Java: Add test.

Author: aschackmull

java/ql/test/query-tests/security/CWE-113/semmle/tests/ResponseSplitting.java

@@ -24,7 +24,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
 		}
 
 		// BAD: setting a header with an unvalidated parameter
-		// can lead to hTTP splitting
+		// can lead to HTTP splitting
 		response.addHeader("Content-type", request.getParameter("contentType"));
 		response.setHeader("Content-type", request.getParameter("contentType"));
 
@@ -42,4 +42,10 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response)
 	private static String removeSpecial(String str) {
 		return str.replaceAll("[^a-zA-Z ]", "");
 	}
+
+	public void addCookieName(HttpServletResponse response, Cookie cookie) {
+		// GOOD: cookie.getName() cannot lead to HTTP splitting
+		Cookie cookie2 = new Cookie("name", cookie.getName());
+		response.addCookie(cookie2);
+	}
 }