Add forward type tracking test

2026-05-05 05:35:13 +02:00 · 2022-01-14 22:56:51 +01:00
parent cb8e54e38e
commit 9ab6d21757
1 changed files with 10 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py
@@ -73,3 +73,13 @@ def xml_makeparser_minidom_entitiesTrue():
    parser = xml.sax.make_parser()
    parser.setFeature(xml.sax.handler.feature_external_ges, True)
    return xml.dom.minidom.parse(StringIO(xml_content), parser=parser).documentElement.childNodes
+
+# Forward Type Tracker test
+
+def contrived_example(user_input, action):
+    parser = xml.sax.make_parser()
+    if action == 'load-config':
+        parser.setFeature(xml.sax.handler.feature_external_ges, False)
+        parser.parse("/not-user-controlled/default_config.xml")
+    else:
+        parser.parse(StringIO(user_input))