hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/swift/ql/test/query-tests/Security/CWE-611/testXMLParserXXE.swift
Nora Dimitrijević 35a48e7f41 Swift: convert XXE test to .qlref
2025-06-24 14:58:16 +02:00

93 lines
3.0 KiB
Swift
Raw Permalink Blame History

// --- stubs ---
class Data {
init<S>(_ elements: S) {}
}
struct URL {
init?(string: String) {}
}
class InputStream {
init(data: Data) {}
}
extension String {
init(contentsOf: URL) {
let data = ""
self.init(data)
}
}
class XMLParser {
var shouldResolveExternalEntities: Bool { get { return false } set {} }
init?(contentsOf: URL) {}
init(data: Data) {}
init(stream: InputStream) {}
}
// --- tests ---
func testData() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
let remoteData = Data(remoteString)
let parser = XMLParser(data: remoteData) // $ Alert
parser.shouldResolveExternalEntities = true
}
func testInputStream() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
let remoteData = Data(remoteString)
let remoteStream = InputStream(data: remoteData)
let parser = XMLParser(stream: remoteStream) // $ Alert
parser.shouldResolveExternalEntities = true
}
func testUrl() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!) // $ Source
let remoteUrl = URL(string: remoteString)!
let parser = XMLParser(contentsOf: remoteUrl) // $ Alert
parser?.shouldResolveExternalEntities = true
}
func testDataSafe() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteData = Data(remoteString)
let _ = XMLParser(data: remoteData) // NO XXE: parser doesn't enable external entities
}
func testDataSafeExplicit() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteData = Data(remoteString)
let parser = XMLParser(data: remoteData) // NO XXE: parser disables external entities
parser.shouldResolveExternalEntities = false
}
func testInputStreamSafe() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteData = Data(remoteString)
let remoteStream = InputStream(data: remoteData)
let _ = XMLParser(stream: remoteStream) // NO XXE: parser doesn't enable external entities
}
func testInputStreamSafeExplicit() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteData = Data(remoteString)
let remoteStream = InputStream(data: remoteData)
let parser = XMLParser(stream: remoteStream) // NO XXE: parser disables external entities
parser.shouldResolveExternalEntities = false
}
func testUrlSafe() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteUrl = URL(string: remoteString)!
let _ = XMLParser(contentsOf: remoteUrl) // NO XXE: parser doesn't enable external entities
}
func testUrlSafeExplicit() {
let remoteString = String(contentsOf: URL(string: "http://example.com/")!)
let remoteUrl = URL(string: remoteString)!
let parser = XMLParser(contentsOf: remoteUrl) // NO XXE: parser disables external entities
parser?.shouldResolveExternalEntities = false
}
Reference in New Issue View Git Blame Copy Permalink