[Java] CWE-552: Unsafe url forward

## Query

*Link to pull request with your CodeQL query:*

Relevant PR: https://github.com/github/codeql/pull/6240

## CVE ID(s)

*List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the [GitHub Advisory Database](https://github.com/advisories).*

- CVE-20nn-nnnnn

## Report

Constructing a server-side redirect path with user input could allow an attacker to download application binaries 
(including application classes or jar files) or view arbitrary files within protected directories.

- [X] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). *We would love to have you spread the word about the good work you are doing*

FYI I just wrote a blog [post](https://github.com/haby0/mark/blob/master/articles/2021/Detecting%20Request%20forwarde%20vulnerabilities%20with%20CodeQL.md) about the query and timing attacks.

## Result(s)

*Provide at least one useful result found by your query, on some revision of a real project.*

- [eclipse/jetty.project](https://github.com/eclipse/jetty.project/blob/jetty-10.0.x/jetty-servlet/src/test/java/org/eclipse/jetty/servlet/DispatcherTest.java#L579) : test data

- [caelum/vraptor4](https://github.com/caelum/vraptor4/blob/master/vraptor-core/src/main/java/br/com/caelum/vraptor/view/DefaultPageResult.java#L122) : [lgtm result](https://lgtm.com/query/6009295495026660913/)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Java] CWE-552: Unsafe url forward #399

Query

CVE ID(s)

Report

Result(s)

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Java] CWE-552: Unsafe url forward #399

Description

Query

CVE ID(s)

Report

Result(s)

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions