hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/java/ql/test/query-tests/security/CWE-611/XmlInputFactoryTests.java
Nora Dimitrijević 162b1c51a9 Java: convert XXE test to .qlref
2025-06-24 16:42:21 +02:00

59 lines
2.6 KiB
Java
Raw Permalink Blame History

import java.net.Socket;
import javax.xml.stream.XMLInputFactory;
public class XmlInputFactoryTests {
public void unconfigureFactory(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
public void safeFactory(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
factory.createXMLStreamReader(sock.getInputStream()); // safe
factory.createXMLEventReader(sock.getInputStream()); // safe
}
public void misConfiguredFactory(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
public void misConfiguredFactory2(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
public void misConfiguredFactory3(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, true);
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
public void misConfiguredFactory4(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, true);
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
public void misConfiguredFactory5(Socket sock) throws Exception {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty("javax.xml.stream.isSupportingExternalEntities", true);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
factory.createXMLStreamReader(sock.getInputStream()); // $ Alert
factory.createXMLEventReader(sock.getInputStream()); // $ Alert
}
}
Reference in New Issue View Git Blame Copy Permalink