Python: Add conditional assignment check for sax parser

RasmusWL · RasmusWL · commit 1a9620a87a4a · 2022-03-04T10:16:28.000+01:00
diff --git a/python/ql/test/experimental/library-tests/frameworks/XML/xml_sax.py b/python/ql/test/experimental/library-tests/frameworks/XML/xml_sax.py
@@ -45,3 +45,20 @@ def func(cond):
 parser.setFeature(xml.sax.handler.feature_external_ges, True)
 parser.setFeature(xml.sax.handler.feature_external_ges, False)
 parser.parse(StringIO(x)) # $ input=StringIO(..) vuln='Billion Laughs' vuln='Quadratic Blowup'
+
+def check_conditional_assignment(cond):
+    parser = xml.sax.make_parser()
+    if cond:
+        parser.setFeature(xml.sax.handler.feature_external_ges, True)
+    else:
+        parser.setFeature(xml.sax.handler.feature_external_ges, False)
+    parser.parse(StringIO(x)) # $ input=StringIO(..) vuln='Billion Laughs' vuln='DTD retrieval' vuln='Quadratic Blowup' vuln='XXE'
+
+def check_conditional_assignment2(cond):
+    parser = xml.sax.make_parser()
+    if cond:
+        flag_value = True
+    else:
+        flag_value = False
+    parser.setFeature(xml.sax.handler.feature_external_ges, flag_value)
+    parser.parse(StringIO(x)) # $ input=StringIO(..) vuln='Billion Laughs' vuln='DTD retrieval' vuln='Quadratic Blowup' vuln='XXE'
