You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@olingo.apache.org by sk...@apache.org on 2014/01/16 15:58:35 UTC
git commit: [OLINGO-117] more junit tests
Updated Branches:
refs/heads/olingo-117 c3930ed1f -> 61547345e
[OLINGO-117] more junit tests
Project: http://git-wip-us.apache.org/repos/asf/incubator-olingo-odata2/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-olingo-odata2/commit/61547345
Tree: http://git-wip-us.apache.org/repos/asf/incubator-olingo-odata2/tree/61547345
Diff: http://git-wip-us.apache.org/repos/asf/incubator-olingo-odata2/diff/61547345
Branch: refs/heads/olingo-117
Commit: 61547345e9f7190dec0e078813939ccddfad88ce
Parents: c3930ed
Author: Stephan Klevenz <sk...@apache.org>
Authored: Thu Jan 16 15:56:48 2014 +0100
Committer: Stephan Klevenz <sk...@apache.org>
Committed: Thu Jan 16 15:57:39 2014 +0100
----------------------------------------------------------------------
.../odata2/core/commons/XmlHelperTest.java | 76 +++++++++++++++++---
1 file changed, 67 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-olingo-odata2/blob/61547345/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/commons/XmlHelperTest.java
----------------------------------------------------------------------
diff --git a/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/commons/XmlHelperTest.java b/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/commons/XmlHelperTest.java
index 0d2c7b2..55c9df0 100644
--- a/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/commons/XmlHelperTest.java
+++ b/odata2-lib/odata-core/src/test/java/org/apache/olingo/odata2/core/commons/XmlHelperTest.java
@@ -18,8 +18,10 @@
******************************************************************************/
package org.apache.olingo.odata2.core.commons;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
@@ -33,8 +35,11 @@ import org.apache.olingo.odata2.api.ep.EntityProvider;
import org.apache.olingo.odata2.api.ep.EntityProviderException;
import org.apache.olingo.odata2.api.ep.EntityProviderReadProperties;
import org.apache.olingo.odata2.testutil.mock.MockFacade;
+import org.junit.Ignore;
import org.junit.Test;
+import com.ctc.wstx.exc.WstxParsingException;
+
public class XmlHelperTest {
public static String XML =
@@ -69,6 +74,18 @@ public class XmlHelperTest {
" ]>" +
" <lolz>&lol9;</lolz>";
+ public static String XML_DOCTYPE =
+ "<?xml version=\"1.0\" standalone=\"yes\"?>" +
+ "<!DOCTYPE hallo [<!ELEMENT hallo (#PCDATA)>]>" +
+ "<hallo>Hallo Welt!</hallo>";
+
+ public static String XML_PROCESSING =
+ "<?xml version=\"1.0\"?>" +
+ "<?apache include file=\"somefile.html\" ?>" +
+ "<extract>" +
+ " <data>&rules;</data>" +
+ "</extract>";
+
@Test
public void createReader() throws Exception {
InputStream content = new ByteArrayInputStream(XML.getBytes("UTF-8"));
@@ -127,20 +144,61 @@ public class XmlHelperTest {
}
}
- @Test(expected = EntityProviderException.class)
+ @Test
public void lolApiWithProtection() throws Exception {
- InputStream content = new ByteArrayInputStream(XML_LOL.getBytes("UTF-8"));
- EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
-
- EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+ try {
+ InputStream content = new ByteArrayInputStream(XML_LOL.getBytes("UTF-8"));
+ EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
+ EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+
+ fail();
+ } catch (EntityProviderException e) {
+ assertEquals(WstxParsingException.class, e.getCause().getClass());
+ }
}
- @Test(expected = EntityProviderException.class)
+ @Test
public void xxeApiWithProtection() throws Exception {
- InputStream content = new ByteArrayInputStream(XML_XXE.getBytes("UTF-8"));
- EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
+ try {
+ InputStream content = new ByteArrayInputStream(XML_XXE.getBytes("UTF-8"));
+ EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
- EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+ EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+
+ fail();
+ } catch (EntityProviderException e) {
+ assertEquals(WstxParsingException.class, e.getCause().getClass());
+ }
+ }
+
+ @Test
+ public void xmlDoctypeApiWithProtection() throws Exception {
+ try {
+ InputStream content = new ByteArrayInputStream(XML_DOCTYPE.getBytes("UTF-8"));
+ EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
+
+ EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+
+ fail();
+ } catch (EntityProviderException e) {
+ assertEquals(WstxParsingException.class, e.getCause().getClass());
+ }
}
+
+ @Test
+ @Ignore("not way to disable in parser")
+ public void xmlProcessingApiWithProtection() throws Exception {
+ try {
+ InputStream content = new ByteArrayInputStream(XML_PROCESSING.getBytes("UTF-8"));
+ EdmEntitySet entitySet = MockFacade.getMockEdm().getDefaultEntityContainer().getEntitySet("Employees");
+
+ EntityProvider.readEntry("application/xml", entitySet, content, EntityProviderReadProperties.init().build());
+
+ fail();
+ } catch (EntityProviderException e) {
+ e.printStackTrace();
+ assertEquals(WstxParsingException.class, e.getCause().getClass());
+ }
+ }
}