Java: more name-based heuristic tests to test regex

Jami Cogswell · Jami Cogswell · commit b2d84c66ad8a · 2024-12-20T11:11:27.000-05:00
diff --git a/java/ql/test/query-tests/security/CWE-352/CsrfUnprotectedRequestTypeTest.java b/java/ql/test/query-tests/security/CWE-352/CsrfUnprotectedRequestTypeTest.java
@@ -371,13 +371,33 @@ public void bad10(@RequestParam String user) { // $ hasCsrfUnprotectedRequestTyp
 		myBatisService.bad10(user);
 	}
 
-    // Test name-based heuristic
+    // Test name-based heuristic for method names that imply a state-change
+    @GetMapping(value = "transfer")
+	public String transfer(@RequestParam String user) { return "transfer"; } // $ hasCsrfUnprotectedRequestType
 
-    // BAD: method name implies a state-change
-    @GetMapping(value = "delete")
-	public String delete(@RequestParam String user) { // $ hasCsrfUnprotectedRequestType
-		return "delete";
-	}
+    @GetMapping(value = "transfer")
+	public String transferData(@RequestParam String user) { return "transfer"; } // $ hasCsrfUnprotectedRequestType
+
+    @GetMapping(value = "transfer")
+	public String doTransfer(@RequestParam String user) { return "transfer"; } // $ hasCsrfUnprotectedRequestType
+
+    @GetMapping(value = "transfer")
+	public String doTransferAllData(@RequestParam String user) { return "transfer"; } // $ hasCsrfUnprotectedRequestType
+
+    @GetMapping(value = "transfer")
+	public String doDataTransfer(@RequestParam String user) { return "transfer"; } // $ hasCsrfUnprotectedRequestType
+
+    @GetMapping(value = "transfer")
+	public String transfered(@RequestParam String user) { return "transfer"; } // OK: we look for 'transfer' only
+
+    @GetMapping(value = "transfer")
+	public String dotransfer(@RequestParam String user) { return "transfer"; } // OK: we look for 'transfer' within camelCase only
+
+    @GetMapping(value = "transfer")
+	public String doTransferdata(@RequestParam String user) { return "transfer"; } // OK: we look for 'transfer' within camelCase only
+
+    @GetMapping(value = "transfer")
+	public String getTransfer(@RequestParam String user) { return "transfer"; } // OK: starts with 'get'
 
     // Test Stapler web methods with name-based heuristic
 
