mirror of
https://github.com/github/codeql.git
synced 2025-12-21 19:26:31 +01:00
47 lines
899 B
C++
47 lines
899 B
C++
// test cases for rule CWE-611 (SAXParser)
|
|
|
|
#include "tests.h"
|
|
|
|
// ---
|
|
|
|
class SAXParser
|
|
{
|
|
public:
|
|
SAXParser();
|
|
|
|
void setDisableDefaultEntityResolution(bool); // default is false
|
|
void setSecurityManager(SecurityManager *const manager);
|
|
void parse(const InputSource &data);
|
|
};
|
|
|
|
// ---
|
|
|
|
void test2_1(InputSource &data) {
|
|
SAXParser *p = new SAXParser();
|
|
|
|
p->parse(data); // BAD (parser not correctly configured)
|
|
}
|
|
|
|
void test2_2(InputSource &data) {
|
|
SAXParser *p = new SAXParser();
|
|
|
|
p->setDisableDefaultEntityResolution(true);
|
|
p->parse(data); // GOOD
|
|
}
|
|
|
|
void test2_3(InputSource &data) {
|
|
SAXParser *p = new SAXParser();
|
|
bool v = false;
|
|
|
|
p->setDisableDefaultEntityResolution(v);
|
|
p->parse(data); // BAD (parser not correctly configured)
|
|
}
|
|
|
|
void test2_4(InputSource &data) {
|
|
SAXParser *p = new SAXParser();
|
|
bool v = true;
|
|
|
|
p->setDisableDefaultEntityResolution(v);
|
|
p->parse(data); // GOOD
|
|
}
|