Skip to content

Commit 812a24f

Browse files
geoffw0geoffw0
committed
C++: Add test cases for libxml2.
1 parent 7fb1069 commit 812a24f

File tree

2 files changed

+137
-0
lines changed

2 files changed

+137
-0
lines changed

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,5 @@
22

33
class SecurityManager;
44
class InputSource;
5+
6+
#define NULL (0)

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests4.cpp

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
// test cases for rule CWE-611 (libxml2)
2+
3+
#include "tests.h"
4+
5+
// ---
6+
7+
enum xmlParserOption
8+
{
9+
XML_PARSE_NOENT = 2,
10+
XML_PARSE_DTDLOAD = 4,
11+
XML_PARSE_OPTION_HARMLESS = 8
12+
};
13+
14+
class xmlDoc;
15+
16+
xmlDoc *xmlReadFile(const char *fileName, const char *encoding, int flags);
17+
xmlDoc *xmlReadMemory(const char *ptr, int sz, const char *url, const char *encoding, int flags);
18+
19+
void xmlFreeDoc(xmlDoc *ptr);
20+
21+
// ---
22+
23+
void test4_1(const char *fileName) {
24+
xmlDoc *p;
25+
26+
p = xmlReadFile(fileName, NULL, XML_PARSE_NOENT); // BAD (parser not correctly configured) [NOT DETECTED]
27+
if (p != NULL)
28+
{
29+
xmlFreeDoc(p);
30+
}
31+
}
32+
33+
void test4_2(const char *fileName) {
34+
xmlDoc *p;
35+
36+
p = xmlReadFile(fileName, NULL, XML_PARSE_DTDLOAD); // BAD (parser not correctly configured) [NOT DETECTED]
37+
if (p != NULL)
38+
{
39+
xmlFreeDoc(p);
40+
}
41+
}
42+
43+
void test4_3(const char *fileName) {
44+
xmlDoc *p;
45+
46+
p = xmlReadFile(fileName, NULL, XML_PARSE_NOENT | XML_PARSE_DTDLOAD); // BAD (parser not correctly configured) [NOT DETECTED]
47+
if (p != NULL)
48+
{
49+
xmlFreeDoc(p);
50+
}
51+
}
52+
53+
void test4_4(const char *fileName) {
54+
xmlDoc *p;
55+
56+
p = xmlReadFile(fileName, NULL, 0); // GOOD
57+
if (p != NULL)
58+
{
59+
xmlFreeDoc(p);
60+
}
61+
}
62+
63+
void test4_5(const char *fileName) {
64+
xmlDoc *p;
65+
66+
p = xmlReadFile(fileName, NULL, XML_PARSE_OPTION_HARMLESS); // GOOD
67+
if (p != NULL)
68+
{
69+
xmlFreeDoc(p);
70+
}
71+
}
72+
73+
void test4_6(const char *fileName) {
74+
xmlDoc *p;
75+
int flags = XML_PARSE_NOENT;
76+
77+
p = xmlReadFile(fileName, NULL, flags); // BAD (parser not correctly configured) [NOT DETECTED]
78+
if (p != NULL)
79+
{
80+
xmlFreeDoc(p);
81+
}
82+
}
83+
84+
void test4_7(const char *fileName) {
85+
xmlDoc *p;
86+
int flags = 0;
87+
88+
p = xmlReadFile(fileName, NULL, flags); // GOOD
89+
if (p != NULL)
90+
{
91+
xmlFreeDoc(p);
92+
}
93+
}
94+
95+
void test4_8(const char *fileName) {
96+
xmlDoc *p;
97+
int flags = XML_PARSE_OPTION_HARMLESS;
98+
99+
p = xmlReadFile(fileName, NULL, flags | XML_PARSE_NOENT); // BAD (parser not correctly configured) [NOT DETECTED]
100+
if (p != NULL)
101+
{
102+
xmlFreeDoc(p);
103+
}
104+
}
105+
106+
void test4_9(const char *fileName) {
107+
xmlDoc *p;
108+
int flags = XML_PARSE_NOENT;
109+
110+
p = xmlReadFile(fileName, NULL, flags | XML_PARSE_OPTION_HARMLESS); // BAD (parser not correctly configured) [NOT DETECTED]
111+
if (p != NULL)
112+
{
113+
xmlFreeDoc(p);
114+
}
115+
}
116+
117+
void test4_10(const char *ptr, int sz) {
118+
xmlDoc *p;
119+
120+
p = xmlReadMemory(ptr, sz, "", NULL, 0); // GOOD
121+
if (p != NULL)
122+
{
123+
xmlFreeDoc(p);
124+
}
125+
}
126+
127+
void test4_11(const char *ptr, int sz) {
128+
xmlDoc *p;
129+
130+
p = xmlReadMemory(ptr, sz, "", NULL, XML_PARSE_DTDLOAD); // BAD (parser not correctly configured) [NOT DETECTED]
131+
if (p != NULL)
132+
{
133+
xmlFreeDoc(p);
134+
}
135+
}

0 commit comments

Comments
 (0)