Fix header sink to use Argument[1] (header value) instead of Argument[0] (header name)

Copilot · felickz · web-flow · commit e012e1814878 · 2026-03-26T21:22:48.000Z
Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/c2b323fa-771e-4a4d-8876-fa6a463ca2bc Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k.model.yml
@@ -8,7 +8,7 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[0]", "request-forgery", "manual"]
+      - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "request-forgery", "manual"]
       - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "html-injection", "manual"]
       - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "js-injection", "manual"]
   - addsTo:
