hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert XXE test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 17:59:18 +02:00
parent 7f33f57c9b
commit 162b1c51a9
20 changed files with 560 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java
View File

@@ -5,7 +5,7 @@ public class SAXReaderTests {
public void unconfiguredReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void safeReader(Socket sock) throws Exception {
@@ -20,21 +20,21 @@ public class SAXReaderTests {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void partialConfiguredReader2(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void partialConfiguredReader3(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void misConfiguredReader1(Socket sock) throws Exception {
@@ -42,7 +42,7 @@ public class SAXReaderTests {
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void misConfiguredReader2(Socket sock) throws Exception {
@@ -50,7 +50,7 @@ public class SAXReaderTests {
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
public void misConfiguredReader3(Socket sock) throws Exception {
@@ -58,6 +58,6 @@ public class SAXReaderTests {
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
reader.read(sock.getInputStream()); // $ hasTaintFlow
reader.read(sock.getInputStream()); // $ Alert
}
}