C++: Additional test cases.

geoffw0 · geoffw0 · commit 88520435584f · 2022-05-11T11:01:26.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp
@@ -76,3 +76,28 @@ void test5_6() {
 	g_p1->parse(*g_data); // GOOD
 	g_p2->parse(*g_data); // BAD (parser not correctly configured) [NOT DETECTED]
 }
+
+void test5_7(DOMImplementationLS *impl, InputSource &data) {
+	DOMLSParser *p = impl->createLSParser();
+
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+
+	p->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true);
+	p->parse(data); // GOOD
+
+	p->getDomConfig()->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, false);
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+}
+
+void test5_8(DOMImplementationLS *impl, InputSource &data) {
+	DOMLSParser *p = impl->createLSParser();
+	DOMConfiguration *cfg = p->getDomConfig();
+
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+
+	cfg->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, true);
+	p->parse(data); // GOOD
+
+	cfg->setParameter(XMLUni::fgXercesDisableDefaultEntityResolution, false);
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+}
