You are viewing a plain text version of this content. The canonical link for it is here.
Posted to j-dev@xerces.apache.org by "pavan (JIRA)" <xe...@xml.apache.org> on 2014/03/12 19:16:43 UTC
[jira] [Created] (XERCESJ-1631) Testing Xerces security Manager
maxOccurNodeLimit
pavan created XERCESJ-1631:
------------------------------
Summary: Testing Xerces security Manager maxOccurNodeLimit
Key: XERCESJ-1631
URL: https://issues.apache.org/jira/browse/XERCESJ-1631
Project: Xerces2-J
Issue Type: Test
Components: Samples
Affects Versions: 2.9.1
Reporter: pavan
Priority: Critical
I have been using Xerces security manager in order to add DDos limits to the XML Parser. I am unable to test this property MaxOccurNodeLimit. I don't know whether this maxOccurs is related to the maxOccurs attribute present in the XSD. I have made up a following test by having the simple schema as
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="foo">
<xs:complexType>
<xs:choice>
<xs:element name="child1" type="xs:int" maxoccurs="250000"/>
<xs:element name="child2" type="xs:string" maxoccurs="250000"/>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:schema>
And then i have created an XML file following this schema
<?xml version="1.0"?>
<foo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="maxOccurs.xsd">
<child2>value</child2>
.
. 5000 child2 tags
.
<child2>value</child2>
</foo>
I have specified the maxOccurLimit as 4000 and i have given a node which was repeated for 5000 times and i expected an exception. But the xml parsing is getting successful. Is there any wrong with my understanding about this limit. If anybody has a clue please provide me an example of how to test it as well
Thanks
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org