Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9a0880f

Browse files
geoffw0geoffw0
committed
C++: Clean up the tests, make them a bit more realistic, and add many more test cases.
1 parent e2eda65 commit 9a0880f

2 files changed

Lines changed: 156 additions & 25 deletions

File tree

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.cpp

Lines changed: 154 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,41 +1,170 @@
1+
// test cases for rule CWE-611
2+
3+
#include "tests.h"
4+
5+
// ---
6+
7+
class SecurityManager;
8+
class InputSource;
9+
110
class AbstractDOMParser {
2-
public:
3-
AbstractDOMParser();
4-
void setDisableDefaultEntityResolution(bool);
5-
void setCreateEntityReferenceNodes(bool);
6-
void setSecurityManager();
7-
void parse();
8-
}
11+
public:
12+
AbstractDOMParser();
13+
14+
void setDisableDefaultEntityResolution(bool); // default is false (bad)
15+
void setCreateEntityReferenceNodes(bool); // default is true (good)
16+
void setSecurityManager(SecurityManager *const manager);
17+
void parse(const InputSource &data);
18+
};
919

1020
class XercesDOMParser: public AbstractDOMParser {
11-
public:
12-
XercesDOMParser();
13-
}
21+
public:
22+
XercesDOMParser();
23+
};
1424

1525
class LSParser: public AbstractDOMParser {
26+
};
27+
28+
LSParser *createLSParser();
29+
30+
// ---
31+
32+
void test1(InputSource &data) {
33+
XercesDOMParser *p = new XercesDOMParser();
34+
35+
p->parse(data); // BAD (parser not correctly configured)
36+
}
37+
38+
void test2(InputSource &data) {
39+
XercesDOMParser *p = new XercesDOMParser();
40+
41+
p->setDisableDefaultEntityResolution(true);
42+
p->parse(data); // GOOD
43+
}
44+
45+
void test3(InputSource &data) {
46+
XercesDOMParser *p = new XercesDOMParser();
47+
48+
p->setDisableDefaultEntityResolution(false);
49+
p->parse(data); // BAD (parser not correctly configured)
50+
}
51+
52+
void test4(InputSource &data) {
53+
XercesDOMParser *p = new XercesDOMParser();
54+
55+
p->setDisableDefaultEntityResolution(true);
56+
p->setCreateEntityReferenceNodes(false);
57+
p->parse(data); // BAD (parser not correctly configured)
58+
}
59+
60+
void test5(InputSource &data) {
61+
XercesDOMParser *p = new XercesDOMParser();
62+
63+
p->setDisableDefaultEntityResolution(true);
64+
p->setCreateEntityReferenceNodes(true);
65+
p->parse(data); // GOOD
66+
}
1667

68+
void test6(InputSource &data) {
69+
XercesDOMParser *p = new XercesDOMParser();
70+
71+
p->setDisableDefaultEntityResolution(true);
72+
p->parse(data); // GOOD
73+
p->setDisableDefaultEntityResolution(false);
74+
p->parse(data); // BAD (parser not correctly configured)
75+
p->setDisableDefaultEntityResolution(true);
76+
p->parse(data); // GOOD
77+
p->setCreateEntityReferenceNodes(false);
78+
p->parse(data); // BAD (parser not correctly configured)
79+
p->setCreateEntityReferenceNodes(true);
80+
p->parse(data); // GOOD
81+
}
82+
83+
void test7(InputSource &data, bool cond) {
84+
XercesDOMParser *p = new XercesDOMParser();
85+
86+
p->setDisableDefaultEntityResolution(cond);
87+
p->parse(data); // BAD (parser may not be correctly configured)
88+
}
89+
90+
void test8(InputSource &data, bool cond) {
91+
XercesDOMParser *p = new XercesDOMParser();
92+
93+
if (cond)
94+
{
95+
p->setDisableDefaultEntityResolution(true);
96+
}
97+
98+
p->parse(data); // BAD (parser may not be correctly configured)
99+
}
100+
101+
void test9(InputSource &data) {
102+
{
103+
XercesDOMParser *p = new XercesDOMParser();
104+
XercesDOMParser &q = *p;
105+
106+
q.parse(data); // BAD (parser not correctly configured)
107+
}
108+
109+
{
110+
XercesDOMParser *p = new XercesDOMParser();
111+
XercesDOMParser &q = *p;
112+
113+
q.setDisableDefaultEntityResolution(true);
114+
q.parse(data); // GOOD
115+
}
116+
117+
{
118+
XercesDOMParser *p = new XercesDOMParser();
119+
XercesDOMParser &q = *p;
120+
121+
p->setDisableDefaultEntityResolution(true);
122+
q.parse(data); // GOOD
123+
}
124+
}
125+
126+
void test10_doParseA(XercesDOMParser *p, InputSource &data) {
127+
p->parse(data); // GOOD
128+
}
129+
130+
void test10_doParseB(XercesDOMParser *p, InputSource &data) {
131+
p->parse(data); // BAD (parser not correctly configured)
132+
}
133+
134+
void test10_doParseC(XercesDOMParser *p, InputSource &data) {
135+
p->parse(data); // BAD (parser may not be correctly configured)
17136
}
18137

19-
LSParser createLSParser();
138+
void test10(InputSource &data) {
139+
XercesDOMParser *p = new XercesDOMParser();
140+
XercesDOMParser *q = new XercesDOMParser();
20141

21-
void test1() {
22-
XercesDOMParser p = new XercesDOMParser();
23-
p.parse() // BAD
142+
p->setDisableDefaultEntityResolution(true);
143+
test10_doParseA(p, data);
144+
test10_doParseB(q, data);
145+
test10_doParseC(p, data);
146+
test10_doParseC(q, data);
24147
}
25148

26-
void test2() {
27-
XercesDOMParser p = new XercesDOMParser();
28-
p.setDisableDefaultEntityResolution(true);
29-
p.parse() // GOOD
149+
void test11(InputSource &data) {
150+
LSParser *p = createLSParser();
151+
152+
p->parse(data); // BAD (parser not correctly configured)
30153
}
31154

32-
void test3() {
33-
LSParser p = createLSParser();
34-
p.parse() // BAD
155+
void test12(InputSource &data) {
156+
LSParser *p = createLSParser();
157+
158+
p->setDisableDefaultEntityResolution(true);
159+
p->parse(data); // GOOD
35160
}
36161

37-
void test2() {
38-
LSParser p = createLSParser();
39-
p.setDisableDefaultEntityResolution(true);
40-
p.parse() // GOOD
162+
LSParser *g_p1 = createLSParser();
163+
LSParser *g_p2 = createLSParser();
164+
InputSource *g_data;
165+
166+
void test13() {
167+
g_p1->setDisableDefaultEntityResolution(true);
168+
g_p1->parse(*g_data); // GOOD
169+
g_p2->parse(*g_data); // BAD (parser not correctly configured)
41170
}

cpp/ql/test/query-tests/Security/CWE/CWE-611/tests.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
// library functions for rule CWE-611
2+

0 commit comments

Comments
 (0)