | provenance | MaD:291 Sink:MaD:157 | +| ApacheHttpSSRFVersion5.java:235:27:235:29 | uri : URI | ApacheHttpSSRFVersion5.java:235:27:235:40 | toString(...) | provenance | MaD:291 Sink:MaD:159 | +| ApacheHttpSSRFVersion5.java:251:30:251:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:252:31:252:37 | uriSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:255:44:255:46 | uri | provenance | Sink:MaD:162 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:256:38:256:40 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:257:38:257:40 | uri | provenance | Sink:MaD:161 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:257:38:257:40 | uri | provenance | Sink:MaD:164 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:259:28:259:30 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:260:28:260:30 | uri | provenance | Sink:MaD:163 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:260:28:260:30 | uri | provenance | Sink:MaD:166 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:262:25:262:27 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:263:25:263:27 | uri | provenance | Sink:MaD:165 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:263:25:263:27 | uri | provenance | Sink:MaD:168 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:265:26:265:28 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:266:26:266:28 | uri | provenance | Sink:MaD:167 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:266:26:266:28 | uri | provenance | Sink:MaD:170 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:268:29:268:31 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:269:29:269:31 | uri | provenance | Sink:MaD:169 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:269:29:269:31 | uri | provenance | Sink:MaD:172 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:271:27:271:29 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:272:27:272:29 | uri | provenance | Sink:MaD:171 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:272:27:272:29 | uri | provenance | Sink:MaD:174 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:274:26:274:28 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:275:26:275:28 | uri | provenance | Sink:MaD:173 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:275:26:275:28 | uri | provenance | Sink:MaD:176 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:277:25:277:27 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:278:25:278:27 | uri | provenance | Sink:MaD:175 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:278:25:278:27 | uri | provenance | Sink:MaD:178 | | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:280:27:280:29 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:281:27:281:29 | uri | provenance | Sink:MaD:177 | +| ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:281:27:281:29 | uri | provenance | Sink:MaD:180 | | ApacheHttpSSRFVersion5.java:252:31:252:37 | uriSink : String | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:252:31:252:37 | uriSink : String | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:256:38:256:40 | uri : URI | ApacheHttpSSRFVersion5.java:256:38:256:51 | toString(...) | provenance | MaD:286 Sink:MaD:160 | -| ApacheHttpSSRFVersion5.java:259:28:259:30 | uri : URI | ApacheHttpSSRFVersion5.java:259:28:259:41 | toString(...) | provenance | MaD:286 Sink:MaD:162 | -| ApacheHttpSSRFVersion5.java:262:25:262:27 | uri : URI | ApacheHttpSSRFVersion5.java:262:25:262:38 | toString(...) | provenance | MaD:286 Sink:MaD:164 | -| ApacheHttpSSRFVersion5.java:265:26:265:28 | uri : URI | ApacheHttpSSRFVersion5.java:265:26:265:39 | toString(...) | provenance | MaD:286 Sink:MaD:166 | -| ApacheHttpSSRFVersion5.java:268:29:268:31 | uri : URI | ApacheHttpSSRFVersion5.java:268:29:268:42 | toString(...) | provenance | MaD:286 Sink:MaD:168 | -| ApacheHttpSSRFVersion5.java:271:27:271:29 | uri : URI | ApacheHttpSSRFVersion5.java:271:27:271:40 | toString(...) | provenance | MaD:286 Sink:MaD:170 | -| ApacheHttpSSRFVersion5.java:274:26:274:28 | uri : URI | ApacheHttpSSRFVersion5.java:274:26:274:39 | toString(...) | provenance | MaD:286 Sink:MaD:172 | -| ApacheHttpSSRFVersion5.java:277:25:277:27 | uri : URI | ApacheHttpSSRFVersion5.java:277:25:277:38 | toString(...) | provenance | MaD:286 Sink:MaD:174 | -| ApacheHttpSSRFVersion5.java:280:27:280:29 | uri : URI | ApacheHttpSSRFVersion5.java:280:27:280:40 | toString(...) | provenance | MaD:286 Sink:MaD:176 | -| ApacheHttpSSRFVersion5.java:295:30:295:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:296:31:296:37 | uriSink : String | provenance | Src:MaD:277 | +| ApacheHttpSSRFVersion5.java:252:31:252:37 | uriSink : String | ApacheHttpSSRFVersion5.java:252:23:252:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:256:38:256:40 | uri : URI | ApacheHttpSSRFVersion5.java:256:38:256:51 | toString(...) | provenance | MaD:291 Sink:MaD:163 | +| ApacheHttpSSRFVersion5.java:259:28:259:30 | uri : URI | ApacheHttpSSRFVersion5.java:259:28:259:41 | toString(...) | provenance | MaD:291 Sink:MaD:165 | +| ApacheHttpSSRFVersion5.java:262:25:262:27 | uri : URI | ApacheHttpSSRFVersion5.java:262:25:262:38 | toString(...) | provenance | MaD:291 Sink:MaD:167 | +| ApacheHttpSSRFVersion5.java:265:26:265:28 | uri : URI | ApacheHttpSSRFVersion5.java:265:26:265:39 | toString(...) | provenance | MaD:291 Sink:MaD:169 | +| ApacheHttpSSRFVersion5.java:268:29:268:31 | uri : URI | ApacheHttpSSRFVersion5.java:268:29:268:42 | toString(...) | provenance | MaD:291 Sink:MaD:171 | +| ApacheHttpSSRFVersion5.java:271:27:271:29 | uri : URI | ApacheHttpSSRFVersion5.java:271:27:271:40 | toString(...) | provenance | MaD:291 Sink:MaD:173 | +| ApacheHttpSSRFVersion5.java:274:26:274:28 | uri : URI | ApacheHttpSSRFVersion5.java:274:26:274:39 | toString(...) | provenance | MaD:291 Sink:MaD:175 | +| ApacheHttpSSRFVersion5.java:277:25:277:27 | uri : URI | ApacheHttpSSRFVersion5.java:277:25:277:38 | toString(...) | provenance | MaD:291 Sink:MaD:177 | +| ApacheHttpSSRFVersion5.java:280:27:280:29 | uri : URI | ApacheHttpSSRFVersion5.java:280:27:280:40 | toString(...) | provenance | MaD:291 Sink:MaD:179 | +| ApacheHttpSSRFVersion5.java:295:30:295:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:296:31:296:37 | uriSink : String | provenance | Src:MaD:280 | | ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:308:60:308:62 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:309:60:309:62 | uri | provenance | Sink:MaD:209 | +| ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:309:60:309:62 | uri | provenance | Sink:MaD:212 | | ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:313:53:313:55 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:314:53:314:55 | uri | provenance | Sink:MaD:209 | +| ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:314:53:314:55 | uri | provenance | Sink:MaD:212 | | ApacheHttpSSRFVersion5.java:296:31:296:37 | uriSink : String | ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:296:31:296:37 | uriSink : String | ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:298:31:298:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:303:34:303:37 | host | provenance | Sink:MaD:178 | -| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:304:34:304:37 | host | provenance | Sink:MaD:179 | -| ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 | -| ApacheHttpSSRFVersion5.java:308:60:308:62 | uri : URI | ApacheHttpSSRFVersion5.java:308:60:308:73 | toString(...) | provenance | MaD:286 Sink:MaD:208 | -| ApacheHttpSSRFVersion5.java:313:53:313:55 | uri : URI | ApacheHttpSSRFVersion5.java:313:53:313:66 | toString(...) | provenance | MaD:286 Sink:MaD:208 | -| ApacheHttpSSRFVersion5.java:326:30:326:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | provenance | Src:MaD:277 | +| ApacheHttpSSRFVersion5.java:296:31:296:37 | uriSink : String | ApacheHttpSSRFVersion5.java:296:23:296:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:298:31:298:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:303:34:303:37 | host | provenance | Sink:MaD:181 | +| ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:304:34:304:37 | host | provenance | Sink:MaD:182 | +| ApacheHttpSSRFVersion5.java:299:42:299:49 | hostSink : String | ApacheHttpSSRFVersion5.java:299:29:299:50 | new HttpHost(...) : HttpHost | provenance | MaD:299 | +| ApacheHttpSSRFVersion5.java:308:60:308:62 | uri : URI | ApacheHttpSSRFVersion5.java:308:60:308:73 | toString(...) | provenance | MaD:291 Sink:MaD:211 | +| ApacheHttpSSRFVersion5.java:313:53:313:55 | uri : URI | ApacheHttpSSRFVersion5.java:313:53:313:66 | toString(...) | provenance | MaD:291 Sink:MaD:211 | +| ApacheHttpSSRFVersion5.java:326:30:326:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | provenance | Src:MaD:280 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:333:42:333:44 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:334:42:334:44 | uri | provenance | Sink:MaD:181 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:334:42:334:44 | uri | provenance | Sink:MaD:184 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:336:39:336:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:337:39:337:41 | uri | provenance | Sink:MaD:183 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:337:39:337:41 | uri | provenance | Sink:MaD:186 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:339:40:339:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:340:40:340:42 | uri | provenance | Sink:MaD:185 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:340:40:340:42 | uri | provenance | Sink:MaD:188 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:342:43:342:45 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:343:43:343:45 | uri | provenance | Sink:MaD:187 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:343:43:343:45 | uri | provenance | Sink:MaD:190 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:345:41:345:43 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:346:41:346:43 | uri | provenance | Sink:MaD:189 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:346:41:346:43 | uri | provenance | Sink:MaD:192 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:348:40:348:42 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:349:40:349:42 | uri | provenance | Sink:MaD:191 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:349:40:349:42 | uri | provenance | Sink:MaD:194 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:351:39:351:41 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:352:39:352:41 | uri | provenance | Sink:MaD:193 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:352:39:352:41 | uri | provenance | Sink:MaD:196 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:356:48:356:50 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:357:48:357:50 | uri | provenance | Sink:MaD:206 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:357:48:357:50 | uri | provenance | Sink:MaD:209 | | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:359:41:359:43 | uri : URI | provenance | | -| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:360:41:360:43 | uri | provenance | Sink:MaD:195 | +| ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:360:41:360:43 | uri | provenance | Sink:MaD:198 | | ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:329:31:329:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:354:53:354:56 | host | provenance | Sink:MaD:204 | -| ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 | -| ApacheHttpSSRFVersion5.java:333:42:333:44 | uri : URI | ApacheHttpSSRFVersion5.java:333:42:333:55 | toString(...) | provenance | MaD:286 Sink:MaD:180 | -| ApacheHttpSSRFVersion5.java:336:39:336:41 | uri : URI | ApacheHttpSSRFVersion5.java:336:39:336:52 | toString(...) | provenance | MaD:286 Sink:MaD:182 | -| ApacheHttpSSRFVersion5.java:339:40:339:42 | uri : URI | ApacheHttpSSRFVersion5.java:339:40:339:53 | toString(...) | provenance | MaD:286 Sink:MaD:184 | -| ApacheHttpSSRFVersion5.java:342:43:342:45 | uri : URI | ApacheHttpSSRFVersion5.java:342:43:342:56 | toString(...) | provenance | MaD:286 Sink:MaD:186 | -| ApacheHttpSSRFVersion5.java:345:41:345:43 | uri : URI | ApacheHttpSSRFVersion5.java:345:41:345:54 | toString(...) | provenance | MaD:286 Sink:MaD:188 | -| ApacheHttpSSRFVersion5.java:348:40:348:42 | uri : URI | ApacheHttpSSRFVersion5.java:348:40:348:53 | toString(...) | provenance | MaD:286 Sink:MaD:190 | -| ApacheHttpSSRFVersion5.java:351:39:351:41 | uri : URI | ApacheHttpSSRFVersion5.java:351:39:351:52 | toString(...) | provenance | MaD:286 Sink:MaD:192 | -| ApacheHttpSSRFVersion5.java:356:48:356:50 | uri : URI | ApacheHttpSSRFVersion5.java:356:48:356:61 | toString(...) | provenance | MaD:286 Sink:MaD:205 | -| ApacheHttpSSRFVersion5.java:359:41:359:43 | uri : URI | ApacheHttpSSRFVersion5.java:359:41:359:54 | toString(...) | provenance | MaD:286 Sink:MaD:194 | -| ApacheHttpSSRFVersion5.java:372:30:372:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:373:31:373:37 | uriSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:380:57:380:59 | uri | provenance | Sink:MaD:197 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:382:51:382:53 | uri | provenance | Sink:MaD:199 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:386:50:386:52 | uri | provenance | Sink:MaD:201 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:388:44:388:46 | uri | provenance | Sink:MaD:203 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:390:24:390:26 | uri | provenance | Sink:MaD:207 | -| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:394:24:394:26 | uri | provenance | Sink:MaD:207 | +| ApacheHttpSSRFVersion5.java:327:31:327:37 | uriSink : String | ApacheHttpSSRFVersion5.java:327:23:327:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:329:31:329:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:354:53:354:56 | host | provenance | Sink:MaD:207 | +| ApacheHttpSSRFVersion5.java:330:42:330:49 | hostSink : String | ApacheHttpSSRFVersion5.java:330:29:330:50 | new HttpHost(...) : HttpHost | provenance | MaD:299 | +| ApacheHttpSSRFVersion5.java:333:42:333:44 | uri : URI | ApacheHttpSSRFVersion5.java:333:42:333:55 | toString(...) | provenance | MaD:291 Sink:MaD:183 | +| ApacheHttpSSRFVersion5.java:336:39:336:41 | uri : URI | ApacheHttpSSRFVersion5.java:336:39:336:52 | toString(...) | provenance | MaD:291 Sink:MaD:185 | +| ApacheHttpSSRFVersion5.java:339:40:339:42 | uri : URI | ApacheHttpSSRFVersion5.java:339:40:339:53 | toString(...) | provenance | MaD:291 Sink:MaD:187 | +| ApacheHttpSSRFVersion5.java:342:43:342:45 | uri : URI | ApacheHttpSSRFVersion5.java:342:43:342:56 | toString(...) | provenance | MaD:291 Sink:MaD:189 | +| ApacheHttpSSRFVersion5.java:345:41:345:43 | uri : URI | ApacheHttpSSRFVersion5.java:345:41:345:54 | toString(...) | provenance | MaD:291 Sink:MaD:191 | +| ApacheHttpSSRFVersion5.java:348:40:348:42 | uri : URI | ApacheHttpSSRFVersion5.java:348:40:348:53 | toString(...) | provenance | MaD:291 Sink:MaD:193 | +| ApacheHttpSSRFVersion5.java:351:39:351:41 | uri : URI | ApacheHttpSSRFVersion5.java:351:39:351:52 | toString(...) | provenance | MaD:291 Sink:MaD:195 | +| ApacheHttpSSRFVersion5.java:356:48:356:50 | uri : URI | ApacheHttpSSRFVersion5.java:356:48:356:61 | toString(...) | provenance | MaD:291 Sink:MaD:208 | +| ApacheHttpSSRFVersion5.java:359:41:359:43 | uri : URI | ApacheHttpSSRFVersion5.java:359:41:359:54 | toString(...) | provenance | MaD:291 Sink:MaD:197 | +| ApacheHttpSSRFVersion5.java:372:30:372:56 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:373:31:373:37 | uriSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:380:57:380:59 | uri | provenance | Sink:MaD:200 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:382:51:382:53 | uri | provenance | Sink:MaD:202 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:386:50:386:52 | uri | provenance | Sink:MaD:204 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:388:44:388:46 | uri | provenance | Sink:MaD:206 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:390:24:390:26 | uri | provenance | Sink:MaD:210 | +| ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | ApacheHttpSSRFVersion5.java:394:24:394:26 | uri | provenance | Sink:MaD:210 | | ApacheHttpSSRFVersion5.java:373:31:373:37 | uriSink : String | ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | provenance | Config | -| ApacheHttpSSRFVersion5.java:373:31:373:37 | uriSink : String | ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | provenance | MaD:285 | -| ApacheHttpSSRFVersion5.java:375:31:375:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | provenance | Src:MaD:277 | -| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:379:57:379:60 | host | provenance | Sink:MaD:196 | -| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:381:51:381:54 | host | provenance | Sink:MaD:198 | -| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:385:50:385:53 | host | provenance | Sink:MaD:200 | -| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:387:44:387:47 | host | provenance | Sink:MaD:202 | -| ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | provenance | MaD:294 | -| JakartaWsSSRF.java:14:22:14:48 | getParameter(...) : String | JakartaWsSSRF.java:15:23:15:25 | url | provenance | Src:MaD:277 Sink:MaD:3 | -| JavaNetHttpSSRF.java:25:27:25:53 | getParameter(...) : String | JavaNetHttpSSRF.java:26:31:26:34 | sink : String | provenance | Src:MaD:277 | -| JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | JavaNetHttpSSRF.java:39:59:39:61 | uri | provenance | Sink:MaD:6 | +| ApacheHttpSSRFVersion5.java:373:31:373:37 | uriSink : String | ApacheHttpSSRFVersion5.java:373:23:373:38 | new URI(...) : URI | provenance | MaD:290 | +| ApacheHttpSSRFVersion5.java:375:31:375:58 | getParameter(...) : String | ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | provenance | Src:MaD:280 | +| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:379:57:379:60 | host | provenance | Sink:MaD:199 | +| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:381:51:381:54 | host | provenance | Sink:MaD:201 | +| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:385:50:385:53 | host | provenance | Sink:MaD:203 | +| ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | ApacheHttpSSRFVersion5.java:387:44:387:47 | host | provenance | Sink:MaD:205 | +| ApacheHttpSSRFVersion5.java:376:42:376:49 | hostSink : String | ApacheHttpSSRFVersion5.java:376:29:376:50 | new HttpHost(...) : HttpHost | provenance | MaD:299 | +| JakartaWsSSRF.java:14:22:14:48 | getParameter(...) : String | JakartaWsSSRF.java:15:23:15:25 | url | provenance | Src:MaD:280 Sink:MaD:6 | +| JavaNetHttpSSRF.java:25:27:25:53 | getParameter(...) : String | JavaNetHttpSSRF.java:26:31:26:34 | sink : String | provenance | Src:MaD:280 | +| JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | JavaNetHttpSSRF.java:39:59:39:61 | uri | provenance | Sink:MaD:9 | | JavaNetHttpSSRF.java:26:31:26:34 | sink : String | JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | provenance | Config | -| JavaNetHttpSSRF.java:26:31:26:34 | sink : String | JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | provenance | MaD:285 | +| JavaNetHttpSSRF.java:26:31:26:34 | sink : String | JavaNetHttpSSRF.java:26:23:26:35 | new URI(...) : URI | provenance | MaD:290 | | JavaNetHttpSSRF.java:26:31:26:34 | sink : String | JavaNetHttpSSRF.java:27:40:27:43 | sink : String | provenance | | -| JavaNetHttpSSRF.java:27:24:27:57 | new URI(...) : URI | JavaNetHttpSSRF.java:38:65:38:68 | uri2 | provenance | Sink:MaD:5 | +| JavaNetHttpSSRF.java:27:24:27:57 | new URI(...) : URI | JavaNetHttpSSRF.java:38:65:38:68 | uri2 | provenance | Sink:MaD:8 | | JavaNetHttpSSRF.java:27:40:27:43 | sink : String | JavaNetHttpSSRF.java:27:24:27:57 | new URI(...) : URI | provenance | Config | | JavaNetHttpSSRF.java:27:40:27:43 | sink : String | JavaNetHttpSSRF.java:28:32:28:35 | sink : String | provenance | | -| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:30:32:30:35 | url1 | provenance | Sink:MaD:9 | -| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:33:32:33:35 | url1 | provenance | Sink:MaD:9 | -| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:34:30:34:33 | url1 | provenance | Sink:MaD:10 | +| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:30:32:30:35 | url1 | provenance | Sink:MaD:12 | +| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:33:32:33:35 | url1 | provenance | Sink:MaD:12 | +| JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | JavaNetHttpSSRF.java:34:30:34:33 | url1 | provenance | Sink:MaD:13 | | JavaNetHttpSSRF.java:28:32:28:35 | sink : String | JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | provenance | Config | -| JavaNetHttpSSRF.java:28:32:28:35 | sink : String | JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | provenance | MaD:288 | -| JaxWsSSRF.java:14:22:14:48 | getParameter(...) : String | JaxWsSSRF.java:15:23:15:25 | url | provenance | Src:MaD:277 Sink:MaD:23 | -| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:26:28:26:34 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:17 | -| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:28:41:28:47 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:18 | -| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:29:41:29:47 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:20 | -| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:30:41:30:47 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:19 | -| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:32:27:32:33 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:242 | -| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:43:27:43:33 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:2 | -| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:48:23:48:29 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:2 | -| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | provenance | Src:MaD:277 | +| JavaNetHttpSSRF.java:28:32:28:35 | sink : String | JavaNetHttpSSRF.java:28:24:28:36 | new URL(...) : URL | provenance | MaD:293 | +| JaxWsSSRF.java:14:22:14:48 | getParameter(...) : String | JaxWsSSRF.java:15:23:15:25 | url | provenance | Src:MaD:280 Sink:MaD:26 | +| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:26:28:26:34 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:20 | +| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:28:41:28:47 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:21 | +| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:29:41:29:47 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:23 | +| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:30:41:30:47 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:22 | +| JdbcUrlSSRF.java:21:26:21:56 | getParameter(...) : String | JdbcUrlSSRF.java:32:27:32:33 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:245 | +| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:43:27:43:33 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:2 | +| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:48:23:48:29 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:2 | +| JdbcUrlSSRF.java:40:26:40:56 | getParameter(...) : String | JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | provenance | Src:MaD:280 | | JdbcUrlSSRF.java:52:9:52:13 | props : Properties | JdbcUrlSSRF.java:54:49:54:53 | props | provenance | Sink:MaD:1 | | JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [] : String | JdbcUrlSSRF.java:54:49:54:53 | props | provenance | Sink:MaD:1 | | JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props : Properties | provenance | Config | -| JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [] : String | provenance | MaD:293 | -| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:65:27:65:33 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:257 | -| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:67:75:67:81 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:258 | -| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:70:75:70:81 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:260 | -| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:73:75:73:81 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:259 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:82:21:82:27 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:235 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:83:21:83:27 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:236 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:84:21:84:27 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:237 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:86:19:86:25 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:238 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:87:19:87:25 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:239 | -| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | provenance | Src:MaD:277 Sink:MaD:240 | -| ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:16:52:16:54 | url | provenance | Src:MaD:277 Sink:MaD:274 | -| ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:35:30:35:32 | url | provenance | Src:MaD:277 Sink:MaD:273 | -| SanitizationTests.java:22:23:22:58 | new URI(...) : URI | SanitizationTests.java:25:52:25:54 | uri | provenance | Sink:MaD:6 | +| JdbcUrlSSRF.java:52:38:52:44 | jdbcUrl : String | JdbcUrlSSRF.java:52:9:52:13 | props [post update] : Properties [] : String | provenance | MaD:298 | +| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:65:27:65:33 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:260 | +| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:67:75:67:81 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:261 | +| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:70:75:70:81 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:263 | +| JdbcUrlSSRF.java:60:26:60:56 | getParameter(...) : String | JdbcUrlSSRF.java:73:75:73:81 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:262 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:82:21:82:27 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:238 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:83:21:83:27 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:239 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:84:21:84:27 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:240 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:86:19:86:25 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:241 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:87:19:87:25 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:242 | +| JdbcUrlSSRF.java:80:26:80:56 | getParameter(...) : String | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | provenance | Src:MaD:280 Sink:MaD:243 | +| MicronautSSRF.java:14:32:14:53 | url : String | MicronautSSRF.java:15:45:15:47 | url | provenance | Sink:MaD:4 | +| MicronautSSRF.java:19:42:19:63 | url : String | MicronautSSRF.java:20:45:20:47 | url | provenance | Sink:MaD:3 | +| MicronautSSRF.java:24:37:24:58 | url : String | MicronautSSRF.java:25:45:25:47 | url | provenance | Sink:MaD:5 | +| MicronautSSRF.java:29:34:29:56 | host : String | MicronautSSRF.java:30:60:30:63 | host : String | provenance | | +| MicronautSSRF.java:30:19:30:64 | host(...) : UriBuilder | MicronautSSRF.java:30:19:30:72 | build(...) : URI | provenance | MaD:281 | +| MicronautSSRF.java:30:19:30:72 | build(...) : URI | MicronautSSRF.java:31:45:31:47 | uri : URI | provenance | | +| MicronautSSRF.java:30:60:30:63 | host : String | MicronautSSRF.java:30:19:30:64 | host(...) : UriBuilder | provenance | MaD:282 | +| MicronautSSRF.java:31:45:31:47 | uri : URI | MicronautSSRF.java:31:45:31:58 | toString(...) | provenance | MaD:291 Sink:MaD:4 | +| ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:16:52:16:54 | url | provenance | Src:MaD:280 Sink:MaD:277 | +| ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | ReactiveWebClientSSRF.java:35:30:35:32 | url | provenance | Src:MaD:280 Sink:MaD:276 | +| SanitizationTests.java:22:23:22:58 | new URI(...) : URI | SanitizationTests.java:25:52:25:54 | uri | provenance | Sink:MaD:9 | | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | SanitizationTests.java:25:52:25:54 | uri : URI | provenance | | -| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:277 Config | -| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:277 MaD:285 | -| SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | SanitizationTests.java:26:25:26:25 | r | provenance | Sink:MaD:4 | -| SanitizationTests.java:25:52:25:54 | uri : URI | SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:78:33:78:63 | getParameter(...) : String | SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | provenance | Src:MaD:277 | -| SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | SanitizationTests.java:80:25:80:32 | unsafer3 | provenance | Sink:MaD:4 | -| SanitizationTests.java:79:59:79:77 | new URI(...) : URI | SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:280 Config | +| SanitizationTests.java:22:31:22:57 | getParameter(...) : String | SanitizationTests.java:22:23:22:58 | new URI(...) : URI | provenance | Src:MaD:280 MaD:290 | +| SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:25:29:25:63 | build(...) : HttpRequest | SanitizationTests.java:26:25:26:25 | r | provenance | Sink:MaD:7 | +| SanitizationTests.java:25:52:25:54 | uri : URI | SanitizationTests.java:25:29:25:55 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:78:33:78:63 | getParameter(...) : String | SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | provenance | Src:MaD:280 | +| SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:79:36:79:86 | build(...) : HttpRequest | SanitizationTests.java:80:25:80:32 | unsafer3 | provenance | Sink:MaD:7 | +| SanitizationTests.java:79:59:79:77 | new URI(...) : URI | SanitizationTests.java:79:36:79:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) : URI | provenance | MaD:285 | -| SanitizationTests.java:82:49:82:79 | getParameter(...) : String | SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | provenance | Src:MaD:277 | -| SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | SanitizationTests.java:84:25:84:32 | unsafer4 | provenance | Sink:MaD:4 | -| SanitizationTests.java:83:59:83:77 | new URI(...) : URI | SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:79:67:79:76 | unsafeUri3 : String | SanitizationTests.java:79:59:79:77 | new URI(...) : URI | provenance | MaD:290 | +| SanitizationTests.java:82:49:82:79 | getParameter(...) : String | SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | provenance | Src:MaD:280 | +| SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:83:36:83:86 | build(...) : HttpRequest | SanitizationTests.java:84:25:84:32 | unsafer4 | provenance | Sink:MaD:7 | +| SanitizationTests.java:83:59:83:77 | new URI(...) : URI | SanitizationTests.java:83:36:83:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:83:67:83:76 | unsafeUri4 : String | SanitizationTests.java:83:59:83:77 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | provenance | | -| SanitizationTests.java:87:31:87:61 | getParameter(...) : String | SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | provenance | Src:MaD:277 MaD:278 | -| SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | SanitizationTests.java:89:25:89:32 | unsafer5 | provenance | Sink:MaD:4 | -| SanitizationTests.java:88:59:88:88 | new URI(...) : URI | SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | SanitizationTests.java:88:67:88:87 | toString(...) : String | provenance | MaD:280 | -| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:87:31:87:61 | getParameter(...) : String | SanitizationTests.java:87:13:87:22 | unsafeUri5 [post update] : StringBuilder | provenance | Src:MaD:280 MaD:283 | +| SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:88:36:88:97 | build(...) : HttpRequest | SanitizationTests.java:89:25:89:32 | unsafer5 | provenance | Sink:MaD:7 | +| SanitizationTests.java:88:59:88:88 | new URI(...) : URI | SanitizationTests.java:88:36:88:89 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:88:67:88:76 | unsafeUri5 : StringBuilder | SanitizationTests.java:88:67:88:87 | toString(...) : String | provenance | MaD:285 | +| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:88:67:88:87 | toString(...) : String | SanitizationTests.java:88:59:88:88 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | provenance | | -| SanitizationTests.java:91:58:91:86 | getParameter(...) : String | SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 | -| SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | SanitizationTests.java:94:25:94:33 | unsafer5a | provenance | Sink:MaD:4 | -| SanitizationTests.java:93:60:93:89 | new URI(...) : URI | SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | SanitizationTests.java:93:68:93:88 | toString(...) : String | provenance | MaD:280 | -| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:91:58:91:86 | getParameter(...) : String | SanitizationTests.java:91:40:91:87 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:280 MaD:287 | +| SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:93:37:93:98 | build(...) : HttpRequest | SanitizationTests.java:94:25:94:33 | unsafer5a | provenance | Sink:MaD:7 | +| SanitizationTests.java:93:60:93:89 | new URI(...) : URI | SanitizationTests.java:93:37:93:90 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:93:68:93:77 | unafeUri5a : StringBuilder | SanitizationTests.java:93:68:93:88 | toString(...) : String | provenance | MaD:285 | +| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:93:68:93:88 | toString(...) : String | SanitizationTests.java:93:60:93:89 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | provenance | | -| SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | provenance | MaD:279 | -| SanitizationTests.java:96:60:96:88 | getParameter(...) : String | SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:277 MaD:282 | -| SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | SanitizationTests.java:99:25:99:33 | unsafer5b | provenance | Sink:MaD:4 | -| SanitizationTests.java:98:60:98:90 | new URI(...) : URI | SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | SanitizationTests.java:98:68:98:89 | toString(...) : String | provenance | MaD:280 | -| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | SanitizationTests.java:96:41:96:105 | append(...) : StringBuilder | provenance | MaD:284 | +| SanitizationTests.java:96:60:96:88 | getParameter(...) : String | SanitizationTests.java:96:42:96:89 | new StringBuilder(...) : StringBuilder | provenance | Src:MaD:280 MaD:287 | +| SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:98:37:98:99 | build(...) : HttpRequest | SanitizationTests.java:99:25:99:33 | unsafer5b | provenance | Sink:MaD:7 | +| SanitizationTests.java:98:60:98:90 | new URI(...) : URI | SanitizationTests.java:98:37:98:91 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:98:68:98:78 | unsafeUri5b : StringBuilder | SanitizationTests.java:98:68:98:89 | toString(...) : String | provenance | MaD:285 | +| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:98:68:98:89 | toString(...) : String | SanitizationTests.java:98:60:98:90 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | provenance | | -| SanitizationTests.java:101:77:101:105 | getParameter(...) : String | SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | provenance | Src:MaD:277 MaD:278+MaD:279 | -| SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | SanitizationTests.java:104:25:104:33 | unsafer5c | provenance | Sink:MaD:4 | -| SanitizationTests.java:103:60:103:90 | new URI(...) : URI | SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | SanitizationTests.java:103:68:103:89 | toString(...) : String | provenance | MaD:280 | -| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:101:77:101:105 | getParameter(...) : String | SanitizationTests.java:101:41:101:106 | append(...) : StringBuilder | provenance | Src:MaD:280 MaD:283+MaD:284 | +| SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:103:37:103:99 | build(...) : HttpRequest | SanitizationTests.java:104:25:104:33 | unsafer5c | provenance | Sink:MaD:7 | +| SanitizationTests.java:103:60:103:90 | new URI(...) : URI | SanitizationTests.java:103:37:103:91 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:103:68:103:78 | unsafeUri5c : StringBuilder | SanitizationTests.java:103:68:103:89 | toString(...) : String | provenance | MaD:285 | +| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:103:68:103:89 | toString(...) : String | SanitizationTests.java:103:60:103:90 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:106:33:106:104 | format(...) : String | SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | provenance | | -| SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:106:33:106:104 | format(...) : String | provenance | MaD:281 | -| SanitizationTests.java:106:73:106:103 | getParameter(...) : String | SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 | -| SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | SanitizationTests.java:108:25:108:32 | unsafer6 | provenance | Sink:MaD:4 | -| SanitizationTests.java:107:59:107:77 | new URI(...) : URI | SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:106:33:106:104 | format(...) : String | provenance | MaD:286 | +| SanitizationTests.java:106:73:106:103 | getParameter(...) : String | SanitizationTests.java:106:33:106:104 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:280 | +| SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:107:36:107:86 | build(...) : HttpRequest | SanitizationTests.java:108:25:108:32 | unsafer6 | provenance | Sink:MaD:7 | +| SanitizationTests.java:107:59:107:77 | new URI(...) : URI | SanitizationTests.java:107:36:107:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:107:67:107:76 | unsafeUri6 : String | SanitizationTests.java:107:59:107:77 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:110:33:110:110 | format(...) : String | SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | provenance | | -| SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:110:33:110:110 | format(...) : String | provenance | MaD:281 | -| SanitizationTests.java:110:56:110:86 | getParameter(...) : String | SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 | -| SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | SanitizationTests.java:112:25:112:32 | unsafer7 | provenance | Sink:MaD:4 | -| SanitizationTests.java:111:59:111:77 | new URI(...) : URI | SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:110:33:110:110 | format(...) : String | provenance | MaD:286 | +| SanitizationTests.java:110:56:110:86 | getParameter(...) : String | SanitizationTests.java:110:33:110:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:280 | +| SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:111:36:111:86 | build(...) : HttpRequest | SanitizationTests.java:112:25:112:32 | unsafer7 | provenance | Sink:MaD:7 | +| SanitizationTests.java:111:59:111:77 | new URI(...) : URI | SanitizationTests.java:111:36:111:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:111:67:111:76 | unsafeUri7 : String | SanitizationTests.java:111:59:111:77 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:114:33:114:110 | format(...) : String | SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | provenance | | -| SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:114:33:114:110 | format(...) : String | provenance | MaD:281 | -| SanitizationTests.java:114:55:114:85 | getParameter(...) : String | SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 | -| SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | SanitizationTests.java:116:25:116:32 | unsafer8 | provenance | Sink:MaD:4 | -| SanitizationTests.java:115:59:115:77 | new URI(...) : URI | SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:114:33:114:110 | format(...) : String | provenance | MaD:286 | +| SanitizationTests.java:114:55:114:85 | getParameter(...) : String | SanitizationTests.java:114:33:114:110 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:280 | +| SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:115:36:115:86 | build(...) : HttpRequest | SanitizationTests.java:116:25:116:32 | unsafer8 | provenance | Sink:MaD:7 | +| SanitizationTests.java:115:59:115:77 | new URI(...) : URI | SanitizationTests.java:115:36:115:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) : URI | provenance | MaD:285 | -| SanitizationTests.java:118:33:118:63 | getParameter(...) : String | SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | provenance | Src:MaD:277 | -| SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | SanitizationTests.java:120:25:120:32 | unsafer9 | provenance | Sink:MaD:4 | -| SanitizationTests.java:119:59:119:77 | new URI(...) : URI | SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:115:67:115:76 | unsafeUri8 : String | SanitizationTests.java:115:59:115:77 | new URI(...) : URI | provenance | MaD:290 | +| SanitizationTests.java:118:33:118:63 | getParameter(...) : String | SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | provenance | Src:MaD:280 | +| SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:119:36:119:86 | build(...) : HttpRequest | SanitizationTests.java:120:25:120:32 | unsafer9 | provenance | Sink:MaD:7 | +| SanitizationTests.java:119:59:119:77 | new URI(...) : URI | SanitizationTests.java:119:36:119:78 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) : URI | provenance | MaD:285 | +| SanitizationTests.java:119:67:119:76 | unsafeUri9 : String | SanitizationTests.java:119:59:119:77 | new URI(...) : URI | provenance | MaD:290 | | SanitizationTests.java:122:34:122:126 | format(...) : String | SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | provenance | | -| SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:122:34:122:126 | format(...) : String | provenance | MaD:281 | -| SanitizationTests.java:122:94:122:125 | getParameter(...) : String | SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:277 | -| SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | SanitizationTests.java:124:25:124:33 | unsafer10 | provenance | Sink:MaD:4 | -| SanitizationTests.java:123:60:123:79 | new URI(...) : URI | SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | SanitizationTests.java:122:34:122:126 | format(...) : String | provenance | MaD:286 | +| SanitizationTests.java:122:94:122:125 | getParameter(...) : String | SanitizationTests.java:122:34:122:126 | new ..[] { .. } : Object[] [[]] : String | provenance | Src:MaD:280 | +| SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:123:37:123:88 | build(...) : HttpRequest | SanitizationTests.java:124:25:124:33 | unsafer10 | provenance | Sink:MaD:7 | +| SanitizationTests.java:123:60:123:79 | new URI(...) : URI | SanitizationTests.java:123:37:123:80 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) : URI | provenance | MaD:285 | -| SanitizationTests.java:177:31:177:114 | newBuilder(...) : Builder | SanitizationTests.java:177:31:177:122 | build(...) : HttpRequest | provenance | MaD:283 | -| SanitizationTests.java:177:31:177:122 | build(...) : HttpRequest | SanitizationTests.java:178:25:178:27 | r18 | provenance | Sink:MaD:4 | -| SanitizationTests.java:177:54:177:113 | new URI(...) : URI | SanitizationTests.java:177:31:177:114 | newBuilder(...) : Builder | provenance | MaD:284 | -| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) | provenance | Config Sink:MaD:6 | -| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) | provenance | MaD:285 Sink:MaD:6 | +| SanitizationTests.java:123:68:123:78 | unsafeUri10 : String | SanitizationTests.java:123:60:123:79 | new URI(...) : URI | provenance | MaD:290 | +| SanitizationTests.java:177:31:177:114 | newBuilder(...) : Builder | SanitizationTests.java:177:31:177:122 | build(...) : HttpRequest | provenance | MaD:288 | +| SanitizationTests.java:177:31:177:122 | build(...) : HttpRequest | SanitizationTests.java:178:25:178:27 | r18 | provenance | Sink:MaD:7 | +| SanitizationTests.java:177:54:177:113 | new URI(...) : URI | SanitizationTests.java:177:31:177:114 | newBuilder(...) : Builder | provenance | MaD:289 | +| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) | provenance | Config Sink:MaD:9 | +| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) | provenance | MaD:290 Sink:MaD:9 | | SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) : URI | provenance | Config | -| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) : URI | provenance | MaD:285 | -| SanitizationTests.java:177:74:177:111 | of(...) : List [] : String | SanitizationTests.java:177:62:177:112 | getFromList(...) : String | provenance | MaD:290 | +| SanitizationTests.java:177:62:177:112 | getFromList(...) : String | SanitizationTests.java:177:54:177:113 | new URI(...) : URI | provenance | MaD:290 | +| SanitizationTests.java:177:74:177:111 | of(...) : List [] : String | SanitizationTests.java:177:62:177:112 | getFromList(...) : String | provenance | MaD:295 | | SanitizationTests.java:177:74:177:111 | of(...) : List [] : String | SanitizationTests.java:199:31:199:112 | list : List [] : String | provenance | | -| SanitizationTests.java:177:82:177:110 | getParameter(...) : String | SanitizationTests.java:177:74:177:111 | of(...) : List [] : String | provenance | Src:MaD:277 MaD:289 | +| SanitizationTests.java:177:82:177:110 | getParameter(...) : String | SanitizationTests.java:177:74:177:111 | of(...) : List [] : String | provenance | Src:MaD:280 MaD:294 | | SanitizationTests.java:199:31:199:112 | list : List [] : String | SanitizationTests.java:200:16:200:19 | list : List [] : String | provenance | | -| SanitizationTests.java:200:16:200:19 | list : List [] : String | SanitizationTests.java:200:16:200:26 | get(...) : String | provenance | MaD:290 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | provenance | Src:MaD:277 Sink:MaD:264 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:262 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:263 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:265 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | provenance | Src:MaD:277 Sink:MaD:268 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | provenance | Src:MaD:277 | -| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | Config Sink:MaD:269 | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | MaD:285 Sink:MaD:269 | +| SanitizationTests.java:200:16:200:19 | list : List [] : String | SanitizationTests.java:200:16:200:26 | get(...) : String | provenance | MaD:295 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:32:39:32:59 | ... + ... | provenance | Src:MaD:280 Sink:MaD:267 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:33:69:33:82 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:34:73:34:86 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:35:87:35:100 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:43:35:43:48 | fooResourceUrl | provenance | Src:MaD:280 Sink:MaD:265 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:44:91:44:104 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:45:95:45:108 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:46:109:46:122 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:54:34:54:47 | fooResourceUrl | provenance | Src:MaD:280 Sink:MaD:266 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:55:79:55:92 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:56:83:56:96 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:57:97:57:110 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:65:39:65:52 | fooResourceUrl | provenance | Src:MaD:280 Sink:MaD:268 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:66:69:66:82 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:67:73:67:86 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:68:87:68:100 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:76:41:76:54 | fooResourceUrl | provenance | Src:MaD:280 Sink:MaD:271 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:77:93:77:106 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:78:97:78:110 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:79:111:79:124 | fooResourceUrl | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:28:33:28:60 | getParameter(...) : String | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | provenance | Src:MaD:280 | +| SpringSSRF.java:38:83:38:96 | fooResourceUrl : String | SpringSSRF.java:38:69:38:97 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:40:105:40:118 | fooResourceUrl : String | SpringSSRF.java:40:69:40:119 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:49:105:49:118 | fooResourceUrl : String | SpringSSRF.java:49:91:49:119 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:51:127:51:140 | fooResourceUrl : String | SpringSSRF.java:51:91:51:141 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:60:93:60:106 | fooResourceUrl : String | SpringSSRF.java:60:79:60:107 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:62:115:62:128 | fooResourceUrl : String | SpringSSRF.java:62:79:62:129 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:71:83:71:96 | fooResourceUrl : String | SpringSSRF.java:71:69:71:97 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:73:105:73:118 | fooResourceUrl : String | SpringSSRF.java:73:69:73:119 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:82:107:82:120 | fooResourceUrl : String | SpringSSRF.java:82:93:82:121 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:84:129:84:142 | fooResourceUrl : String | SpringSSRF.java:84:93:84:143 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | Config Sink:MaD:272 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:87:40:87:62 | new URI(...) | provenance | MaD:290 Sink:MaD:272 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:88:92:88:105 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:89:96:89:109 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:90:110:90:123 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | provenance | Sink:MaD:270 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:98:42:98:55 | fooResourceUrl | provenance | Sink:MaD:273 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:99:80:99:93 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:100:84:100:97 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:101:98:101:111 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | provenance | Sink:MaD:271 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:109:40:109:53 | fooResourceUrl | provenance | Sink:MaD:274 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:110:92:110:105 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:111:96:111:109 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:112:110:112:123 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | provenance | Sink:MaD:272 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:120:30:120:43 | fooResourceUrl | provenance | Sink:MaD:275 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:121:68:121:81 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:122:72:122:85 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:123:86:123:99 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | provenance | Sink:MaD:261 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:131:33:131:46 | fooResourceUrl | provenance | Sink:MaD:264 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:132:49:132:62 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:133:53:133:66 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:134:67:134:80 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | provenance | Sink:MaD:266 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:142:41:142:54 | fooResourceUrl | provenance | Sink:MaD:269 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:143:57:143:70 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:144:61:144:74 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:145:75:145:88 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | provenance | Sink:MaD:267 | +| SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:153:42:153:55 | fooResourceUrl | provenance | Sink:MaD:270 | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:154:58:154:71 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:155:62:155:75 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:156:76:156:89 | fooResourceUrl | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | provenance | | | SpringSSRF.java:87:48:87:61 | fooResourceUrl : String | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:291 | -| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:292 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:168:44:168:46 | uri | provenance | Sink:MaD:255 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:170:35:170:37 | uri | provenance | Sink:MaD:250 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:171:35:171:37 | uri | provenance | Sink:MaD:256 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:172:38:172:40 | uri | provenance | Sink:MaD:249 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:173:39:173:41 | uri | provenance | Sink:MaD:253 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:174:37:174:39 | uri | provenance | Sink:MaD:254 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:175:36:175:38 | uri | provenance | Sink:MaD:251 | -| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:176:44:176:46 | uri | provenance | Sink:MaD:252 | +| SpringSSRF.java:93:106:93:119 | fooResourceUrl : String | SpringSSRF.java:93:92:93:120 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:95:128:95:141 | fooResourceUrl : String | SpringSSRF.java:95:92:95:142 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:104:94:104:107 | fooResourceUrl : String | SpringSSRF.java:104:80:104:108 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:106:116:106:129 | fooResourceUrl : String | SpringSSRF.java:106:80:106:130 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:115:106:115:119 | fooResourceUrl : String | SpringSSRF.java:115:92:115:120 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:117:128:117:141 | fooResourceUrl : String | SpringSSRF.java:117:92:117:142 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:126:82:126:95 | fooResourceUrl : String | SpringSSRF.java:126:68:126:96 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:128:104:128:117 | fooResourceUrl : String | SpringSSRF.java:128:68:128:118 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:137:63:137:76 | fooResourceUrl : String | SpringSSRF.java:137:49:137:77 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:139:85:139:98 | fooResourceUrl : String | SpringSSRF.java:139:49:139:99 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:148:71:148:84 | fooResourceUrl : String | SpringSSRF.java:148:57:148:85 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:150:93:150:106 | fooResourceUrl : String | SpringSSRF.java:150:57:150:107 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:159:72:159:85 | fooResourceUrl : String | SpringSSRF.java:159:58:159:86 | of(...) | provenance | MaD:296 | +| SpringSSRF.java:161:94:161:107 | fooResourceUrl : String | SpringSSRF.java:161:58:161:108 | of(...) | provenance | MaD:297 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:168:44:168:46 | uri | provenance | Sink:MaD:258 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:170:35:170:37 | uri | provenance | Sink:MaD:253 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:171:35:171:37 | uri | provenance | Sink:MaD:259 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:172:38:172:40 | uri | provenance | Sink:MaD:252 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:173:39:173:41 | uri | provenance | Sink:MaD:256 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:174:37:174:39 | uri | provenance | Sink:MaD:257 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:175:36:175:38 | uri | provenance | Sink:MaD:254 | +| SpringSSRF.java:166:27:166:49 | new URI(...) : URI | SpringSSRF.java:176:44:176:46 | uri | provenance | Sink:MaD:255 | | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | Config | -| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | MaD:285 | +| SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:166:27:166:49 | new URI(...) : URI | provenance | MaD:290 | | SpringSSRF.java:166:35:166:48 | fooResourceUrl : String | SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | provenance | | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:182:49:182:51 | uri | provenance | Sink:MaD:243 | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:183:58:183:60 | uri | provenance | Sink:MaD:244 | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:184:57:184:59 | uri | provenance | Sink:MaD:245 | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:185:66:185:68 | uri | provenance | Sink:MaD:247 | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:186:57:186:59 | uri | provenance | Sink:MaD:246 | -| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:187:66:187:68 | uri | provenance | Sink:MaD:248 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:182:49:182:51 | uri | provenance | Sink:MaD:246 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:183:58:183:60 | uri | provenance | Sink:MaD:247 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:184:57:184:59 | uri | provenance | Sink:MaD:248 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:185:66:185:68 | uri | provenance | Sink:MaD:250 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:186:57:186:59 | uri | provenance | Sink:MaD:249 | +| SpringSSRF.java:179:27:179:49 | new URI(...) : URI | SpringSSRF.java:187:66:187:68 | uri | provenance | Sink:MaD:251 | | SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | Config | -| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:17:31:17:33 | url : String | provenance | Src:MaD:277 | +| SpringSSRF.java:179:35:179:48 | fooResourceUrl : String | SpringSSRF.java:179:27:179:49 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:16:26:16:52 | getParameter(...) : String | URLClassLoaderSSRF.java:17:31:17:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | URLClassLoaderSSRF.java:18:74:18:76 | uri : URI | provenance | | | URLClassLoaderSSRF.java:17:31:17:33 | url : String | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:17:31:17:33 | url : String | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:18:64:18:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | provenance | Sink:MaD:13 | -| URLClassLoaderSSRF.java:18:64:18:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | provenance | Sink:MaD:13 | -| URLClassLoaderSSRF.java:18:74:18:76 | uri : URI | URLClassLoaderSSRF.java:18:74:18:84 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:17:31:17:33 | url : String | URLClassLoaderSSRF.java:17:23:17:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:18:64:18:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | provenance | Sink:MaD:16 | +| URLClassLoaderSSRF.java:18:64:18:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:18:64:18:85 | new URL[] | provenance | Sink:MaD:16 | +| URLClassLoaderSSRF.java:18:74:18:76 | uri : URI | URLClassLoaderSSRF.java:18:74:18:84 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:18:74:18:84 | toURL(...) : URL | URLClassLoaderSSRF.java:18:64:18:85 | {...} : URL[] [[]] : URL | provenance | | -| URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) : String | URLClassLoaderSSRF.java:29:31:29:33 | url : String | provenance | Src:MaD:277 | +| URLClassLoaderSSRF.java:28:26:28:52 | getParameter(...) : String | URLClassLoaderSSRF.java:29:31:29:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:29:23:29:34 | new URI(...) : URI | URLClassLoaderSSRF.java:30:74:30:76 | uri : URI | provenance | | | URLClassLoaderSSRF.java:29:31:29:33 | url : String | URLClassLoaderSSRF.java:29:23:29:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:29:31:29:33 | url : String | URLClassLoaderSSRF.java:29:23:29:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:30:64:30:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | provenance | Sink:MaD:14 | -| URLClassLoaderSSRF.java:30:64:30:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | provenance | Sink:MaD:14 | -| URLClassLoaderSSRF.java:30:74:30:76 | uri : URI | URLClassLoaderSSRF.java:30:74:30:84 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:29:31:29:33 | url : String | URLClassLoaderSSRF.java:29:23:29:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:30:64:30:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | provenance | Sink:MaD:17 | +| URLClassLoaderSSRF.java:30:64:30:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:30:64:30:85 | new URL[] | provenance | Sink:MaD:17 | +| URLClassLoaderSSRF.java:30:74:30:76 | uri : URI | URLClassLoaderSSRF.java:30:74:30:84 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:30:74:30:84 | toURL(...) : URL | URLClassLoaderSSRF.java:30:64:30:85 | {...} : URL[] [[]] : URL | provenance | | -| URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) : String | URLClassLoaderSSRF.java:41:31:41:33 | url : String | provenance | Src:MaD:277 | +| URLClassLoaderSSRF.java:40:26:40:52 | getParameter(...) : String | URLClassLoaderSSRF.java:41:31:41:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:41:23:41:34 | new URI(...) : URI | URLClassLoaderSSRF.java:44:74:44:76 | uri : URI | provenance | | | URLClassLoaderSSRF.java:41:31:41:33 | url : String | URLClassLoaderSSRF.java:41:23:41:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:41:31:41:33 | url : String | URLClassLoaderSSRF.java:41:23:41:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:44:64:44:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | provenance | Sink:MaD:15 | -| URLClassLoaderSSRF.java:44:64:44:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | provenance | Sink:MaD:15 | -| URLClassLoaderSSRF.java:44:74:44:76 | uri : URI | URLClassLoaderSSRF.java:44:74:44:84 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:41:31:41:33 | url : String | URLClassLoaderSSRF.java:41:23:41:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:44:64:44:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | provenance | Sink:MaD:18 | +| URLClassLoaderSSRF.java:44:64:44:85 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:44:64:44:85 | new URL[] | provenance | Sink:MaD:18 | +| URLClassLoaderSSRF.java:44:74:44:76 | uri : URI | URLClassLoaderSSRF.java:44:74:44:84 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:44:74:44:84 | toURL(...) : URL | URLClassLoaderSSRF.java:44:64:44:85 | {...} : URL[] [[]] : URL | provenance | | -| URLClassLoaderSSRF.java:54:26:54:52 | getParameter(...) : String | URLClassLoaderSSRF.java:55:31:55:33 | url : String | provenance | Src:MaD:277 | +| URLClassLoaderSSRF.java:54:26:54:52 | getParameter(...) : String | URLClassLoaderSSRF.java:55:31:55:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:55:23:55:34 | new URI(...) : URI | URLClassLoaderSSRF.java:56:82:56:84 | uri : URI | provenance | | | URLClassLoaderSSRF.java:55:31:55:33 | url : String | URLClassLoaderSSRF.java:55:23:55:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:55:31:55:33 | url : String | URLClassLoaderSSRF.java:55:23:55:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:56:72:56:93 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:56:72:56:93 | new URL[] | provenance | Sink:MaD:16 | -| URLClassLoaderSSRF.java:56:82:56:84 | uri : URI | URLClassLoaderSSRF.java:56:82:56:92 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:55:31:55:33 | url : String | URLClassLoaderSSRF.java:55:23:55:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:56:72:56:93 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:56:72:56:93 | new URL[] | provenance | Sink:MaD:19 | +| URLClassLoaderSSRF.java:56:82:56:84 | uri : URI | URLClassLoaderSSRF.java:56:82:56:92 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:56:82:56:92 | toURL(...) : URL | URLClassLoaderSSRF.java:56:72:56:93 | {...} : URL[] [[]] : URL | provenance | | -| URLClassLoaderSSRF.java:66:26:66:52 | getParameter(...) : String | URLClassLoaderSSRF.java:67:31:67:33 | url : String | provenance | Src:MaD:277 | +| URLClassLoaderSSRF.java:66:26:66:52 | getParameter(...) : String | URLClassLoaderSSRF.java:67:31:67:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:67:23:67:34 | new URI(...) : URI | URLClassLoaderSSRF.java:70:31:70:33 | uri : URI | provenance | | | URLClassLoaderSSRF.java:67:31:67:33 | url : String | URLClassLoaderSSRF.java:67:23:67:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:67:31:67:33 | url : String | URLClassLoaderSSRF.java:67:23:67:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:70:21:70:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:70:21:70:42 | new URL[] | provenance | Sink:MaD:11 | -| URLClassLoaderSSRF.java:70:21:70:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:70:21:70:42 | new URL[] | provenance | Sink:MaD:11 | -| URLClassLoaderSSRF.java:70:31:70:33 | uri : URI | URLClassLoaderSSRF.java:70:31:70:41 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:67:31:67:33 | url : String | URLClassLoaderSSRF.java:67:23:67:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:70:21:70:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:70:21:70:42 | new URL[] | provenance | Sink:MaD:14 | +| URLClassLoaderSSRF.java:70:21:70:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:70:21:70:42 | new URL[] | provenance | Sink:MaD:14 | +| URLClassLoaderSSRF.java:70:31:70:33 | uri : URI | URLClassLoaderSSRF.java:70:31:70:41 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:70:31:70:41 | toURL(...) : URL | URLClassLoaderSSRF.java:70:21:70:42 | {...} : URL[] [[]] : URL | provenance | | -| URLClassLoaderSSRF.java:83:26:83:52 | getParameter(...) : String | URLClassLoaderSSRF.java:84:31:84:33 | url : String | provenance | Src:MaD:277 | +| URLClassLoaderSSRF.java:83:26:83:52 | getParameter(...) : String | URLClassLoaderSSRF.java:84:31:84:33 | url : String | provenance | Src:MaD:280 | | URLClassLoaderSSRF.java:84:23:84:34 | new URI(...) : URI | URLClassLoaderSSRF.java:89:31:89:33 | uri : URI | provenance | | | URLClassLoaderSSRF.java:84:31:84:33 | url : String | URLClassLoaderSSRF.java:84:23:84:34 | new URI(...) : URI | provenance | Config | -| URLClassLoaderSSRF.java:84:31:84:33 | url : String | URLClassLoaderSSRF.java:84:23:84:34 | new URI(...) : URI | provenance | MaD:285 | -| URLClassLoaderSSRF.java:89:21:89:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:89:21:89:42 | new URL[] | provenance | Sink:MaD:12 | -| URLClassLoaderSSRF.java:89:21:89:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:89:21:89:42 | new URL[] | provenance | Sink:MaD:12 | -| URLClassLoaderSSRF.java:89:31:89:33 | uri : URI | URLClassLoaderSSRF.java:89:31:89:41 | toURL(...) : URL | provenance | MaD:287 | +| URLClassLoaderSSRF.java:84:31:84:33 | url : String | URLClassLoaderSSRF.java:84:23:84:34 | new URI(...) : URI | provenance | MaD:290 | +| URLClassLoaderSSRF.java:89:21:89:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:89:21:89:42 | new URL[] | provenance | Sink:MaD:15 | +| URLClassLoaderSSRF.java:89:21:89:42 | {...} : URL[] [[]] : URL | URLClassLoaderSSRF.java:89:21:89:42 | new URL[] | provenance | Sink:MaD:15 | +| URLClassLoaderSSRF.java:89:31:89:33 | uri : URI | URLClassLoaderSSRF.java:89:31:89:41 | toURL(...) : URL | provenance | MaD:292 | | URLClassLoaderSSRF.java:89:31:89:41 | toURL(...) : URL | URLClassLoaderSSRF.java:89:21:89:42 | {...} : URL[] [[]] : URL | provenance | | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:31:40:31:47 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:36:16:36:23 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:38:36:38:43 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:40:16:40:23 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:45:40:45:47 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:47:40:47:47 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:49:36:49:43 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:51:36:51:43 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:53:36:53:43 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:55:44:55:51 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:57:38:57:45 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:59:44:59:51 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:61:53:61:60 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:63:32:63:39 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:65:44:65:51 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:67:32:67:39 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:69:33:69:40 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:71:53:71:60 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:74:58:74:65 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:76:62:76:69 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:78:52:78:59 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:80:34:80:41 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:82:40:82:47 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:84:40:84:47 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:86:50:86:57 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:92:33:92:40 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:97:35:97:42 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:102:32:102:39 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:107:24:107:31 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:112:24:112:31 | source(...) : String | provenance | Src:MaD:277 | -| mad/Test.java:31:40:31:47 | source(...) : String | mad/Test.java:31:24:31:47 | (...)... | provenance | Sink:MaD:7 | -| mad/Test.java:36:16:36:23 | source(...) : String | mad/Test.java:36:10:36:23 | (...)... | provenance | Sink:MaD:9 | -| mad/Test.java:38:36:38:43 | source(...) : String | mad/Test.java:38:28:38:43 | (...)... | provenance | Sink:MaD:8 | -| mad/Test.java:40:16:40:23 | source(...) : String | mad/Test.java:40:10:40:23 | (...)... | provenance | Sink:MaD:10 | -| mad/Test.java:45:40:45:47 | source(...) : String | mad/Test.java:45:32:45:47 | (...)... | provenance | Sink:MaD:11 | -| mad/Test.java:45:40:45:47 | source(...) : String | mad/Test.java:45:32:45:47 | (...)... | provenance | Sink:MaD:11 | -| mad/Test.java:47:40:47:47 | source(...) : String | mad/Test.java:47:32:47:47 | (...)... | provenance | Sink:MaD:12 | -| mad/Test.java:47:40:47:47 | source(...) : String | mad/Test.java:47:32:47:47 | (...)... | provenance | Sink:MaD:12 | -| mad/Test.java:49:36:49:43 | source(...) : String | mad/Test.java:49:28:49:43 | (...)... | provenance | Sink:MaD:13 | -| mad/Test.java:49:36:49:43 | source(...) : String | mad/Test.java:49:28:49:43 | (...)... | provenance | Sink:MaD:13 | -| mad/Test.java:51:36:51:43 | source(...) : String | mad/Test.java:51:28:51:43 | (...)... | provenance | Sink:MaD:14 | -| mad/Test.java:51:36:51:43 | source(...) : String | mad/Test.java:51:28:51:43 | (...)... | provenance | Sink:MaD:14 | -| mad/Test.java:53:36:53:43 | source(...) : String | mad/Test.java:53:28:53:43 | (...)... | provenance | Sink:MaD:15 | -| mad/Test.java:53:36:53:43 | source(...) : String | mad/Test.java:53:28:53:43 | (...)... | provenance | Sink:MaD:15 | -| mad/Test.java:55:44:55:51 | source(...) : String | mad/Test.java:55:36:55:51 | (...)... | provenance | Sink:MaD:16 | -| mad/Test.java:57:38:57:45 | source(...) : String | mad/Test.java:57:32:57:45 | (...)... | provenance | Sink:MaD:25 | -| mad/Test.java:59:44:59:51 | source(...) : String | mad/Test.java:59:38:59:51 | (...)... | provenance | Sink:MaD:26 | -| mad/Test.java:61:53:61:60 | source(...) : String | mad/Test.java:61:47:61:60 | (...)... | provenance | Sink:MaD:24 | -| mad/Test.java:63:32:63:39 | source(...) : String | mad/Test.java:63:26:63:39 | (...)... | provenance | Sink:MaD:28 | -| mad/Test.java:65:44:65:51 | source(...) : String | mad/Test.java:65:38:65:51 | (...)... | provenance | Sink:MaD:29 | -| mad/Test.java:67:32:67:39 | source(...) : String | mad/Test.java:67:26:67:39 | (...)... | provenance | Sink:MaD:27 | -| mad/Test.java:69:33:69:40 | source(...) : String | mad/Test.java:69:27:69:40 | (...)... | provenance | Sink:MaD:22 | -| mad/Test.java:71:53:71:60 | source(...) : String | mad/Test.java:71:47:71:60 | (...)... | provenance | Sink:MaD:30 | -| mad/Test.java:74:58:74:65 | source(...) : String | mad/Test.java:74:50:74:65 | (...)... | provenance | Sink:MaD:32 | -| mad/Test.java:76:62:76:69 | source(...) : String | mad/Test.java:76:50:76:69 | (...)... | provenance | Sink:MaD:31 | -| mad/Test.java:78:52:78:59 | source(...) : String | mad/Test.java:78:43:78:59 | (...)... | provenance | Sink:MaD:33 | -| mad/Test.java:80:34:80:41 | source(...) : String | mad/Test.java:80:25:80:41 | (...)... | provenance | Sink:MaD:34 | -| mad/Test.java:82:40:82:47 | source(...) : String | mad/Test.java:82:31:82:47 | (...)... | provenance | Sink:MaD:35 | -| mad/Test.java:84:40:84:47 | source(...) : String | mad/Test.java:84:31:84:47 | (...)... | provenance | Sink:MaD:36 | -| mad/Test.java:86:50:86:57 | source(...) : String | mad/Test.java:86:41:86:57 | (...)... | provenance | Sink:MaD:37 | -| mad/Test.java:92:33:92:40 | source(...) : String | mad/Test.java:92:24:92:40 | (...)... | provenance | Sink:MaD:21 | -| mad/Test.java:97:35:97:42 | source(...) : String | mad/Test.java:97:29:97:42 | (...)... | provenance | Sink:MaD:234 | -| mad/Test.java:102:32:102:39 | source(...) : String | mad/Test.java:102:26:102:39 | (...)... | provenance | Sink:MaD:241 | -| mad/Test.java:107:24:107:31 | source(...) : String | mad/Test.java:107:15:107:31 | (...)... | provenance | Sink:MaD:276 | -| mad/Test.java:112:24:112:31 | source(...) : String | mad/Test.java:112:15:112:31 | (...)... | provenance | Sink:MaD:275 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:31:40:31:47 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:36:16:36:23 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:38:36:38:43 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:40:16:40:23 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:45:40:45:47 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:47:40:47:47 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:49:36:49:43 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:51:36:51:43 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:53:36:53:43 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:55:44:55:51 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:57:38:57:45 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:59:44:59:51 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:61:53:61:60 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:63:32:63:39 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:65:44:65:51 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:67:32:67:39 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:69:33:69:40 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:71:53:71:60 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:74:58:74:65 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:76:62:76:69 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:78:52:78:59 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:80:34:80:41 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:82:40:82:47 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:84:40:84:47 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:86:50:86:57 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:92:33:92:40 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:97:35:97:42 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:102:32:102:39 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:107:24:107:31 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:26:16:26:41 | getParameter(...) : String | mad/Test.java:112:24:112:31 | source(...) : String | provenance | Src:MaD:280 | +| mad/Test.java:31:40:31:47 | source(...) : String | mad/Test.java:31:24:31:47 | (...)... | provenance | Sink:MaD:10 | +| mad/Test.java:36:16:36:23 | source(...) : String | mad/Test.java:36:10:36:23 | (...)... | provenance | Sink:MaD:12 | +| mad/Test.java:38:36:38:43 | source(...) : String | mad/Test.java:38:28:38:43 | (...)... | provenance | Sink:MaD:11 | +| mad/Test.java:40:16:40:23 | source(...) : String | mad/Test.java:40:10:40:23 | (...)... | provenance | Sink:MaD:13 | +| mad/Test.java:45:40:45:47 | source(...) : String | mad/Test.java:45:32:45:47 | (...)... | provenance | Sink:MaD:14 | +| mad/Test.java:45:40:45:47 | source(...) : String | mad/Test.java:45:32:45:47 | (...)... | provenance | Sink:MaD:14 | +| mad/Test.java:47:40:47:47 | source(...) : String | mad/Test.java:47:32:47:47 | (...)... | provenance | Sink:MaD:15 | +| mad/Test.java:47:40:47:47 | source(...) : String | mad/Test.java:47:32:47:47 | (...)... | provenance | Sink:MaD:15 | +| mad/Test.java:49:36:49:43 | source(...) : String | mad/Test.java:49:28:49:43 | (...)... | provenance | Sink:MaD:16 | +| mad/Test.java:49:36:49:43 | source(...) : String | mad/Test.java:49:28:49:43 | (...)... | provenance | Sink:MaD:16 | +| mad/Test.java:51:36:51:43 | source(...) : String | mad/Test.java:51:28:51:43 | (...)... | provenance | Sink:MaD:17 | +| mad/Test.java:51:36:51:43 | source(...) : String | mad/Test.java:51:28:51:43 | (...)... | provenance | Sink:MaD:17 | +| mad/Test.java:53:36:53:43 | source(...) : String | mad/Test.java:53:28:53:43 | (...)... | provenance | Sink:MaD:18 | +| mad/Test.java:53:36:53:43 | source(...) : String | mad/Test.java:53:28:53:43 | (...)... | provenance | Sink:MaD:18 | +| mad/Test.java:55:44:55:51 | source(...) : String | mad/Test.java:55:36:55:51 | (...)... | provenance | Sink:MaD:19 | +| mad/Test.java:57:38:57:45 | source(...) : String | mad/Test.java:57:32:57:45 | (...)... | provenance | Sink:MaD:28 | +| mad/Test.java:59:44:59:51 | source(...) : String | mad/Test.java:59:38:59:51 | (...)... | provenance | Sink:MaD:29 | +| mad/Test.java:61:53:61:60 | source(...) : String | mad/Test.java:61:47:61:60 | (...)... | provenance | Sink:MaD:27 | +| mad/Test.java:63:32:63:39 | source(...) : String | mad/Test.java:63:26:63:39 | (...)... | provenance | Sink:MaD:31 | +| mad/Test.java:65:44:65:51 | source(...) : String | mad/Test.java:65:38:65:51 | (...)... | provenance | Sink:MaD:32 | +| mad/Test.java:67:32:67:39 | source(...) : String | mad/Test.java:67:26:67:39 | (...)... | provenance | Sink:MaD:30 | +| mad/Test.java:69:33:69:40 | source(...) : String | mad/Test.java:69:27:69:40 | (...)... | provenance | Sink:MaD:25 | +| mad/Test.java:71:53:71:60 | source(...) : String | mad/Test.java:71:47:71:60 | (...)... | provenance | Sink:MaD:33 | +| mad/Test.java:74:58:74:65 | source(...) : String | mad/Test.java:74:50:74:65 | (...)... | provenance | Sink:MaD:35 | +| mad/Test.java:76:62:76:69 | source(...) : String | mad/Test.java:76:50:76:69 | (...)... | provenance | Sink:MaD:34 | +| mad/Test.java:78:52:78:59 | source(...) : String | mad/Test.java:78:43:78:59 | (...)... | provenance | Sink:MaD:36 | +| mad/Test.java:80:34:80:41 | source(...) : String | mad/Test.java:80:25:80:41 | (...)... | provenance | Sink:MaD:37 | +| mad/Test.java:82:40:82:47 | source(...) : String | mad/Test.java:82:31:82:47 | (...)... | provenance | Sink:MaD:38 | +| mad/Test.java:84:40:84:47 | source(...) : String | mad/Test.java:84:31:84:47 | (...)... | provenance | Sink:MaD:39 | +| mad/Test.java:86:50:86:57 | source(...) : String | mad/Test.java:86:41:86:57 | (...)... | provenance | Sink:MaD:40 | +| mad/Test.java:92:33:92:40 | source(...) : String | mad/Test.java:92:24:92:40 | (...)... | provenance | Sink:MaD:24 | +| mad/Test.java:97:35:97:42 | source(...) : String | mad/Test.java:97:29:97:42 | (...)... | provenance | Sink:MaD:237 | +| mad/Test.java:102:32:102:39 | source(...) : String | mad/Test.java:102:26:102:39 | (...)... | provenance | Sink:MaD:244 | +| mad/Test.java:107:24:107:31 | source(...) : String | mad/Test.java:107:15:107:31 | (...)... | provenance | Sink:MaD:279 | +| mad/Test.java:112:24:112:31 | source(...) : String | mad/Test.java:112:15:112:31 | (...)... | provenance | Sink:MaD:278 | models | 1 | Sink: com.zaxxer.hikari; HikariConfig; false; HikariConfig; (Properties); ; Argument[0]; request-forgery; manual | | 2 | Sink: com.zaxxer.hikari; HikariConfig; false; setJdbcUrl; (String); ; Argument[0]; request-forgery; manual | -| 3 | Sink: jakarta.ws.rs.client; Client; true; target; ; ; Argument[0]; request-forgery; manual | -| 4 | Sink: java.net.http; HttpClient; true; send; (HttpRequest,HttpResponse$BodyHandler); ; Argument[0]; request-forgery; ai-manual | -| 5 | Sink: java.net.http; HttpRequest$Builder; false; uri; ; ; Argument[0]; request-forgery; manual | -| 6 | Sink: java.net.http; HttpRequest; false; newBuilder; ; ; Argument[0]; request-forgery; manual | -| 7 | Sink: java.net; DatagramSocket; true; connect; (SocketAddress); ; Argument[0]; request-forgery; ai-manual | -| 8 | Sink: java.net; URL; false; openConnection; (Proxy); ; Argument[0]; request-forgery; ai-manual | -| 9 | Sink: java.net; URL; false; openConnection; ; ; Argument[this]; request-forgery; manual | -| 10 | Sink: java.net; URL; false; openStream; ; ; Argument[this]; request-forgery; manual | -| 11 | Sink: java.net; URLClassLoader; false; URLClassLoader; (String,URL[],ClassLoader); ; Argument[1]; request-forgery; manual | -| 12 | Sink: java.net; URLClassLoader; false; URLClassLoader; (String,URL[],ClassLoader,URLStreamHandlerFactory); ; Argument[1]; request-forgery; manual | -| 13 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[]); ; Argument[0]; request-forgery; manual | -| 14 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[],ClassLoader); ; Argument[0]; request-forgery; manual | -| 15 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[],ClassLoader,URLStreamHandlerFactory); ; Argument[0]; request-forgery; manual | -| 16 | Sink: java.net; URLClassLoader; false; newInstance; ; ; Argument[0]; request-forgery; manual | -| 17 | Sink: java.sql; Driver; false; connect; (String,Properties); ; Argument[0]; request-forgery; manual | -| 18 | Sink: java.sql; DriverManager; false; getConnection; (String); ; Argument[0]; request-forgery; manual | -| 19 | Sink: java.sql; DriverManager; false; getConnection; (String,Properties); ; Argument[0]; request-forgery; manual | -| 20 | Sink: java.sql; DriverManager; false; getConnection; (String,String,String); ; Argument[0]; request-forgery; manual | -| 21 | Sink: javafx.scene.web; WebEngine; false; load; (String); ; Argument[0]; request-forgery; ai-manual | -| 22 | Sink: javax.activation; URLDataSource; true; URLDataSource; ; ; Argument[0]; request-forgery; manual | -| 23 | Sink: javax.ws.rs.client; Client; true; target; ; ; Argument[0]; request-forgery; manual | -| 24 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL); ; Argument[1]; request-forgery; ai-manual | -| 25 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL,URL); ; Argument[1]; request-forgery; ai-manual | -| 26 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL,URL); ; Argument[2]; request-forgery; ai-manual | -| 27 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL); ; Argument[0]; request-forgery; ai-manual | -| 28 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL,URL); ; Argument[0]; request-forgery; ai-manual | -| 29 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL,URL); ; Argument[1]; request-forgery; ai-manual | -| 30 | Sink: org.apache.cxf.catalog; OASISCatalogManager; true; loadCatalog; (URL); ; Argument[0]; request-forgery; manual | -| 31 | Sink: org.apache.cxf.common.classloader; ClassLoaderUtils; true; getURLClassLoader; (List,ClassLoader); ; Argument[0]; request-forgery; manual | -| 32 | Sink: org.apache.cxf.common.classloader; ClassLoaderUtils; true; getURLClassLoader; (URL[],ClassLoader); ; Argument[0]; request-forgery; manual | -| 33 | Sink: org.apache.cxf.resource; ExtendedURIResolver; true; resolve; (String,String); ; Argument[0]; request-forgery; manual | -| 34 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String); ; Argument[0]; request-forgery; manual | -| 35 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String,String); ; Argument[1]; request-forgery; manual | -| 36 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String,String,Class); ; Argument[1]; request-forgery; manual | -| 37 | Sink: org.apache.cxf.resource; URIResolver; true; resolve; (String,String,Class); ; Argument[1]; request-forgery; manual | -| 38 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 39 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | -| 40 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 41 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 42 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 43 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 44 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 45 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 46 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 47 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 48 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 49 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 50 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 51 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 52 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 53 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 54 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 55 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 56 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 57 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 58 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 59 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 60 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 61 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 62 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 63 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 64 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 65 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 66 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 67 | Sink: org.apache.hc.client5.http.async.methods; ConfigurableHttpRequest; true; ConfigurableHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 68 | Sink: org.apache.hc.client5.http.async.methods; ConfigurableHttpRequest; true; ConfigurableHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 69 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 70 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 71 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 72 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 73 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 74 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 75 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 76 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 77 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 78 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | -| 79 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 80 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 81 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 82 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 83 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 84 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 85 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 86 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 87 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 88 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 89 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 90 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 91 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 92 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 93 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 94 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 95 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 96 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 97 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 98 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 99 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 100 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 101 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 102 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 103 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | -| 104 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 105 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 106 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 107 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 108 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 109 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 110 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 111 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 112 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 113 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 114 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 115 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 116 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 117 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 118 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 119 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 120 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 121 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 122 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | -| 123 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 124 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 125 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 126 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 127 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 128 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 129 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 130 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 131 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 132 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 133 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 134 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 135 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 136 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 137 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 138 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 139 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 140 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 141 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 142 | Sink: org.apache.hc.client5.http.classic.methods; HttpDelete; true; HttpDelete; (String); ; Argument[0]; request-forgery; hq-manual | -| 143 | Sink: org.apache.hc.client5.http.classic.methods; HttpDelete; true; HttpDelete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 144 | Sink: org.apache.hc.client5.http.classic.methods; HttpGet; true; HttpGet; (String); ; Argument[0]; request-forgery; hq-manual | -| 145 | Sink: org.apache.hc.client5.http.classic.methods; HttpGet; true; HttpGet; (URI); ; Argument[0]; request-forgery; hq-manual | -| 146 | Sink: org.apache.hc.client5.http.classic.methods; HttpHead; true; HttpHead; (String); ; Argument[0]; request-forgery; hq-manual | -| 147 | Sink: org.apache.hc.client5.http.classic.methods; HttpHead; true; HttpHead; (URI); ; Argument[0]; request-forgery; hq-manual | -| 148 | Sink: org.apache.hc.client5.http.classic.methods; HttpOptions; true; HttpOptions; (String); ; Argument[0]; request-forgery; hq-manual | -| 149 | Sink: org.apache.hc.client5.http.classic.methods; HttpOptions; true; HttpOptions; (URI); ; Argument[0]; request-forgery; hq-manual | -| 150 | Sink: org.apache.hc.client5.http.classic.methods; HttpPatch; true; HttpPatch; (String); ; Argument[0]; request-forgery; hq-manual | -| 151 | Sink: org.apache.hc.client5.http.classic.methods; HttpPatch; true; HttpPatch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 152 | Sink: org.apache.hc.client5.http.classic.methods; HttpPost; true; HttpPost; (String); ; Argument[0]; request-forgery; hq-manual | -| 153 | Sink: org.apache.hc.client5.http.classic.methods; HttpPost; true; HttpPost; (URI); ; Argument[0]; request-forgery; hq-manual | -| 154 | Sink: org.apache.hc.client5.http.classic.methods; HttpPut; true; HttpPut; (String); ; Argument[0]; request-forgery; hq-manual | -| 155 | Sink: org.apache.hc.client5.http.classic.methods; HttpPut; true; HttpPut; (URI); ; Argument[0]; request-forgery; hq-manual | -| 156 | Sink: org.apache.hc.client5.http.classic.methods; HttpTrace; true; HttpTrace; (String); ; Argument[0]; request-forgery; hq-manual | -| 157 | Sink: org.apache.hc.client5.http.classic.methods; HttpTrace; true; HttpTrace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 158 | Sink: org.apache.hc.client5.http.classic.methods; HttpUriRequestBase; true; HttpUriRequestBase; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 159 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 160 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 161 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 162 | Sink: org.apache.hc.client5.http.fluent; Request; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 163 | Sink: org.apache.hc.client5.http.fluent; Request; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 164 | Sink: org.apache.hc.client5.http.fluent; Request; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 165 | Sink: org.apache.hc.client5.http.fluent; Request; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 166 | Sink: org.apache.hc.client5.http.fluent; Request; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 167 | Sink: org.apache.hc.client5.http.fluent; Request; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 168 | Sink: org.apache.hc.client5.http.fluent; Request; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 169 | Sink: org.apache.hc.client5.http.fluent; Request; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 170 | Sink: org.apache.hc.client5.http.fluent; Request; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 171 | Sink: org.apache.hc.client5.http.fluent; Request; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 172 | Sink: org.apache.hc.client5.http.fluent; Request; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 173 | Sink: org.apache.hc.client5.http.fluent; Request; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 174 | Sink: org.apache.hc.client5.http.fluent; Request; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 175 | Sink: org.apache.hc.client5.http.fluent; Request; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 176 | Sink: org.apache.hc.client5.http.fluent; Request; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 177 | Sink: org.apache.hc.client5.http.fluent; Request; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 178 | Sink: org.apache.hc.core5.http.impl.bootstrap; HttpAsyncRequester; true; connect; (HttpHost,Timeout); ; Argument[0]; request-forgery; hq-manual | -| 179 | Sink: org.apache.hc.core5.http.impl.bootstrap; HttpAsyncRequester; true; connect; (HttpHost,Timeout,Object,FutureCallback); ; Argument[0]; request-forgery; hq-manual | -| 180 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | -| 181 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | -| 182 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; get; (String); ; Argument[0]; request-forgery; hq-manual | -| 183 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | -| 184 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; head; (String); ; Argument[0]; request-forgery; hq-manual | -| 185 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | -| 186 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; options; (String); ; Argument[0]; request-forgery; hq-manual | -| 187 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | -| 188 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | -| 189 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | -| 190 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; post; (String); ; Argument[0]; request-forgery; hq-manual | -| 191 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | -| 192 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; put; (String); ; Argument[0]; request-forgery; hq-manual | -| 193 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | -| 194 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | -| 195 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | -| 196 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 197 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 198 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 199 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 200 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 201 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | -| 202 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | -| 203 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 204 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setHttpHost; (HttpHost); ; Argument[0]; request-forgery; hq-manual | -| 205 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setUri; (String); ; Argument[0]; request-forgery; hq-manual | -| 206 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setUri; (URI); ; Argument[0]; request-forgery; hq-manual | -| 207 | Sink: org.apache.hc.core5.http; HttpRequest; true; setUri; (URI); ; Argument[0]; request-forgery; hq-manual | -| 208 | Sink: org.apache.hc.core5.http; HttpRequestFactory; true; newHttpRequest; (String,String); ; Argument[1]; request-forgery; hq-manual | -| 209 | Sink: org.apache.hc.core5.http; HttpRequestFactory; true; newHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | -| 210 | Sink: org.apache.http.client.methods; HttpDelete; false; HttpDelete; ; ; Argument[0]; request-forgery; manual | -| 211 | Sink: org.apache.http.client.methods; HttpGet; false; HttpGet; ; ; Argument[0]; request-forgery; manual | -| 212 | Sink: org.apache.http.client.methods; HttpHead; false; HttpHead; ; ; Argument[0]; request-forgery; manual | -| 213 | Sink: org.apache.http.client.methods; HttpOptions; false; HttpOptions; ; ; Argument[0]; request-forgery; manual | -| 214 | Sink: org.apache.http.client.methods; HttpPatch; false; HttpPatch; ; ; Argument[0]; request-forgery; manual | -| 215 | Sink: org.apache.http.client.methods; HttpPost; false; HttpPost; ; ; Argument[0]; request-forgery; manual | -| 216 | Sink: org.apache.http.client.methods; HttpPut; false; HttpPut; ; ; Argument[0]; request-forgery; manual | -| 217 | Sink: org.apache.http.client.methods; HttpRequestBase; true; setURI; ; ; Argument[0]; request-forgery; manual | -| 218 | Sink: org.apache.http.client.methods; HttpTrace; false; HttpTrace; ; ; Argument[0]; request-forgery; manual | -| 219 | Sink: org.apache.http.client.methods; RequestBuilder; false; delete; ; ; Argument[0]; request-forgery; manual | -| 220 | Sink: org.apache.http.client.methods; RequestBuilder; false; get; ; ; Argument[0]; request-forgery; manual | -| 221 | Sink: org.apache.http.client.methods; RequestBuilder; false; head; ; ; Argument[0]; request-forgery; manual | -| 222 | Sink: org.apache.http.client.methods; RequestBuilder; false; options; ; ; Argument[0]; request-forgery; manual | -| 223 | Sink: org.apache.http.client.methods; RequestBuilder; false; patch; ; ; Argument[0]; request-forgery; manual | -| 224 | Sink: org.apache.http.client.methods; RequestBuilder; false; post; ; ; Argument[0]; request-forgery; manual | -| 225 | Sink: org.apache.http.client.methods; RequestBuilder; false; put; ; ; Argument[0]; request-forgery; manual | -| 226 | Sink: org.apache.http.client.methods; RequestBuilder; false; setUri; ; ; Argument[0]; request-forgery; manual | -| 227 | Sink: org.apache.http.client.methods; RequestBuilder; false; trace; ; ; Argument[0]; request-forgery; manual | -| 228 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (RequestLine); ; Argument[0]; request-forgery; manual | -| 229 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (String,String); ; Argument[1]; request-forgery; manual | -| 230 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (String,String,ProtocolVersion); ; Argument[1]; request-forgery; manual | -| 231 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (RequestLine); ; Argument[0]; request-forgery; manual | -| 232 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (String,String); ; Argument[1]; request-forgery; manual | -| 233 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (String,String,ProtocolVersion); ; Argument[1]; request-forgery; manual | -| 234 | Sink: org.codehaus.cargo.container.installer; ZipURLInstaller; true; ZipURLInstaller; (URL,String,String); ; Argument[0]; request-forgery; ai-manual | -| 235 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String); ; Argument[0]; request-forgery; manual | -| 236 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String,Properties); ; Argument[0]; request-forgery; manual | -| 237 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String,String,String); ; Argument[0]; request-forgery; manual | -| 238 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String); ; Argument[0]; request-forgery; manual | -| 239 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String,Properties); ; Argument[0]; request-forgery; manual | -| 240 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String,String,String); ; Argument[0]; request-forgery; manual | -| 241 | Sink: org.kohsuke.stapler; HttpResponses; true; staticResource; (URL); ; Argument[0]; request-forgery; ai-manual | -| 242 | Sink: org.springframework.boot.jdbc; DataSourceBuilder; false; url; (String); ; Argument[0]; request-forgery; manual | -| 243 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (HttpMethod,URI); ; Argument[1]; request-forgery; manual | -| 244 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (MultiValueMap,HttpMethod,URI); ; Argument[2]; request-forgery; manual | -| 245 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,HttpMethod,URI); ; Argument[2]; request-forgery; manual | -| 246 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,HttpMethod,URI,Type); ; Argument[2]; request-forgery; manual | -| 247 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,MultiValueMap,HttpMethod,URI); ; Argument[3]; request-forgery; manual | -| 248 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,MultiValueMap,HttpMethod,URI,Type); ; Argument[3]; request-forgery; manual | -| 249 | Sink: org.springframework.http; RequestEntity; false; delete; ; ; Argument[0]; request-forgery; manual | -| 250 | Sink: org.springframework.http; RequestEntity; false; get; ; ; Argument[0]; request-forgery; manual | -| 251 | Sink: org.springframework.http; RequestEntity; false; head; ; ; Argument[0]; request-forgery; manual | -| 252 | Sink: org.springframework.http; RequestEntity; false; method; ; ; Argument[1]; request-forgery; manual | -| 253 | Sink: org.springframework.http; RequestEntity; false; options; ; ; Argument[0]; request-forgery; manual | -| 254 | Sink: org.springframework.http; RequestEntity; false; patch; ; ; Argument[0]; request-forgery; manual | -| 255 | Sink: org.springframework.http; RequestEntity; false; post; ; ; Argument[0]; request-forgery; manual | -| 256 | Sink: org.springframework.http; RequestEntity; false; put; ; ; Argument[0]; request-forgery; manual | -| 257 | Sink: org.springframework.jdbc.datasource; AbstractDriverBasedDataSource; false; setUrl; (String); ; Argument[0]; request-forgery; manual | -| 258 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String); ; Argument[0]; request-forgery; manual | -| 259 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String,Properties); ; Argument[0]; request-forgery; manual | -| 260 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String,String,String); ; Argument[0]; request-forgery; manual | -| 261 | Sink: org.springframework.web.client; RestTemplate; false; delete; ; ; Argument[0]; request-forgery; manual | -| 262 | Sink: org.springframework.web.client; RestTemplate; false; exchange; ; ; Argument[0]; request-forgery; manual | -| 263 | Sink: org.springframework.web.client; RestTemplate; false; execute; ; ; Argument[0]; request-forgery; manual | -| 264 | Sink: org.springframework.web.client; RestTemplate; false; getForEntity; ; ; Argument[0]; request-forgery; manual | -| 265 | Sink: org.springframework.web.client; RestTemplate; false; getForObject; ; ; Argument[0]; request-forgery; manual | -| 266 | Sink: org.springframework.web.client; RestTemplate; false; headForHeaders; ; ; Argument[0]; request-forgery; manual | -| 267 | Sink: org.springframework.web.client; RestTemplate; false; optionsForAllow; ; ; Argument[0]; request-forgery; manual | -| 268 | Sink: org.springframework.web.client; RestTemplate; false; patchForObject; ; ; Argument[0]; request-forgery; manual | -| 269 | Sink: org.springframework.web.client; RestTemplate; false; postForEntity; ; ; Argument[0]; request-forgery; manual | -| 270 | Sink: org.springframework.web.client; RestTemplate; false; postForLocation; ; ; Argument[0]; request-forgery; manual | -| 271 | Sink: org.springframework.web.client; RestTemplate; false; postForObject; ; ; Argument[0]; request-forgery; manual | -| 272 | Sink: org.springframework.web.client; RestTemplate; false; put; ; ; Argument[0]; request-forgery; manual | -| 273 | Sink: org.springframework.web.reactive.function.client; WebClient$Builder; false; baseUrl; ; ; Argument[0]; request-forgery; manual | -| 274 | Sink: org.springframework.web.reactive.function.client; WebClient; false; create; ; ; Argument[0]; request-forgery; manual | -| 275 | Sink: play.libs.ws; StandaloneWSClient; true; url; ; ; Argument[0]; request-forgery; manual | -| 276 | Sink: play.libs.ws; WSClient; true; url; ; ; Argument[0]; request-forgery; manual | -| 277 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | -| 278 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[0]; Argument[this]; taint; manual | -| 279 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[this]; ReturnValue; value; manual | -| 280 | Summary: java.lang; CharSequence; true; toString; ; ; Argument[this]; ReturnValue; taint; manual | -| 281 | Summary: java.lang; String; false; format; (String,Object[]); ; Argument[1].ArrayElement; ReturnValue; taint; manual | -| 282 | Summary: java.lang; StringBuilder; true; StringBuilder; ; ; Argument[0]; Argument[this]; taint; manual | -| 283 | Summary: java.net.http; HttpRequest$Builder; true; build; (); ; Argument[this]; ReturnValue; taint; df-generated | -| 284 | Summary: java.net.http; HttpRequest; true; newBuilder; (URI); ; Argument[0]; ReturnValue; taint; df-generated | -| 285 | Summary: java.net; URI; false; URI; (String); ; Argument[0]; Argument[this]; taint; manual | -| 286 | Summary: java.net; URI; false; toString; ; ; Argument[this]; ReturnValue; taint; manual | -| 287 | Summary: java.net; URI; false; toURL; ; ; Argument[this]; ReturnValue; taint; manual | -| 288 | Summary: java.net; URL; false; URL; (String); ; Argument[0]; Argument[this]; taint; manual | -| 289 | Summary: java.util; List; false; of; (Object); ; Argument[0]; ReturnValue.Element; value; manual | -| 290 | Summary: java.util; List; true; get; (int); ; Argument[this].Element; ReturnValue; value; manual | -| 291 | Summary: java.util; Map; false; of; ; ; Argument[1]; ReturnValue.MapValue; value; manual | -| 292 | Summary: java.util; Map; false; of; ; ; Argument[3]; ReturnValue.MapValue; value; manual | -| 293 | Summary: java.util; Properties; true; setProperty; (String,String); ; Argument[1]; Argument[this].MapValue; value; manual | -| 294 | Summary: org.apache.hc.core5.http; HttpHost; true; HttpHost; (String); ; Argument[0]; Argument[this]; taint; hq-manual | -| 295 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual | +| 3 | Sink: io.micronaut.http.client; BlockingHttpClient; true; exchange; (String); ; Argument[0]; request-forgery; manual | +| 4 | Sink: io.micronaut.http.client; BlockingHttpClient; true; retrieve; (String); ; Argument[0]; request-forgery; manual | +| 5 | Sink: io.micronaut.http.client; BlockingHttpClient; true; retrieve; (String,Class); ; Argument[0]; request-forgery; manual | +| 6 | Sink: jakarta.ws.rs.client; Client; true; target; ; ; Argument[0]; request-forgery; manual | +| 7 | Sink: java.net.http; HttpClient; true; send; (HttpRequest,HttpResponse$BodyHandler); ; Argument[0]; request-forgery; ai-manual | +| 8 | Sink: java.net.http; HttpRequest$Builder; false; uri; ; ; Argument[0]; request-forgery; manual | +| 9 | Sink: java.net.http; HttpRequest; false; newBuilder; ; ; Argument[0]; request-forgery; manual | +| 10 | Sink: java.net; DatagramSocket; true; connect; (SocketAddress); ; Argument[0]; request-forgery; ai-manual | +| 11 | Sink: java.net; URL; false; openConnection; (Proxy); ; Argument[0]; request-forgery; ai-manual | +| 12 | Sink: java.net; URL; false; openConnection; ; ; Argument[this]; request-forgery; manual | +| 13 | Sink: java.net; URL; false; openStream; ; ; Argument[this]; request-forgery; manual | +| 14 | Sink: java.net; URLClassLoader; false; URLClassLoader; (String,URL[],ClassLoader); ; Argument[1]; request-forgery; manual | +| 15 | Sink: java.net; URLClassLoader; false; URLClassLoader; (String,URL[],ClassLoader,URLStreamHandlerFactory); ; Argument[1]; request-forgery; manual | +| 16 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[]); ; Argument[0]; request-forgery; manual | +| 17 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[],ClassLoader); ; Argument[0]; request-forgery; manual | +| 18 | Sink: java.net; URLClassLoader; false; URLClassLoader; (URL[],ClassLoader,URLStreamHandlerFactory); ; Argument[0]; request-forgery; manual | +| 19 | Sink: java.net; URLClassLoader; false; newInstance; ; ; Argument[0]; request-forgery; manual | +| 20 | Sink: java.sql; Driver; false; connect; (String,Properties); ; Argument[0]; request-forgery; manual | +| 21 | Sink: java.sql; DriverManager; false; getConnection; (String); ; Argument[0]; request-forgery; manual | +| 22 | Sink: java.sql; DriverManager; false; getConnection; (String,Properties); ; Argument[0]; request-forgery; manual | +| 23 | Sink: java.sql; DriverManager; false; getConnection; (String,String,String); ; Argument[0]; request-forgery; manual | +| 24 | Sink: javafx.scene.web; WebEngine; false; load; (String); ; Argument[0]; request-forgery; ai-manual | +| 25 | Sink: javax.activation; URLDataSource; true; URLDataSource; ; ; Argument[0]; request-forgery; manual | +| 26 | Sink: javax.ws.rs.client; Client; true; target; ; ; Argument[0]; request-forgery; manual | +| 27 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL); ; Argument[1]; request-forgery; ai-manual | +| 28 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL,URL); ; Argument[1]; request-forgery; ai-manual | +| 29 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (JellyContext,URL,URL); ; Argument[2]; request-forgery; ai-manual | +| 30 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL); ; Argument[0]; request-forgery; ai-manual | +| 31 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL,URL); ; Argument[0]; request-forgery; ai-manual | +| 32 | Sink: org.apache.commons.jelly; JellyContext; true; JellyContext; (URL,URL); ; Argument[1]; request-forgery; ai-manual | +| 33 | Sink: org.apache.cxf.catalog; OASISCatalogManager; true; loadCatalog; (URL); ; Argument[0]; request-forgery; manual | +| 34 | Sink: org.apache.cxf.common.classloader; ClassLoaderUtils; true; getURLClassLoader; (List,ClassLoader); ; Argument[0]; request-forgery; manual | +| 35 | Sink: org.apache.cxf.common.classloader; ClassLoaderUtils; true; getURLClassLoader; (URL[],ClassLoader); ; Argument[0]; request-forgery; manual | +| 36 | Sink: org.apache.cxf.resource; ExtendedURIResolver; true; resolve; (String,String); ; Argument[0]; request-forgery; manual | +| 37 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String); ; Argument[0]; request-forgery; manual | +| 38 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String,String); ; Argument[1]; request-forgery; manual | +| 39 | Sink: org.apache.cxf.resource; URIResolver; true; URIResolver; (String,String,Class); ; Argument[1]; request-forgery; manual | +| 40 | Sink: org.apache.cxf.resource; URIResolver; true; resolve; (String,String,Class); ; Argument[1]; request-forgery; manual | +| 41 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 42 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | +| 43 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 44 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 45 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 46 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 47 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 48 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 49 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 50 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 51 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 52 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 53 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 54 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 55 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 56 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 57 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 58 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 59 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 60 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 61 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 62 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 63 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 64 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 65 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 66 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 67 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 68 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 69 | Sink: org.apache.hc.client5.http.async.methods; BasicHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 70 | Sink: org.apache.hc.client5.http.async.methods; ConfigurableHttpRequest; true; ConfigurableHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 71 | Sink: org.apache.hc.client5.http.async.methods; ConfigurableHttpRequest; true; ConfigurableHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 72 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 73 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 74 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 75 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; SimpleHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 76 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 77 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 78 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 79 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequest; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 80 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 81 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | +| 82 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 83 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 84 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 85 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 86 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 87 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 88 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 89 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 90 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 91 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 92 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 93 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 94 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 95 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 96 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 97 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 98 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 99 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 100 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 101 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 102 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 103 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 104 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 105 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 106 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (HttpHost,String); ; Argument[0]; request-forgery; hq-manual | +| 107 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 108 | Sink: org.apache.hc.client5.http.async.methods; SimpleHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 109 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 110 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 111 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 112 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 113 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 114 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 115 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 116 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 117 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 118 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 119 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 120 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 121 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 122 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 123 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 124 | Sink: org.apache.hc.client5.http.async.methods; SimpleRequestBuilder; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 125 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (Method,String); ; Argument[1]; request-forgery; hq-manual | +| 126 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 127 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 128 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 129 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 130 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 131 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 132 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 133 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 134 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 135 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 136 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 137 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 138 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 139 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 140 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 141 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 142 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 143 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 144 | Sink: org.apache.hc.client5.http.classic.methods; ClassicHttpRequests; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 145 | Sink: org.apache.hc.client5.http.classic.methods; HttpDelete; true; HttpDelete; (String); ; Argument[0]; request-forgery; hq-manual | +| 146 | Sink: org.apache.hc.client5.http.classic.methods; HttpDelete; true; HttpDelete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 147 | Sink: org.apache.hc.client5.http.classic.methods; HttpGet; true; HttpGet; (String); ; Argument[0]; request-forgery; hq-manual | +| 148 | Sink: org.apache.hc.client5.http.classic.methods; HttpGet; true; HttpGet; (URI); ; Argument[0]; request-forgery; hq-manual | +| 149 | Sink: org.apache.hc.client5.http.classic.methods; HttpHead; true; HttpHead; (String); ; Argument[0]; request-forgery; hq-manual | +| 150 | Sink: org.apache.hc.client5.http.classic.methods; HttpHead; true; HttpHead; (URI); ; Argument[0]; request-forgery; hq-manual | +| 151 | Sink: org.apache.hc.client5.http.classic.methods; HttpOptions; true; HttpOptions; (String); ; Argument[0]; request-forgery; hq-manual | +| 152 | Sink: org.apache.hc.client5.http.classic.methods; HttpOptions; true; HttpOptions; (URI); ; Argument[0]; request-forgery; hq-manual | +| 153 | Sink: org.apache.hc.client5.http.classic.methods; HttpPatch; true; HttpPatch; (String); ; Argument[0]; request-forgery; hq-manual | +| 154 | Sink: org.apache.hc.client5.http.classic.methods; HttpPatch; true; HttpPatch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 155 | Sink: org.apache.hc.client5.http.classic.methods; HttpPost; true; HttpPost; (String); ; Argument[0]; request-forgery; hq-manual | +| 156 | Sink: org.apache.hc.client5.http.classic.methods; HttpPost; true; HttpPost; (URI); ; Argument[0]; request-forgery; hq-manual | +| 157 | Sink: org.apache.hc.client5.http.classic.methods; HttpPut; true; HttpPut; (String); ; Argument[0]; request-forgery; hq-manual | +| 158 | Sink: org.apache.hc.client5.http.classic.methods; HttpPut; true; HttpPut; (URI); ; Argument[0]; request-forgery; hq-manual | +| 159 | Sink: org.apache.hc.client5.http.classic.methods; HttpTrace; true; HttpTrace; (String); ; Argument[0]; request-forgery; hq-manual | +| 160 | Sink: org.apache.hc.client5.http.classic.methods; HttpTrace; true; HttpTrace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 161 | Sink: org.apache.hc.client5.http.classic.methods; HttpUriRequestBase; true; HttpUriRequestBase; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 162 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 163 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 164 | Sink: org.apache.hc.client5.http.fluent; Request; true; create; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 165 | Sink: org.apache.hc.client5.http.fluent; Request; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 166 | Sink: org.apache.hc.client5.http.fluent; Request; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 167 | Sink: org.apache.hc.client5.http.fluent; Request; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 168 | Sink: org.apache.hc.client5.http.fluent; Request; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 169 | Sink: org.apache.hc.client5.http.fluent; Request; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 170 | Sink: org.apache.hc.client5.http.fluent; Request; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 171 | Sink: org.apache.hc.client5.http.fluent; Request; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 172 | Sink: org.apache.hc.client5.http.fluent; Request; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 173 | Sink: org.apache.hc.client5.http.fluent; Request; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 174 | Sink: org.apache.hc.client5.http.fluent; Request; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 175 | Sink: org.apache.hc.client5.http.fluent; Request; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 176 | Sink: org.apache.hc.client5.http.fluent; Request; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 177 | Sink: org.apache.hc.client5.http.fluent; Request; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 178 | Sink: org.apache.hc.client5.http.fluent; Request; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 179 | Sink: org.apache.hc.client5.http.fluent; Request; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 180 | Sink: org.apache.hc.client5.http.fluent; Request; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 181 | Sink: org.apache.hc.core5.http.impl.bootstrap; HttpAsyncRequester; true; connect; (HttpHost,Timeout); ; Argument[0]; request-forgery; hq-manual | +| 182 | Sink: org.apache.hc.core5.http.impl.bootstrap; HttpAsyncRequester; true; connect; (HttpHost,Timeout,Object,FutureCallback); ; Argument[0]; request-forgery; hq-manual | +| 183 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; delete; (String); ; Argument[0]; request-forgery; hq-manual | +| 184 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; delete; (URI); ; Argument[0]; request-forgery; hq-manual | +| 185 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; get; (String); ; Argument[0]; request-forgery; hq-manual | +| 186 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; get; (URI); ; Argument[0]; request-forgery; hq-manual | +| 187 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; head; (String); ; Argument[0]; request-forgery; hq-manual | +| 188 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; head; (URI); ; Argument[0]; request-forgery; hq-manual | +| 189 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; options; (String); ; Argument[0]; request-forgery; hq-manual | +| 190 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; options; (URI); ; Argument[0]; request-forgery; hq-manual | +| 191 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; patch; (String); ; Argument[0]; request-forgery; hq-manual | +| 192 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; patch; (URI); ; Argument[0]; request-forgery; hq-manual | +| 193 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; post; (String); ; Argument[0]; request-forgery; hq-manual | +| 194 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; post; (URI); ; Argument[0]; request-forgery; hq-manual | +| 195 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; put; (String); ; Argument[0]; request-forgery; hq-manual | +| 196 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; put; (URI); ; Argument[0]; request-forgery; hq-manual | +| 197 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; trace; (String); ; Argument[0]; request-forgery; hq-manual | +| 198 | Sink: org.apache.hc.core5.http.io.support; ClassicRequestBuilder; true; trace; (URI); ; Argument[0]; request-forgery; hq-manual | +| 199 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 200 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 201 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 202 | Sink: org.apache.hc.core5.http.message; BasicClassicHttpRequest; true; BasicClassicHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 203 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (Method,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 204 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (Method,URI); ; Argument[1]; request-forgery; hq-manual | +| 205 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (String,HttpHost,String); ; Argument[1]; request-forgery; hq-manual | +| 206 | Sink: org.apache.hc.core5.http.message; BasicHttpRequest; true; BasicHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 207 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setHttpHost; (HttpHost); ; Argument[0]; request-forgery; hq-manual | +| 208 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setUri; (String); ; Argument[0]; request-forgery; hq-manual | +| 209 | Sink: org.apache.hc.core5.http.support; AbstractRequestBuilder; true; setUri; (URI); ; Argument[0]; request-forgery; hq-manual | +| 210 | Sink: org.apache.hc.core5.http; HttpRequest; true; setUri; (URI); ; Argument[0]; request-forgery; hq-manual | +| 211 | Sink: org.apache.hc.core5.http; HttpRequestFactory; true; newHttpRequest; (String,String); ; Argument[1]; request-forgery; hq-manual | +| 212 | Sink: org.apache.hc.core5.http; HttpRequestFactory; true; newHttpRequest; (String,URI); ; Argument[1]; request-forgery; hq-manual | +| 213 | Sink: org.apache.http.client.methods; HttpDelete; false; HttpDelete; ; ; Argument[0]; request-forgery; manual | +| 214 | Sink: org.apache.http.client.methods; HttpGet; false; HttpGet; ; ; Argument[0]; request-forgery; manual | +| 215 | Sink: org.apache.http.client.methods; HttpHead; false; HttpHead; ; ; Argument[0]; request-forgery; manual | +| 216 | Sink: org.apache.http.client.methods; HttpOptions; false; HttpOptions; ; ; Argument[0]; request-forgery; manual | +| 217 | Sink: org.apache.http.client.methods; HttpPatch; false; HttpPatch; ; ; Argument[0]; request-forgery; manual | +| 218 | Sink: org.apache.http.client.methods; HttpPost; false; HttpPost; ; ; Argument[0]; request-forgery; manual | +| 219 | Sink: org.apache.http.client.methods; HttpPut; false; HttpPut; ; ; Argument[0]; request-forgery; manual | +| 220 | Sink: org.apache.http.client.methods; HttpRequestBase; true; setURI; ; ; Argument[0]; request-forgery; manual | +| 221 | Sink: org.apache.http.client.methods; HttpTrace; false; HttpTrace; ; ; Argument[0]; request-forgery; manual | +| 222 | Sink: org.apache.http.client.methods; RequestBuilder; false; delete; ; ; Argument[0]; request-forgery; manual | +| 223 | Sink: org.apache.http.client.methods; RequestBuilder; false; get; ; ; Argument[0]; request-forgery; manual | +| 224 | Sink: org.apache.http.client.methods; RequestBuilder; false; head; ; ; Argument[0]; request-forgery; manual | +| 225 | Sink: org.apache.http.client.methods; RequestBuilder; false; options; ; ; Argument[0]; request-forgery; manual | +| 226 | Sink: org.apache.http.client.methods; RequestBuilder; false; patch; ; ; Argument[0]; request-forgery; manual | +| 227 | Sink: org.apache.http.client.methods; RequestBuilder; false; post; ; ; Argument[0]; request-forgery; manual | +| 228 | Sink: org.apache.http.client.methods; RequestBuilder; false; put; ; ; Argument[0]; request-forgery; manual | +| 229 | Sink: org.apache.http.client.methods; RequestBuilder; false; setUri; ; ; Argument[0]; request-forgery; manual | +| 230 | Sink: org.apache.http.client.methods; RequestBuilder; false; trace; ; ; Argument[0]; request-forgery; manual | +| 231 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (RequestLine); ; Argument[0]; request-forgery; manual | +| 232 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (String,String); ; Argument[1]; request-forgery; manual | +| 233 | Sink: org.apache.http.message; BasicHttpEntityEnclosingRequest; false; BasicHttpEntityEnclosingRequest; (String,String,ProtocolVersion); ; Argument[1]; request-forgery; manual | +| 234 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (RequestLine); ; Argument[0]; request-forgery; manual | +| 235 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (String,String); ; Argument[1]; request-forgery; manual | +| 236 | Sink: org.apache.http.message; BasicHttpRequest; false; BasicHttpRequest; (String,String,ProtocolVersion); ; Argument[1]; request-forgery; manual | +| 237 | Sink: org.codehaus.cargo.container.installer; ZipURLInstaller; true; ZipURLInstaller; (URL,String,String); ; Argument[0]; request-forgery; ai-manual | +| 238 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String); ; Argument[0]; request-forgery; manual | +| 239 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String,Properties); ; Argument[0]; request-forgery; manual | +| 240 | Sink: org.jdbi.v3.core; Jdbi; false; create; (String,String,String); ; Argument[0]; request-forgery; manual | +| 241 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String); ; Argument[0]; request-forgery; manual | +| 242 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String,Properties); ; Argument[0]; request-forgery; manual | +| 243 | Sink: org.jdbi.v3.core; Jdbi; false; open; (String,String,String); ; Argument[0]; request-forgery; manual | +| 244 | Sink: org.kohsuke.stapler; HttpResponses; true; staticResource; (URL); ; Argument[0]; request-forgery; ai-manual | +| 245 | Sink: org.springframework.boot.jdbc; DataSourceBuilder; false; url; (String); ; Argument[0]; request-forgery; manual | +| 246 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (HttpMethod,URI); ; Argument[1]; request-forgery; manual | +| 247 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (MultiValueMap,HttpMethod,URI); ; Argument[2]; request-forgery; manual | +| 248 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,HttpMethod,URI); ; Argument[2]; request-forgery; manual | +| 249 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,HttpMethod,URI,Type); ; Argument[2]; request-forgery; manual | +| 250 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,MultiValueMap,HttpMethod,URI); ; Argument[3]; request-forgery; manual | +| 251 | Sink: org.springframework.http; RequestEntity; false; RequestEntity; (Object,MultiValueMap,HttpMethod,URI,Type); ; Argument[3]; request-forgery; manual | +| 252 | Sink: org.springframework.http; RequestEntity; false; delete; ; ; Argument[0]; request-forgery; manual | +| 253 | Sink: org.springframework.http; RequestEntity; false; get; ; ; Argument[0]; request-forgery; manual | +| 254 | Sink: org.springframework.http; RequestEntity; false; head; ; ; Argument[0]; request-forgery; manual | +| 255 | Sink: org.springframework.http; RequestEntity; false; method; ; ; Argument[1]; request-forgery; manual | +| 256 | Sink: org.springframework.http; RequestEntity; false; options; ; ; Argument[0]; request-forgery; manual | +| 257 | Sink: org.springframework.http; RequestEntity; false; patch; ; ; Argument[0]; request-forgery; manual | +| 258 | Sink: org.springframework.http; RequestEntity; false; post; ; ; Argument[0]; request-forgery; manual | +| 259 | Sink: org.springframework.http; RequestEntity; false; put; ; ; Argument[0]; request-forgery; manual | +| 260 | Sink: org.springframework.jdbc.datasource; AbstractDriverBasedDataSource; false; setUrl; (String); ; Argument[0]; request-forgery; manual | +| 261 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String); ; Argument[0]; request-forgery; manual | +| 262 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String,Properties); ; Argument[0]; request-forgery; manual | +| 263 | Sink: org.springframework.jdbc.datasource; DriverManagerDataSource; false; DriverManagerDataSource; (String,String,String); ; Argument[0]; request-forgery; manual | +| 264 | Sink: org.springframework.web.client; RestTemplate; false; delete; ; ; Argument[0]; request-forgery; manual | +| 265 | Sink: org.springframework.web.client; RestTemplate; false; exchange; ; ; Argument[0]; request-forgery; manual | +| 266 | Sink: org.springframework.web.client; RestTemplate; false; execute; ; ; Argument[0]; request-forgery; manual | +| 267 | Sink: org.springframework.web.client; RestTemplate; false; getForEntity; ; ; Argument[0]; request-forgery; manual | +| 268 | Sink: org.springframework.web.client; RestTemplate; false; getForObject; ; ; Argument[0]; request-forgery; manual | +| 269 | Sink: org.springframework.web.client; RestTemplate; false; headForHeaders; ; ; Argument[0]; request-forgery; manual | +| 270 | Sink: org.springframework.web.client; RestTemplate; false; optionsForAllow; ; ; Argument[0]; request-forgery; manual | +| 271 | Sink: org.springframework.web.client; RestTemplate; false; patchForObject; ; ; Argument[0]; request-forgery; manual | +| 272 | Sink: org.springframework.web.client; RestTemplate; false; postForEntity; ; ; Argument[0]; request-forgery; manual | +| 273 | Sink: org.springframework.web.client; RestTemplate; false; postForLocation; ; ; Argument[0]; request-forgery; manual | +| 274 | Sink: org.springframework.web.client; RestTemplate; false; postForObject; ; ; Argument[0]; request-forgery; manual | +| 275 | Sink: org.springframework.web.client; RestTemplate; false; put; ; ; Argument[0]; request-forgery; manual | +| 276 | Sink: org.springframework.web.reactive.function.client; WebClient$Builder; false; baseUrl; ; ; Argument[0]; request-forgery; manual | +| 277 | Sink: org.springframework.web.reactive.function.client; WebClient; false; create; ; ; Argument[0]; request-forgery; manual | +| 278 | Sink: play.libs.ws; StandaloneWSClient; true; url; ; ; Argument[0]; request-forgery; manual | +| 279 | Sink: play.libs.ws; WSClient; true; url; ; ; Argument[0]; request-forgery; manual | +| 280 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | +| 281 | Summary: io.micronaut.http.uri; UriBuilder; true; build; (); ; Argument[this]; ReturnValue; taint; manual | +| 282 | Summary: io.micronaut.http.uri; UriBuilder; true; host; (String); ; Argument[0]; ReturnValue; taint; manual | +| 283 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[0]; Argument[this]; taint; manual | +| 284 | Summary: java.lang; AbstractStringBuilder; true; append; ; ; Argument[this]; ReturnValue; value; manual | +| 285 | Summary: java.lang; CharSequence; true; toString; ; ; Argument[this]; ReturnValue; taint; manual | +| 286 | Summary: java.lang; String; false; format; (String,Object[]); ; Argument[1].ArrayElement; ReturnValue; taint; manual | +| 287 | Summary: java.lang; StringBuilder; true; StringBuilder; ; ; Argument[0]; Argument[this]; taint; manual | +| 288 | Summary: java.net.http; HttpRequest$Builder; true; build; (); ; Argument[this]; ReturnValue; taint; df-generated | +| 289 | Summary: java.net.http; HttpRequest; true; newBuilder; (URI); ; Argument[0]; ReturnValue; taint; df-generated | +| 290 | Summary: java.net; URI; false; URI; (String); ; Argument[0]; Argument[this]; taint; manual | +| 291 | Summary: java.net; URI; false; toString; ; ; Argument[this]; ReturnValue; taint; manual | +| 292 | Summary: java.net; URI; false; toURL; ; ; Argument[this]; ReturnValue; taint; manual | +| 293 | Summary: java.net; URL; false; URL; (String); ; Argument[0]; Argument[this]; taint; manual | +| 294 | Summary: java.util; List; false; of; (Object); ; Argument[0]; ReturnValue.Element; value; manual | +| 295 | Summary: java.util; List; true; get; (int); ; Argument[this].Element; ReturnValue; value; manual | +| 296 | Summary: java.util; Map; false; of; ; ; Argument[1]; ReturnValue.MapValue; value; manual | +| 297 | Summary: java.util; Map; false; of; ; ; Argument[3]; ReturnValue.MapValue; value; manual | +| 298 | Summary: java.util; Properties; true; setProperty; (String,String); ; Argument[1]; Argument[this].MapValue; value; manual | +| 299 | Summary: org.apache.hc.core5.http; HttpHost; true; HttpHost; (String); ; Argument[0]; Argument[this]; taint; hq-manual | +| 300 | Summary: org.apache.http.message; BasicRequestLine; false; BasicRequestLine; ; ; Argument[1]; Argument[this]; taint; manual | nodes | ApacheHttpSSRF.java:27:27:27:53 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ApacheHttpSSRF.java:28:23:28:35 | new URI(...) : URI | semmle.label | new URI(...) : URI | @@ -1726,6 +1743,18 @@ nodes | JdbcUrlSSRF.java:86:19:86:25 | jdbcUrl | semmle.label | jdbcUrl | | JdbcUrlSSRF.java:87:19:87:25 | jdbcUrl | semmle.label | jdbcUrl | | JdbcUrlSSRF.java:88:19:88:25 | jdbcUrl | semmle.label | jdbcUrl | +| MicronautSSRF.java:14:32:14:53 | url : String | semmle.label | url : String | +| MicronautSSRF.java:15:45:15:47 | url | semmle.label | url | +| MicronautSSRF.java:19:42:19:63 | url : String | semmle.label | url : String | +| MicronautSSRF.java:20:45:20:47 | url | semmle.label | url | +| MicronautSSRF.java:24:37:24:58 | url : String | semmle.label | url : String | +| MicronautSSRF.java:25:45:25:47 | url | semmle.label | url | +| MicronautSSRF.java:29:34:29:56 | host : String | semmle.label | host : String | +| MicronautSSRF.java:30:19:30:64 | host(...) : UriBuilder | semmle.label | host(...) : UriBuilder | +| MicronautSSRF.java:30:19:30:72 | build(...) : URI | semmle.label | build(...) : URI | +| MicronautSSRF.java:30:60:30:63 | host : String | semmle.label | host : String | +| MicronautSSRF.java:31:45:31:47 | uri : URI | semmle.label | uri : URI | +| MicronautSSRF.java:31:45:31:58 | toString(...) | semmle.label | toString(...) | | ReactiveWebClientSSRF.java:15:26:15:52 | getParameter(...) : String | semmle.label | getParameter(...) : String | | ReactiveWebClientSSRF.java:16:52:16:54 | url | semmle.label | url | | ReactiveWebClientSSRF.java:32:26:32:52 | getParameter(...) : String | semmle.label | getParameter(...) : String | diff --git a/java/ql/test/query-tests/security/CWE-918/options b/java/ql/test/query-tests/security/CWE-918/options index 6b6efaeca544..ef78ec144309 100644 --- a/java/ql/test/query-tests/security/CWE-918/options +++ b/java/ql/test/query-tests/security/CWE-918/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf +//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/micronaut-4.x:${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf diff --git a/java/ql/test/stubs/micronaut-4.x/LICENSE.txt b/java/ql/test/stubs/micronaut-4.x/LICENSE.txt new file mode 100644 index 000000000000..b5312355281c --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/LICENSE.txt @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Property.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Property.java new file mode 100644 index 000000000000..01d4eadc6d10 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Property.java @@ -0,0 +1,11 @@ +package io.micronaut.context.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD}) +public @interface Property { + String name(); + String defaultValue() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Value.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Value.java new file mode 100644 index 000000000000..ac8ffd8ed9ca --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/context/annotation/Value.java @@ -0,0 +1,10 @@ +package io.micronaut.context.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD}) +public @interface Value { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Query.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Query.java new file mode 100644 index 000000000000..7648782800ff --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Query.java @@ -0,0 +1,10 @@ +package io.micronaut.data.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Query { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Repository.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Repository.java new file mode 100644 index 000000000000..2ee674ab54d2 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/annotation/Repository.java @@ -0,0 +1,10 @@ +package io.micronaut.data.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE}) +public @interface Repository { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/CrudRepository.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/CrudRepository.java new file mode 100644 index 000000000000..22ff8a431bf1 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/CrudRepository.java @@ -0,0 +1,15 @@ +package io.micronaut.data.repository; + +import java.util.Optional; + +public interface CrudRepository extends GenericRepository { + S save(S entity); + Iterable saveAll(Iterable entities); + Optional findById(ID id); + boolean existsById(ID id); + Iterable findAll(); + long count(); + void deleteById(ID id); + void delete(E entity); + void deleteAll(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/GenericRepository.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/GenericRepository.java new file mode 100644 index 000000000000..1e213dd6a60b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/data/repository/GenericRepository.java @@ -0,0 +1,4 @@ +package io.micronaut.data.repository; + +public interface GenericRepository { +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpHeaders.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpHeaders.java new file mode 100644 index 000000000000..ae68073fcdd5 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpHeaders.java @@ -0,0 +1,11 @@ +package io.micronaut.http; + +import java.util.List; +import java.util.Optional; + +public interface HttpHeaders { + String get(CharSequence name); + List getAll(CharSequence name); + Optional getFirst(CharSequence name); + java.util.Collection> values(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpMethod.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpMethod.java new file mode 100644 index 000000000000..efcb9cb22f44 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpMethod.java @@ -0,0 +1,5 @@ +package io.micronaut.http; + +public enum HttpMethod { + GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpParameters.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpParameters.java new file mode 100644 index 000000000000..061391dbc3eb --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpParameters.java @@ -0,0 +1,10 @@ +package io.micronaut.http; + +import java.util.List; +import java.util.Optional; + +public interface HttpParameters { + String get(CharSequence name); + List getAll(CharSequence name); + Optional getFirst(CharSequence name); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpRequest.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpRequest.java new file mode 100644 index 000000000000..5b51dba87f99 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpRequest.java @@ -0,0 +1,26 @@ +package io.micronaut.http; + +import java.net.URI; +import java.util.Optional; +import io.micronaut.http.cookie.Cookies; + +public interface HttpRequest { + Cookies getCookies(); + HttpHeaders getHeaders(); + HttpParameters getParameters(); + Optional getBody(); + URI getUri(); + String getPath(); + Optional getContentType(); + long getContentLength(); + HttpMethod getMethod(); + String getMethodName(); + + static HttpRequest GET(String uri) { return null; } + static HttpRequest POST(String uri, T body) { return null; } + static HttpRequest PUT(String uri, T body) { return null; } + static HttpRequest DELETE(String uri) { return null; } + static HttpRequest PATCH(String uri, T body) { return null; } + static HttpRequest HEAD(String uri) { return null; } + static HttpRequest OPTIONS(String uri) { return null; } +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpResponse.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpResponse.java new file mode 100644 index 000000000000..7469ea3d5661 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpResponse.java @@ -0,0 +1,18 @@ +package io.micronaut.http; + +import java.net.URI; +import java.util.Optional; + +public interface HttpResponse { + HttpStatus getStatus(); + int code(); + HttpHeaders getHeaders(); + Optional getBody(); + + static MutableHttpResponse ok() { return null; } + static MutableHttpResponse ok(T body) { return null; } + static MutableHttpResponse redirect(URI location) { return null; } + static MutableHttpResponse notFound() { return null; } + static MutableHttpResponse badRequest() { return null; } + static MutableHttpResponse serverError() { return null; } +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpStatus.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpStatus.java new file mode 100644 index 000000000000..ba0dd346b968 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/HttpStatus.java @@ -0,0 +1,30 @@ +package io.micronaut.http; + +public enum HttpStatus { + OK(200), + CREATED(201), + ACCEPTED(202), + NO_CONTENT(204), + MOVED_PERMANENTLY(301), + FOUND(302), + SEE_OTHER(303), + NOT_MODIFIED(304), + TEMPORARY_REDIRECT(307), + BAD_REQUEST(400), + UNAUTHORIZED(401), + FORBIDDEN(403), + NOT_FOUND(404), + METHOD_NOT_ALLOWED(405), + INTERNAL_SERVER_ERROR(500), + SERVICE_UNAVAILABLE(503); + + private final int code; + + HttpStatus(int code) { + this.code = code; + } + + public int getCode() { + return code; + } +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MediaType.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MediaType.java new file mode 100644 index 000000000000..644af26a8db6 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MediaType.java @@ -0,0 +1,15 @@ +package io.micronaut.http; + +public class MediaType { + public static final String APPLICATION_JSON = "application/json"; + public static final String TEXT_PLAIN = "text/plain"; + public static final String TEXT_HTML = "text/html"; + public static final String APPLICATION_FORM_URLENCODED = "application/x-www-form-urlencoded"; + public static final String MULTIPART_FORM_DATA = "multipart/form-data"; + public static final String APPLICATION_XML = "application/xml"; + public static final String APPLICATION_OCTET_STREAM = "application/octet-stream"; + + public MediaType(String name) {} + + public String getName() { return null; } +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MutableHttpResponse.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MutableHttpResponse.java new file mode 100644 index 000000000000..37a6db7c917d --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/MutableHttpResponse.java @@ -0,0 +1,11 @@ +package io.micronaut.http; + +public interface MutableHttpResponse extends HttpResponse { + MutableHttpResponse header(CharSequence name, CharSequence value); + MutableHttpResponse headers(java.util.Map headers); + MutableHttpResponse contentType(MediaType mediaType); + MutableHttpResponse contentType(CharSequence mediaType); + MutableHttpResponse status(HttpStatus status); + MutableHttpResponse status(int status); + MutableHttpResponse body(T body); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Body.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Body.java new file mode 100644 index 000000000000..93942052e0e8 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Body.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface Body { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Controller.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Controller.java new file mode 100644 index 000000000000..184cd210fa8b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Controller.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE}) +public @interface Controller { + String value() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CookieValue.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CookieValue.java new file mode 100644 index 000000000000..c6a3378b7773 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CookieValue.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface CookieValue { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CustomHttpMethod.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CustomHttpMethod.java new file mode 100644 index 000000000000..a59722cdb170 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/CustomHttpMethod.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface CustomHttpMethod { + String value() default "/"; + String method(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Delete.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Delete.java new file mode 100644 index 000000000000..22c32802ec4b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Delete.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Delete { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Error.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Error.java new file mode 100644 index 000000000000..f1fddc4ef280 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Error.java @@ -0,0 +1,13 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Retention(RetentionPolicy.RUNTIME) +@Target(ElementType.METHOD) +public @interface Error { + Class exception() default Throwable.class; + boolean global() default false; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Get.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Get.java new file mode 100644 index 000000000000..15d50fc111ea --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Get.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Get { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Head.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Head.java new file mode 100644 index 000000000000..291e82b1012b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Head.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Head { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Header.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Header.java new file mode 100644 index 000000000000..98da750e1355 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Header.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface Header { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Options.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Options.java new file mode 100644 index 000000000000..f2653ec3ea3b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Options.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Options { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Part.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Part.java new file mode 100644 index 000000000000..39b0f508a9c2 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Part.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface Part { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Patch.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Patch.java new file mode 100644 index 000000000000..5f206769761c --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Patch.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Patch { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/PathVariable.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/PathVariable.java new file mode 100644 index 000000000000..08c7365ebe19 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/PathVariable.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface PathVariable { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Post.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Post.java new file mode 100644 index 000000000000..933474e17bfc --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Post.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Post { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Put.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Put.java new file mode 100644 index 000000000000..743961bd74ea --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Put.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Put { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/QueryValue.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/QueryValue.java new file mode 100644 index 000000000000..3c4378294aa7 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/QueryValue.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface QueryValue { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestAttribute.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestAttribute.java new file mode 100644 index 000000000000..67bd01516816 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestAttribute.java @@ -0,0 +1,10 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.PARAMETER}) +public @interface RequestAttribute { + String value() default ""; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestBean.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestBean.java new file mode 100644 index 000000000000..d1c69ac82f55 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/RequestBean.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Retention(RetentionPolicy.RUNTIME) +@Target(ElementType.PARAMETER) +public @interface RequestBean { +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Trace.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Trace.java new file mode 100644 index 000000000000..de9b352e6801 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/annotation/Trace.java @@ -0,0 +1,11 @@ +package io.micronaut.http.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface Trace { + String value() default "/"; + String uri() default "/"; +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/BlockingHttpClient.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/BlockingHttpClient.java new file mode 100644 index 000000000000..379ef4049d12 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/BlockingHttpClient.java @@ -0,0 +1,13 @@ +package io.micronaut.http.client; + +import io.micronaut.http.HttpRequest; +import io.micronaut.http.HttpResponse; + +public interface BlockingHttpClient { + HttpResponse exchange(HttpRequest request, Class bodyType); + HttpResponse exchange(HttpRequest request); + String retrieve(String uri); + O retrieve(String uri, Class bodyType); + String exchange(String uri); + HttpResponse exchange(String uri, Class bodyType); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/HttpClient.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/HttpClient.java new file mode 100644 index 000000000000..de5278de08ee --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/client/HttpClient.java @@ -0,0 +1,5 @@ +package io.micronaut.http.client; + +public interface HttpClient { + BlockingHttpClient toBlocking(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookie.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookie.java new file mode 100644 index 000000000000..62f8dd31101d --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookie.java @@ -0,0 +1,11 @@ +package io.micronaut.http.cookie; + +public interface Cookie { + String getName(); + String getValue(); + String getDomain(); + String getPath(); + boolean isHttpOnly(); + boolean isSecure(); + long getMaxAge(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookies.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookies.java new file mode 100644 index 000000000000..b35fcb9a6e00 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/cookie/Cookies.java @@ -0,0 +1,11 @@ +package io.micronaut.http.cookie; + +import java.util.Collection; +import java.util.Optional; +import java.util.Set; + +public interface Cookies { + Set getAll(); + Optional findCookie(CharSequence name); + Cookie get(CharSequence name); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/multipart/CompletedFileUpload.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/multipart/CompletedFileUpload.java new file mode 100644 index 000000000000..597421bd81c3 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/multipart/CompletedFileUpload.java @@ -0,0 +1,14 @@ +package io.micronaut.http.multipart; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Optional; +import io.micronaut.http.MediaType; + +public interface CompletedFileUpload { + String getFilename(); + byte[] getBytes() throws IOException; + InputStream getInputStream() throws IOException; + long getSize(); + Optional getContentType(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/uri/UriBuilder.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/uri/UriBuilder.java new file mode 100644 index 000000000000..13eeeeb40ed4 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/http/uri/UriBuilder.java @@ -0,0 +1,13 @@ +package io.micronaut.http.uri; + +import java.net.URI; + +public interface UriBuilder { + static UriBuilder of(CharSequence uri) { return null; } + static UriBuilder of(URI uri) { return null; } + UriBuilder host(String host); + UriBuilder path(String path); + UriBuilder queryParam(String name, Object... values); + UriBuilder fragment(String fragment); + URI build(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/security/annotation/Secured.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/security/annotation/Secured.java new file mode 100644 index 000000000000..a5cb5d0e2502 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/security/annotation/Secured.java @@ -0,0 +1,10 @@ +package io.micronaut.security.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD, ElementType.TYPE}) +public @interface Secured { + String[] value(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/WebSocketSession.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/WebSocketSession.java new file mode 100644 index 000000000000..dab20391373e --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/WebSocketSession.java @@ -0,0 +1,13 @@ +package io.micronaut.websocket; + +import java.util.Optional; +import java.util.Set; + +public interface WebSocketSession { + String getId(); + Set getOpenSessions(); + Optional getCurrentRequest(); + boolean isOpen(); + boolean isSecure(); + void close(); +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnClose.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnClose.java new file mode 100644 index 000000000000..ba7fdeef0b9b --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnClose.java @@ -0,0 +1,9 @@ +package io.micronaut.websocket.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface OnClose { +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnMessage.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnMessage.java new file mode 100644 index 000000000000..cb2cb13e7697 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnMessage.java @@ -0,0 +1,9 @@ +package io.micronaut.websocket.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface OnMessage { +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnOpen.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnOpen.java new file mode 100644 index 000000000000..5c1332b006bc --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/OnOpen.java @@ -0,0 +1,9 @@ +package io.micronaut.websocket.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD}) +public @interface OnOpen { +} diff --git a/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/ServerWebSocket.java b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/ServerWebSocket.java new file mode 100644 index 000000000000..e4b873d47206 --- /dev/null +++ b/java/ql/test/stubs/micronaut-4.x/io/micronaut/websocket/annotation/ServerWebSocket.java @@ -0,0 +1,10 @@ +package io.micronaut.websocket.annotation; + +import java.lang.annotation.*; + +@Documented +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE}) +public @interface ServerWebSocket { + String value() default "/"; +}