Address PR comments.

Sebastian Bauersfeld · Sebastian Bauersfeld · commit 2ec37468616f · 2022-08-19T17:33:35.000+07:00
diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
@@ -36,7 +36,7 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {
       ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and
       target = ma.getArgument(0) and
       (
-        methodName = "replace" and target.getIntValue() = [10, 13]
+        methodName = "replace" and target.getIntValue() = [10, 13] // 10 == "\n", 13 == "\r"
         or
         methodName = "replaceAll" and
         target.getStringValue().regexpMatch(".*([\n\r]|\\[\\^[^\\]\r\n]*\\]).*")

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ class ResponseSplittingConfig extends TaintTracking::Configuration {`
`36`	`36`	`ma.getMethod().hasQualifiedName("java.lang", "String", methodName) and`
`37`	`37`	`target = ma.getArgument(0) and`
`38`	`38`	`(`
`39`		`- methodName = "replace" and target.getIntValue() = [10, 13]`
	`39`	`+ methodName = "replace" and target.getIntValue() = [10, 13] // 10 == "\n", 13 == "\r"`
`40`	`40`	`or`
`41`	`41`	`methodName = "replaceAll" and`
`42`	`42`	`target.getStringValue().regexpMatch(".([\n\r]\|\\[\\^[^\\]\r\n]\\]).*")`