Refactor tests to use InlineFlowTest

2026-04-27 01:35:13 +02:00 · 2023-04-26 12:19:59 +02:00
parent db73e16b70
commit e54eaed26f
19 changed files with 246 additions and 605 deletions
--- a/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java
+++ b/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java
@@ -6,53 +6,53 @@ public class XmlInputFactoryTests {

  public void unconfigureFactory(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
  }
-  
+
  public void safeFactory(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
-    factory.createXMLStreamReader(sock.getInputStream()); //safe
-    factory.createXMLEventReader(sock.getInputStream()); //safe
+    factory.createXMLStreamReader(sock.getInputStream()); // safe
+    factory.createXMLEventReader(sock.getInputStream()); // safe
  }
-  
+
  public void misConfiguredFactory(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
  }
-  
+
  public void misConfiguredFactory2(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
  }
-  
+
  public void misConfiguredFactory3(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true);
    factory.setProperty(XMLInputFactory.SUPPORT_DTD, true);
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
  }
-  
+
  public void misConfiguredFactory4(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
    factory.setProperty(XMLInputFactory.SUPPORT_DTD, true);
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
  }
-  
+
  public void misConfiguredFactory5(Socket sock) throws Exception {
    XMLInputFactory factory = XMLInputFactory.newFactory();
    factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true);
    factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
-    factory.createXMLStreamReader(sock.getInputStream()); //unsafe
-    factory.createXMLEventReader(sock.getInputStream()); //unsafe
-  }  
+    factory.createXMLStreamReader(sock.getInputStream()); // $ hasTaintFlow
+    factory.createXMLEventReader(sock.getInputStream()); // $ hasTaintFlow
+  }
 }