C++: Split off the createLSParser tests into their own file.

geoffw0 · geoffw0 · commit 397efd1648e6 · 2022-04-29T10:35:33.000+01:00
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-611/XXE.expected
@@ -1,6 +1,7 @@
 edges
 | tests2.cpp:20:17:20:31 | SAXParser output argument | tests2.cpp:22:2:22:2 | p |
 | tests2.cpp:33:17:33:31 | SAXParser output argument | tests2.cpp:37:2:37:2 | p |
+| tests5.cpp:18:25:18:38 | call to createLSParser | tests5.cpp:20:2:20:2 | p |
 | tests.cpp:33:23:33:43 | XercesDOMParser output argument | tests.cpp:35:2:35:2 | p |
 | tests.cpp:46:23:46:43 | XercesDOMParser output argument | tests.cpp:49:2:49:2 | p |
 | tests.cpp:53:19:53:19 | VariableAddress [post update] | tests.cpp:55:2:55:2 | p |
@@ -27,12 +28,13 @@ edges
 | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:146:18:146:18 | q |
 | tests.cpp:144:18:144:18 | q | tests.cpp:130:39:130:39 | p |
 | tests.cpp:146:18:146:18 | q | tests.cpp:134:39:134:39 | p |
-| tests.cpp:150:25:150:38 | call to createLSParser | tests.cpp:152:2:152:2 | p |
 nodes
 | tests2.cpp:20:17:20:31 | SAXParser output argument | semmle.label | SAXParser output argument |
 | tests2.cpp:22:2:22:2 | p | semmle.label | p |
 | tests2.cpp:33:17:33:31 | SAXParser output argument | semmle.label | SAXParser output argument |
 | tests2.cpp:37:2:37:2 | p | semmle.label | p |
+| tests5.cpp:18:25:18:38 | call to createLSParser | semmle.label | call to createLSParser |
+| tests5.cpp:20:2:20:2 | p | semmle.label | p |
 | tests.cpp:33:23:33:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
 | tests.cpp:35:2:35:2 | p | semmle.label | p |
 | tests.cpp:46:23:46:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
@@ -68,12 +70,11 @@ nodes
 | tests.cpp:140:23:140:43 | XercesDOMParser output argument | semmle.label | XercesDOMParser output argument |
 | tests.cpp:144:18:144:18 | q | semmle.label | q |
 | tests.cpp:146:18:146:18 | q | semmle.label | q |
-| tests.cpp:150:25:150:38 | call to createLSParser | semmle.label | call to createLSParser |
-| tests.cpp:152:2:152:2 | p | semmle.label | p |
 subpaths
 #select
 | tests2.cpp:22:2:22:2 | p | tests2.cpp:20:17:20:31 | SAXParser output argument | tests2.cpp:22:2:22:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests2.cpp:20:17:20:31 | SAXParser output argument | XML parser |
 | tests2.cpp:37:2:37:2 | p | tests2.cpp:33:17:33:31 | SAXParser output argument | tests2.cpp:37:2:37:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests2.cpp:33:17:33:31 | SAXParser output argument | XML parser |
+| tests5.cpp:20:2:20:2 | p | tests5.cpp:18:25:18:38 | call to createLSParser | tests5.cpp:20:2:20:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests5.cpp:18:25:18:38 | call to createLSParser | XML parser |
 | tests.cpp:35:2:35:2 | p | tests.cpp:33:23:33:43 | XercesDOMParser output argument | tests.cpp:35:2:35:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:33:23:33:43 | XercesDOMParser output argument | XML parser |
 | tests.cpp:49:2:49:2 | p | tests.cpp:46:23:46:43 | XercesDOMParser output argument | tests.cpp:49:2:49:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:46:23:46:43 | XercesDOMParser output argument | XML parser |
 | tests.cpp:57:2:57:2 | p | tests.cpp:53:23:53:43 | XercesDOMParser output argument | tests.cpp:57:2:57:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:53:23:53:43 | XercesDOMParser output argument | XML parser |
@@ -85,4 +86,3 @@ subpaths
 | tests.cpp:122:3:122:3 | q | tests.cpp:118:24:118:44 | XercesDOMParser output argument | tests.cpp:122:3:122:3 | q | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:118:24:118:44 | XercesDOMParser output argument | XML parser |
 | tests.cpp:131:2:131:2 | p | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:131:2:131:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:140:23:140:43 | XercesDOMParser output argument | XML parser |
 | tests.cpp:135:2:135:2 | p | tests.cpp:140:23:140:43 | XercesDOMParser output argument | tests.cpp:135:2:135:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:140:23:140:43 | XercesDOMParser output argument | XML parser |
-| tests.cpp:152:2:152:2 | p | tests.cpp:150:25:150:38 | call to createLSParser | tests.cpp:152:2:152:2 | p | This $@ is not configured to prevent an XML external entity (XXE) attack. | tests.cpp:150:25:150:38 | call to createLSParser | XML parser |
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp
@@ -1,31 +1,31 @@
-// test cases for rule CWE-611
+// test cases for rule CWE-611 (XercesDOMParser)
 
 #include "tests.h"
 
 // ---
 
-class AbstractDOMParser {
-public:
-	AbstractDOMParser();
-
-	void setDisableDefaultEntityResolution(bool); // default is false
-	void setCreateEntityReferenceNodes(bool); // default is true
-	void setSecurityManager(SecurityManager *const manager);
-	void parse(const InputSource &data);
-};
-
 class XercesDOMParser: public AbstractDOMParser {
 public:
 	XercesDOMParser();
 };
 
-class DOMLSParser : public AbstractDOMParser {
-};
 
-class DOMImplementationLS {
-public:
-	DOMLSParser *createLSParser();
-};
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 // ---
 
@@ -145,34 +145,3 @@ void test10(InputSource &data) {
 	test10_doParseC(p, data);
 	test10_doParseC(q, data);
 }
-
-void test11(DOMImplementationLS *impl, InputSource &data) {
-	DOMLSParser *p = impl->createLSParser();
-
-	p->parse(data); // BAD (parser not correctly configured)
-}
-
-void test12(DOMImplementationLS *impl, InputSource &data) {
-	DOMLSParser *p = impl->createLSParser();
-
-	p->setDisableDefaultEntityResolution(true);
-	p->parse(data); // GOOD
-}
-
-DOMImplementationLS *g_impl;
-DOMLSParser *g_p1, *g_p2;
-InputSource *g_data;
-
-void test13_init() {
-	g_p1 = g_impl->createLSParser();
-	g_p1->setDisableDefaultEntityResolution(true);
-
-	g_p2 = g_impl->createLSParser();
-}
-
-void test13() {
-	test13_init();
-
-	g_p1->parse(*g_data); // GOOD
-	g_p2->parse(*g_data); // BAD (parser not correctly configured) [NOT DETECTED]
-}
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h
@@ -2,3 +2,13 @@
 
 class SecurityManager;
 class InputSource;
+
+class AbstractDOMParser {
+public:
+	AbstractDOMParser();
+
+	void setDisableDefaultEntityResolution(bool); // default is false
+	void setCreateEntityReferenceNodes(bool); // default is true
+	void setSecurityManager(SecurityManager *const manager);
+	void parse(const InputSource &data);
+};
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp b/cpp/ql/test/query-tests/Security/CWE/CWE-611/tests5.cpp
@@ -0,0 +1,46 @@
+// test cases for rule CWE-611 (createLSParser)
+
+#include "tests.h"
+
+// ---
+
+class DOMLSParser : public AbstractDOMParser {
+};
+
+class DOMImplementationLS {
+public:
+	DOMLSParser *createLSParser();
+};
+
+// ---
+
+void test5_1(DOMImplementationLS *impl, InputSource &data) {
+	DOMLSParser *p = impl->createLSParser();
+
+	p->parse(data); // BAD (parser not correctly configured)
+}
+
+void test5_2(DOMImplementationLS *impl, InputSource &data) {
+	DOMLSParser *p = impl->createLSParser();
+
+	p->setDisableDefaultEntityResolution(true);
+	p->parse(data); // GOOD
+}
+
+DOMImplementationLS *g_impl;
+DOMLSParser *g_p1, *g_p2;
+InputSource *g_data;
+
+void test5_3_init() {
+	g_p1 = g_impl->createLSParser();
+	g_p1->setDisableDefaultEntityResolution(true);
+
+	g_p2 = g_impl->createLSParser();
+}
+
+void test5_3() {
+	test5_3_init();
+
+	g_p1->parse(*g_data); // GOOD
+	g_p2->parse(*g_data); // BAD (parser not correctly configured) [NOT DETECTED]
+}
