hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add XXE sinks for MDHT

Browse Source
This commit is contained in:
Tony Torralba
2023-07-19 13:06:39 +02:00
parent 41f1315da9
commit 2cbb7ed296
271 changed files with 8984 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
java/ql/test/query-tests/security/CWE-611/CdaUtilTests.java Normal file
View File

@@ -0,0 +1,23 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import org.openhealthtools.mdht.uml.cda.util.CDAUtil;
import org.xml.sax.InputSource;
public class CdaUtilTests {
public void test(Socket sock) throws Exception {
InputStream is = sock.getInputStream();
InputSource iSrc = new InputSource(new InputStreamReader(is));
CDAUtil.load(is); // $ hasTaintFlow
CDAUtil.load(iSrc); // $ hasTaintFlow
CDAUtil.load(is, (CDAUtil.ValidationHandler) null); // $ hasTaintFlow
CDAUtil.load(is, (CDAUtil.LoadHandler) null); // $ hasTaintFlow
CDAUtil.load(null, null, is, null); // $ hasTaintFlow
CDAUtil.load(iSrc, (CDAUtil.ValidationHandler) null); // $ hasTaintFlow
CDAUtil.load(iSrc, (CDAUtil.LoadHandler) null); // $ hasTaintFlow
CDAUtil.load(null, null, iSrc, null); // $ hasTaintFlow
CDAUtil.loadAs(is, null); // $ hasTaintFlow
CDAUtil.loadAs(is, null, null); // $ hasTaintFlow
}
}