You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Bryan Pendleton (JIRA)" <ji...@apache.org> on 2015/07/01 03:13:04 UTC

[jira] [Updated] (DERBY-6810) Add regression tests for XXE vulnerability

     [ https://issues.apache.org/jira/browse/DERBY-6810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bryan Pendleton updated DERBY-6810:
-----------------------------------
    Attachment: vtiTests2.diff

vtiTests2.diff seems to pass on the platforms I have access to,
and corrects the svn properties for the new trace files (I think).

> Add regression tests for XXE vulnerability
> ------------------------------------------
>
>                 Key: DERBY-6810
>                 URL: https://issues.apache.org/jira/browse/DERBY-6810
>             Project: Derby
>          Issue Type: Sub-task
>            Reporter: Bryan Pendleton
>            Assignee: Abhinav Gupta
>         Attachments: billionLaughs.diff, error-stacktrace.out, readPasswordFile.diff, vtiTests.diff, vtiTests2.diff
>
>
> We should add some regression tests demonstrating that
> Derby is no longer vulnerable to an XXE assault.
> One possibility would be to have a example using a local
> file disclosure.
> Another possibility would be to have example based on the
> well-known "Billion Laughs" denial of service attack.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)