hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks

Browse Source
This commit is contained in:
Tony Torralba
2023-05-16 09:49:34 +02:00
committed by GitHub
parent 4606df5cb6 ac1df4de91
commit 770099f210
1736 changed files with 117920 additions and 89092 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/test/query-tests/security/CWE-611/XPathExpressionTests.java
View File

@@ -26,4 +26,19 @@ public class XPathExpressionTests {
XPathExpression expr = path.compile("");
expr.evaluate(new InputSource(sock.getInputStream())); // $ hasTaintFlow
}
public void safeXPathEvaluateTest(Socket sock) throws Exception {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
DocumentBuilder builder = factory.newDocumentBuilder();
XPathFactory xFactory = XPathFactory.newInstance();
XPath path = xFactory.newXPath();
path.evaluate("", builder.parse(sock.getInputStream())); // safe
}
public void unsafeXPathEvaluateTest(Socket sock) throws Exception {
XPathFactory xFactory = XPathFactory.newInstance();
XPath path = xFactory.newXPath();
path.evaluate("", new InputSource(sock.getInputStream())); // $ hasTaintFlow
}
}