Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9b6c1bc

Browse files
Robert Marshgeoffw0
Robert Marsh
authored and
geoffw0
committed
WIP: Xerces XXE
1 parent ccd7bb5 commit 9b6c1bc

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

cpp/ql/src/Security/CWE/CWE-611/XercesXXE.ql

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
/**
2+
* @name External Entity Expansion
3+
* @description
4+
* @kind problem
5+
* @id cpp/external-entity-expansion
6+
* @problem.severity warning
7+
* @tags security
8+
* external/cwe/cwe-611
9+
*/
10+
11+
import cpp
12+
13+
class XercesDOMParser extends Class {
14+
XercesDOMParser() { this.hasName("XercesDOMParser") }
15+
}
16+
17+
class AbstractDOMParser extends Class {
18+
AbstractDOMParser() { this.hasName("AbstractDOMParser") }
19+
}
20+
21+
/*
22+
parser created
23+
needs doSchema set?
24+
needs validation set?
25+
needs namespaces?
26+
(
27+
no security manager
28+
OR
29+
no
30+
*/

0 commit comments

Comments
 (0)