hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert XXE test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 17:59:18 +02:00
parent 7f33f57c9b
commit 162b1c51a9
20 changed files with 560 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/test/query-tests/security/CWE-611/SAXParserTests.java
View File

@@ -10,7 +10,7 @@ public class SAXParserTests {
public void unconfiguredParser(Socket sock) throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void safeParser(Socket sock) throws Exception {
@@ -27,7 +27,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void partialConfiguredParser2(Socket sock) throws Exception {
@@ -35,7 +35,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void partialConfiguredParser3(Socket sock) throws Exception {
@@ -43,7 +43,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void misConfiguredParser1(Socket sock) throws Exception {
@@ -52,7 +52,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void misConfiguredParser2(Socket sock) throws Exception {
@@ -61,7 +61,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void misConfiguredParser3(Socket sock) throws Exception {
@@ -70,7 +70,7 @@ public class SAXParserTests {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true);
SAXParser parser = factory.newSAXParser();
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ hasTaintFlow
parser.parse(sock.getInputStream(), new DefaultHandler()); // $ Alert
}
public void safeParser2(Socket sock) throws Exception {