hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.6
codeql/java/ql/test/query-tests/security/CWE-611/SAXReaderTests.java
Tony Torralba e54eaed26f Refactor tests to use InlineFlowTest
2023-04-26 12:19:59 +02:00

64 lines
2.9 KiB
Java
Raw Permalink Blame History

import java.net.Socket;
import org.dom4j.io.SAXReader;
public class SAXReaderTests {
public void unconfiguredReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void safeReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // safe
}
public void partialConfiguredReader1(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void partialConfiguredReader2(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void partialConfiguredReader3(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader1(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader2(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
public void misConfiguredReader3(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
reader.read(sock.getInputStream()); // $ hasTaintFlow
}
}
Reference in New Issue View Git Blame Copy Permalink