Java: convert XXE test to .qlref

java/ql/test/query-tests/security/CWE-611/XMLReaderTests.java

@@ -13,7 +13,7 @@ public class XMLReaderTests {
 
   public void unconfiguredReader(Socket sock) throws Exception {
     XMLReader reader = XMLReaderFactory.createXMLReader();
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void safeReaderFromConfig1(Socket sock) throws Exception {
@@ -53,21 +53,21 @@ public class XMLReaderTests {
     XMLReader reader = XMLReaderFactory.createXMLReader();
     reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void partialConfiguredXMLReader2(Socket sock) throws Exception {
     XMLReader reader = XMLReaderFactory.createXMLReader();
     reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void partilaConfiguredXMLReader3(Socket sock) throws Exception {
     XMLReader reader = XMLReaderFactory.createXMLReader();
     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void misConfiguredXMLReader1(Socket sock) throws Exception {
@@ -75,7 +75,7 @@ public class XMLReaderTests {
     reader.setFeature("http://xml.org/sax/features/external-general-entities", true);
     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void misConfiguredXMLReader2(Socket sock) throws Exception {
@@ -83,7 +83,7 @@ public class XMLReaderTests {
     reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void misConfiguredXMLReader3(Socket sock) throws Exception {
@@ -91,12 +91,12 @@ public class XMLReaderTests {
     reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
     reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
     reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 
   public void misConfiguredXMLReader4(Socket sock) throws Exception {
     XMLReader reader = XMLReaderFactory.createXMLReader();
     reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
-    reader.parse(new InputSource(sock.getInputStream())); // $ hasTaintFlow
+    reader.parse(new InputSource(sock.getInputStream())); // $ Alert
   }
 }