hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add XXE sinks for MDHT

Browse Source
This commit is contained in:
Tony Torralba
2023-07-19 13:06:39 +02:00
parent 41f1315da9
commit 2cbb7ed296
271 changed files with 8984 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
java/ql/test/query-tests/security/CWE-611/CdaUtilTests.java Normal file
View File

@@ -0,0 +1,23 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import org.openhealthtools.mdht.uml.cda.util.CDAUtil;
import org.xml.sax.InputSource;
public class CdaUtilTests {
public void test(Socket sock) throws Exception {
InputStream is = sock.getInputStream();
InputSource iSrc = new InputSource(new InputStreamReader(is));
CDAUtil.load(is); // $ hasTaintFlow
CDAUtil.load(iSrc); // $ hasTaintFlow
CDAUtil.load(is, (CDAUtil.ValidationHandler) null); // $ hasTaintFlow
CDAUtil.load(is, (CDAUtil.LoadHandler) null); // $ hasTaintFlow
CDAUtil.load(null, null, is, null); // $ hasTaintFlow
CDAUtil.load(iSrc, (CDAUtil.ValidationHandler) null); // $ hasTaintFlow
CDAUtil.load(iSrc, (CDAUtil.LoadHandler) null); // $ hasTaintFlow
CDAUtil.load(null, null, iSrc, null); // $ hasTaintFlow
CDAUtil.loadAs(is, null); // $ hasTaintFlow
CDAUtil.loadAs(is, null, null); // $ hasTaintFlow
}
}

2
java/ql/test/query-tests/security/CWE-611/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/rundeck-api-java-client-13.2:${testdir}/../../../stubs/springframework-5.3.8/
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jdom-1.1.3:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/simple-xml-2.7.1:${testdir}/../../../stubs/jaxb-api-2.3.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/apache-commons-digester3-3.2:${testdir}/../../../stubs/servlet-api-2.4/:${testdir}/../../../stubs/rundeck-api-java-client-13.2:${testdir}/../../../stubs/springframework-5.3.8/:${testdir}/../../../stubs/mdht-1.2.0/