C++: Add test cases for SAXParser.

geoffw0 · geoffw0 · commit 4e2344c4885d · 2022-04-28T16:11:08.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp
@@ -4,8 +4,8 @@
 
 // ---
 
-class SecurityManager;
-class InputSource;
+
+
 
 class AbstractDOMParser {
 public:
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h
@@ -1,2 +1,4 @@
-// library functions for rule CWE-611
+// library/common functions for rule CWE-611
 
+class SecurityManager;
+class InputSource;
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests2.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests2.cpp
@@ -0,0 +1,46 @@
+// test cases for rule CWE-611
+
+#include "tests.h"
+
+// ---
+
+class SAXParser
+{
+public:
+	SAXParser();
+
+	void setDisableDefaultEntityResolution(bool); // default is false
+	void setSecurityManager(SecurityManager *const manager);
+	void parse(const InputSource &data);
+};
+
+// ---
+
+void test2_1(InputSource &data) {
+	SAXParser *p = new SAXParser();
+
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+}
+
+void test2_2(InputSource &data) {
+	SAXParser *p = new SAXParser();
+
+	p->setDisableDefaultEntityResolution(true);
+	p->parse(data); // GOOD
+}
+
+void test2_3(InputSource &data) {
+	SAXParser *p = new SAXParser();
+	bool v = false;
+
+	p->setDisableDefaultEntityResolution(v);
+	p->parse(data); // BAD (parser not correctly configured) [NOT DETECTED]
+}
+
+void test2_4(InputSource &data) {
+	SAXParser *p = new SAXParser();
+	bool v = true;
+
+	p->setDisableDefaultEntityResolution(v);
+	p->parse(data); // GOOD
+}
