Java: Fix reference in deprecated code.

aschackmull · aschackmull · commit e82565f1c074 · 2026-05-04T10:34:23.000+02:00
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
@@ -43,7 +43,7 @@ deprecated private predicate mayBeExploitable(Method m) {
     // hence, here we check for the param type to be a Java `String`.
     p.getType() instanceof TypeString and
     // Exclude cases where a regex check is applied on a parameter to prevent false positives.
-    not m.(SpringRequestMappingMethod).getValue().matches("%{%:[%]%}%")
+    not m.(SpringRequestMappingMethod).getAValue().matches("%{%:[%]%}%")
   ) and
   not maybeATestMethod(m)
 }

Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ deprecated private predicate mayBeExploitable(Method m) {`
`43`	`43`	// hence, here we check for the param type to be a Java `String`.
`44`	`44`	`p.getType() instanceof TypeString and`
`45`	`45`	`// Exclude cases where a regex check is applied on a parameter to prevent false positives.`
`46`		`- not m.(SpringRequestMappingMethod).getValue().matches("%{%:[%]%}%")`
	`46`	`+ not m.(SpringRequestMappingMethod).getAValue().matches("%{%:[%]%}%")`
`47`	`47`	`) and`
`48`	`48`	`not maybeATestMethod(m)`
`49`	`49`	`}`