Skip to content

Commit 15dfc6d

Browse files
committed
Fix xml_sax_parser.py good/bad naming
1 parent 8df3dab commit 15dfc6d

1 file changed

Lines changed: 9 additions & 9 deletions

File tree

python/ql/test/experimental/query-tests/Security/CWE-611/xml_sax_make_parser.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -32,24 +32,24 @@ def mainHandler():
3232
def xml_makeparser_MainHandler():
3333
xml_content = request.args['xml_content']
3434

35-
BadHandler = MainHandler()
35+
GoodHandler = MainHandler()
3636
parser = xml.sax.make_parser()
37-
parser.setContentHandler(BadHandler)
37+
parser.setContentHandler(GoodHandler)
3838
parser.parse(StringIO(xml_content))
39-
return BadHandler._result
39+
return GoodHandler._result
4040

4141

4242
@app.route("/xml.sax.make_parser()+MainHandler-xml.sax.handler.feature_external_ges_False")
4343
def xml_makeparser_MainHandler_entitiesFalse():
4444
xml_content = request.args['xml_content']
4545

46-
BadHandler = MainHandler()
46+
GoodHandler = MainHandler()
4747
parser = xml.sax.make_parser()
48-
parser.setContentHandler(BadHandler)
48+
parser.setContentHandler(GoodHandler)
4949
# https://docs.python.org/3/library/xml.sax.handler.html#xml.sax.handler.feature_external_ges
5050
parser.setFeature(xml.sax.handler.feature_external_ges, False)
5151
parser.parse(StringIO(xml_content))
52-
return BadHandler._result
52+
return GoodHandler._result
5353

5454
# BAD
5555

@@ -58,12 +58,12 @@ def xml_makeparser_MainHandler_entitiesFalse():
5858
def xml_makeparser_MainHandler_entitiesTrue():
5959
xml_content = request.args['xml_content']
6060

61-
GoodHandler = MainHandler()
61+
BadHandler = MainHandler()
6262
parser = xml.sax.make_parser()
63-
parser.setContentHandler(GoodHandler)
63+
parser.setContentHandler(BadHandler)
6464
parser.setFeature(xml.sax.handler.feature_external_ges, True)
6565
parser.parse(StringIO(xml_content))
66-
return GoodHandler._result
66+
return BadHandler._result
6767

6868

6969
@app.route("/xml.sax.make_parser()+xml.dom.minidom.parse-xml.sax.handler.feature_external_ges_True")

0 commit comments

Comments
 (0)