hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.20.6
codeql/java/ql/test/query-tests/security/CWE-611/XMLDecoderTests.java
Tony Torralba e54eaed26f Refactor tests to use InlineFlowTest
2023-04-26 12:19:59 +02:00

33 lines
1.2 KiB
Java
Raw Permalink Blame History

import java.beans.XMLDecoder;
import java.io.BufferedReader;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.dom4j.Document;
import org.dom4j.DocumentHelper;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
@Controller
public class XMLDecoderTests {
@PostMapping(value = "bad")
public void bad3(HttpServletRequest request) throws Exception {
ServletInputStream servletInputStream = request.getInputStream();
XMLDecoder xmlDecoder = new XMLDecoder(servletInputStream);
xmlDecoder.readObject(); // $ hasTaintFlow
}
@PostMapping(value = "good")
public void good3(HttpServletRequest request) throws Exception {
BufferedReader br = request.getReader();
String str = "";
StringBuilder listString = new StringBuilder();
while ((str = br.readLine()) != null) {
listString.append(str).append("\n");
}
// parseText falls back to a default SAXReader, which is safe
Document document = DocumentHelper.parseText(listString.toString()); // Safe
}
}
Reference in New Issue View Git Blame Copy Permalink