hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor tests to use InlineFlowTest

Browse Source
This commit is contained in:
Tony Torralba
2023-04-26 12:19:59 +02:00
parent db73e16b70
commit e54eaed26f
19 changed files with 246 additions and 605 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java
View File

@@ -5,59 +5,59 @@ public class SAXReaderTests {
public void unconfiguredReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.read(sock.getInputStream()); //unsafe
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void safeReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); //safe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // safe
}
public void partialConfiguredReader1(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.read(sock.getInputStream()); //unsafe
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void partialConfiguredReader2(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); //unsafe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void partialConfiguredReader3(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); //unsafe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader1(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); //unsafe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader2(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); //unsafe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader3(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
reader.read(sock.getInputStream()); //unsafe
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
}