You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by fa...@apache.org on 2019/09/24 18:33:37 UTC
svn commit: r1867484 - in /poi/trunk:
src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java
src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java
test-data/spreadsheet/xxe_in_schema.xlsx
Author: fanningpj
Date: Tue Sep 24 18:33:37 2019
New Revision: 1867484
URL: http://svn.apache.org/viewvc?rev=1867484&view=rev
Log:
[bug-63768] XSSFExportToXml should set FEATURE_SECURE_PROCESSING on SchemaFactory. Thanks to Artem Smotrakov.
Added:
poi/trunk/test-data/spreadsheet/xxe_in_schema.xlsx (with props)
Modified:
poi/trunk/src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java
poi/trunk/src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java
Modified: poi/trunk/src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java?rev=1867484&r1=1867483&r2=1867484&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java Tue Sep 24 18:33:37 2019
@@ -28,6 +28,7 @@ import java.util.Locale;
import java.util.Map;
import java.util.Vector;
+import javax.xml.XMLConstants;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -241,9 +242,10 @@ public class XSSFExportToXml implements
* @throws SAXException If validating the document fails
*/
private boolean isValid(Document xml) throws SAXException{
- try{
+ try {
String language = "http://www.w3.org/2001/XMLSchema";
SchemaFactory factory = SchemaFactory.newInstance(language);
+ trySetFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
Source source = new DOMSource(map.getSchema());
Schema schema = factory.newSchema(source);
@@ -313,7 +315,7 @@ public class XSSFExportToXml implements
String[] xpathTokens = xpath.split("/");
- Node currentNode =rootNode;
+ Node currentNode = rootNode;
// The first token is empty, the second is the root node
for(int i =2; i<xpathTokens.length;i++) {
@@ -535,4 +537,14 @@ public class XSSFExportToXml implements
}
return complexTypeNode;
}
+
+ private static void trySetFeature(SchemaFactory sf, String feature, boolean enabled) {
+ try {
+ sf.setFeature(feature, enabled);
+ } catch (Exception e) {
+ LOG.log(POILogger.WARN, "SchemaFactory Feature unsupported", feature, e);
+ } catch (AbstractMethodError ame) {
+ LOG.log(POILogger.WARN, "Cannot set SchemaFactory feature because outdated XML parser in classpath", feature, ame);
+ }
+ }
}
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java?rev=1867484&r1=1867483&r2=1867484&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java Tue Sep 24 18:33:37 2019
@@ -51,6 +51,7 @@ import org.junit.Test;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
/**
* @author Roberto Manicardi
@@ -59,7 +60,7 @@ public final class TestXSSFExportToXML {
@Test
public void testExportToXML() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("CustomXMLMappings.xlsx")) {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("CustomXMLMappings.xlsx")) {
boolean found = false;
for (POIXMLDocumentPart p : wb.getRelations()) {
@@ -102,12 +103,12 @@ public final class TestXSSFExportToXML {
}
assertTrue(found);
}
- }
+ }
@Test
public void testExportToXMLInverseOrder() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples
- .openSampleWorkbook("CustomXmlMappings-inverse-order.xlsx")) {
+ try (XSSFWorkbook wb = XSSFTestDataSamples
+ .openSampleWorkbook("CustomXmlMappings-inverse-order.xlsx")) {
boolean found = false;
for (POIXMLDocumentPart p : wb.getRelations()) {
@@ -150,12 +151,12 @@ public final class TestXSSFExportToXML {
}
assertTrue(found);
}
- }
+ }
@Test
public void testXPathOrdering() throws IOException {
- try (XSSFWorkbook wb = XSSFTestDataSamples
- .openSampleWorkbook("CustomXmlMappings-inverse-order.xlsx")) {
+ try (XSSFWorkbook wb = XSSFTestDataSamples
+ .openSampleWorkbook("CustomXmlMappings-inverse-order.xlsx")) {
boolean found = false;
for (POIXMLDocumentPart p : wb.getRelations()) {
@@ -174,12 +175,12 @@ public final class TestXSSFExportToXML {
}
assertTrue(found);
}
- }
+ }
@Test
public void testMultiTable() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples
- .openSampleWorkbook("CustomXMLMappings-complex-type.xlsx")) {
+ try (XSSFWorkbook wb = XSSFTestDataSamples
+ .openSampleWorkbook("CustomXMLMappings-complex-type.xlsx")) {
boolean found = false;
for (POIXMLDocumentPart p : wb.getRelations()) {
@@ -218,7 +219,7 @@ public final class TestXSSFExportToXML {
}
assertTrue(found);
}
- }
+ }
@Test
@Ignore(value="Fails, but I don't know if it is ok or not...")
@@ -233,7 +234,7 @@ public final class TestXSSFExportToXML {
}
}
}
-
+
@Test
public void test55850ComplexXmlExport() throws Exception {
try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55850.xlsx")) {
@@ -351,300 +352,300 @@ public final class TestXSSFExportToXML {
assertTrue(found);
}
}
-
- @Test
- public void testXmlExportIgnoresEmptyCells_Bugzilla_55924() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55924.xlsx")) {
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ @Test
+ public void testXmlExportIgnoresEmptyCells_Bugzilla_55924() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55924.xlsx")) {
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
- XSSFMap map = mapInfo.getXSSFMapById(1);
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- assertNotNull("XSSFMap is null", map);
+ XSSFMap map = mapInfo.getXSSFMapById(1);
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, true);
- String xmlData = os.toString("UTF-8");
+ assertNotNull("XSSFMap is null", map);
- assertNotNull(xmlData);
- assertFalse(xmlData.isEmpty());
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, true);
+ String xmlData = os.toString("UTF-8");
- String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
- String euro = a.split("<EUR>")[1].split("</EUR>")[0].trim();
- assertEquals("1", euro);
+ assertNotNull(xmlData);
+ assertFalse(xmlData.isEmpty());
- parseXML(xmlData);
+ String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
+ String euro = a.split("<EUR>")[1].split("</EUR>")[0].trim();
+ assertEquals("1", euro);
- found = true;
- }
- assertTrue(found);
- }
- }
+ parseXML(xmlData);
- @Test
- public void testXmlExportSchemaWithXSAllTag_Bugzilla_56169() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("56169.xlsx")) {
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
- for (XSSFMap map : wb.getCustomXMLMappings()) {
- XSSFExportToXml exporter = new XSSFExportToXml(map);
+ @Test
+ public void testXmlExportSchemaWithXSAllTag_Bugzilla_56169() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("56169.xlsx")) {
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, true);
- String xmlData = os.toString("UTF-8");
+ for (XSSFMap map : wb.getCustomXMLMappings()) {
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
- assertNotNull(xmlData);
- assertTrue(!xmlData.isEmpty());
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, true);
+ String xmlData = os.toString("UTF-8");
- String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
- String a_b = a.split("<B>")[1].split("</B>")[0].trim();
- String a_b_c = a_b.split("<C>")[1].split("</C>")[0].trim();
- String a_b_c_e = a_b_c.split("<E>")[1].split("</EA>")[0].trim();
- String a_b_c_e_euro = a_b_c_e.split("<EUR>")[1].split("</EUR>")[0].trim();
- String a_b_c_e_chf = a_b_c_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+ assertNotNull(xmlData);
+ assertTrue(!xmlData.isEmpty());
- assertEquals("1", a_b_c_e_euro);
- assertEquals("2", a_b_c_e_chf);
+ String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
+ String a_b = a.split("<B>")[1].split("</B>")[0].trim();
+ String a_b_c = a_b.split("<C>")[1].split("</C>")[0].trim();
+ String a_b_c_e = a_b_c.split("<E>")[1].split("</EA>")[0].trim();
+ String a_b_c_e_euro = a_b_c_e.split("<EUR>")[1].split("</EUR>")[0].trim();
+ String a_b_c_e_chf = a_b_c_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+
+ assertEquals("1", a_b_c_e_euro);
+ assertEquals("2", a_b_c_e_chf);
- String a_b_d = a_b.split("<D>")[1].split("</Dd>")[0].trim();
- String a_b_d_e = a_b_d.split("<E>")[1].split("</EA>")[0].trim();
+ String a_b_d = a_b.split("<D>")[1].split("</Dd>")[0].trim();
+ String a_b_d_e = a_b_d.split("<E>")[1].split("</EA>")[0].trim();
- String a_b_d_e_euro = a_b_d_e.split("<EUR>")[1].split("</EUR>")[0].trim();
- String a_b_d_e_chf = a_b_d_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+ String a_b_d_e_euro = a_b_d_e.split("<EUR>")[1].split("</EUR>")[0].trim();
+ String a_b_d_e_chf = a_b_d_e.split("<CHF>")[1].split("</CHF>")[0].trim();
- assertEquals("3", a_b_d_e_euro);
- assertEquals("4", a_b_d_e_chf);
- }
- }
- }
-
- @Test
- public void testXmlExportCompare_Bug_55923() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
+ assertEquals("3", a_b_d_e_euro);
+ assertEquals("4", a_b_d_e_chf);
+ }
+ }
+ }
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ @Test
+ public void testXmlExportCompare_Bug_55923() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
- XSSFMap map = mapInfo.getXSSFMapById(4);
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- assertNotNull("XSSFMap is null", map);
+ XSSFMap map = mapInfo.getXSSFMapById(4);
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- assertEquals(0, exporter.compare("", ""));
- assertEquals(0, exporter.compare("/", "/"));
- assertEquals(0, exporter.compare("//", "//"));
- assertEquals(0, exporter.compare("/a/", "/b/"));
+ assertNotNull("XSSFMap is null", map);
- assertEquals(-1, exporter.compare("/ns1:Entry/ns1:A/ns1:B/ns1:C/ns1:E/ns1:EUR",
- "/ns1:Entry/ns1:A/ns1:B/ns1:C/ns1:E/ns1:CHF"));
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ assertEquals(0, exporter.compare("", ""));
+ assertEquals(0, exporter.compare("/", "/"));
+ assertEquals(0, exporter.compare("//", "//"));
+ assertEquals(0, exporter.compare("/a/", "/b/"));
- found = true;
- }
- assertTrue(found);
- }
- }
-
- @Test
- public void testXmlExportSchemaOrderingBug_Bugzilla_55923() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
+ assertEquals(-1, exporter.compare("/ns1:Entry/ns1:A/ns1:B/ns1:C/ns1:E/ns1:EUR",
+ "/ns1:Entry/ns1:A/ns1:B/ns1:C/ns1:E/ns1:CHF"));
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ @Test
+ public void testXmlExportSchemaOrderingBug_Bugzilla_55923() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
- XSSFMap map = mapInfo.getXSSFMapById(4);
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
- assertNotNull("XSSFMap is null", map);
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, true);
- String xmlData = os.toString("UTF-8");
+ XSSFMap map = mapInfo.getXSSFMapById(4);
- assertNotNull(xmlData);
- assertFalse(xmlData.isEmpty());
+ assertNotNull("XSSFMap is null", map);
- String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
- String a_b = a.split("<B>")[1].split("</B>")[0].trim();
- String a_b_c = a_b.split("<C>")[1].split("</C>")[0].trim();
- String a_b_c_e = a_b_c.split("<E>")[1].split("</EA>")[0].trim();
- String a_b_c_e_euro = a_b_c_e.split("<EUR>")[1].split("</EUR>")[0].trim();
- String a_b_c_e_chf = a_b_c_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, true);
+ String xmlData = os.toString("UTF-8");
- assertEquals("1", a_b_c_e_euro);
- assertEquals("2", a_b_c_e_chf);
+ assertNotNull(xmlData);
+ assertFalse(xmlData.isEmpty());
- String a_b_d = a_b.split("<D>")[1].split("</Dd>")[0].trim();
- String a_b_d_e = a_b_d.split("<E>")[1].split("</EA>")[0].trim();
+ String a = xmlData.split("<A>")[1].split("</A>")[0].trim();
+ String a_b = a.split("<B>")[1].split("</B>")[0].trim();
+ String a_b_c = a_b.split("<C>")[1].split("</C>")[0].trim();
+ String a_b_c_e = a_b_c.split("<E>")[1].split("</EA>")[0].trim();
+ String a_b_c_e_euro = a_b_c_e.split("<EUR>")[1].split("</EUR>")[0].trim();
+ String a_b_c_e_chf = a_b_c_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+
+ assertEquals("1", a_b_c_e_euro);
+ assertEquals("2", a_b_c_e_chf);
- String a_b_d_e_euro = a_b_d_e.split("<EUR>")[1].split("</EUR>")[0].trim();
- String a_b_d_e_chf = a_b_d_e.split("<CHF>")[1].split("</CHF>")[0].trim();
+ String a_b_d = a_b.split("<D>")[1].split("</Dd>")[0].trim();
+ String a_b_d_e = a_b_d.split("<E>")[1].split("</EA>")[0].trim();
- assertEquals("3", a_b_d_e_euro);
- assertEquals("4", a_b_d_e_chf);
+ String a_b_d_e_euro = a_b_d_e.split("<EUR>")[1].split("</EUR>")[0].trim();
+ String a_b_d_e_chf = a_b_d_e.split("<CHF>")[1].split("</CHF>")[0].trim();
- found = true;
- }
- assertTrue(found);
- }
- }
-
- private void parseXML(String xmlData) throws IOException, SAXException, ParserConfigurationException {
- DocumentBuilderFactory docBuilderFactory = XMLHelper.getDocumentBuilderFactory();
- docBuilderFactory.setNamespaceAware(true);
- docBuilderFactory.setValidating(false);
- DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
- docBuilder.setEntityResolver(new DummyEntityResolver());
+ assertEquals("3", a_b_d_e_euro);
+ assertEquals("4", a_b_d_e_chf);
- docBuilder.parse(new ByteArrayInputStream(xmlData.getBytes(StandardCharsets.UTF_8)));
- }
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
- private static class DummyEntityResolver implements EntityResolver {
- @Override
- public InputSource resolveEntity(String publicId, String systemId) {
- return null;
- }
- }
-
- @Test
- public void testExportDataTypes() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
+ private void parseXML(String xmlData) throws IOException, SAXException, ParserConfigurationException {
+ DocumentBuilderFactory docBuilderFactory = XMLHelper.getDocumentBuilderFactory();
+ docBuilderFactory.setNamespaceAware(true);
+ docBuilderFactory.setValidating(false);
+ DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
+ docBuilder.setEntityResolver(new DummyEntityResolver());
- Sheet sheet = wb.getSheetAt(0);
- Row row = sheet.getRow(0);
+ docBuilder.parse(new ByteArrayInputStream(xmlData.getBytes(StandardCharsets.UTF_8)));
+ }
- Cell cString = row.createCell(0);
- cString.setCellValue("somestring");
+ private static class DummyEntityResolver implements EntityResolver {
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId) {
+ return null;
+ }
+ }
- Cell cBoolean = row.createCell(1);
- cBoolean.setCellValue(true);
+ @Test
+ public void testExportDataTypes() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
- Cell cError = row.createCell(2);
- cError.setCellErrorValue(FormulaError.NUM.getCode());
+ Sheet sheet = wb.getSheetAt(0);
+ Row row = sheet.getRow(0);
- Cell cFormulaString = row.createCell(3);
- cFormulaString.setCellFormula("A1");
+ Cell cString = row.createCell(0);
+ cString.setCellValue("somestring");
- Cell cFormulaNumeric = row.createCell(4);
- cFormulaNumeric.setCellFormula("F1");
+ Cell cBoolean = row.createCell(1);
+ cBoolean.setCellValue(true);
- Cell cNumeric = row.createCell(5);
- cNumeric.setCellValue(1.2);
+ Cell cError = row.createCell(2);
+ cError.setCellErrorValue(FormulaError.NUM.getCode());
- Cell cDate = row.createCell(6);
- cDate.setCellValue(new Date());
+ Cell cFormulaString = row.createCell(3);
+ cFormulaString.setCellFormula("A1");
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ Cell cFormulaNumeric = row.createCell(4);
+ cFormulaNumeric.setCellFormula("F1");
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ Cell cNumeric = row.createCell(5);
+ cNumeric.setCellValue(1.2);
- XSSFMap map = mapInfo.getXSSFMapById(4);
+ Cell cDate = row.createCell(6);
+ cDate.setCellValue(new Date());
- assertNotNull("XSSFMap is null", map);
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, true);
- String xmlData = os.toString("UTF-8");
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- assertNotNull(xmlData);
- assertFalse(xmlData.isEmpty());
+ XSSFMap map = mapInfo.getXSSFMapById(4);
- parseXML(xmlData);
+ assertNotNull("XSSFMap is null", map);
- found = true;
- }
- assertTrue(found);
- }
- }
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, true);
+ String xmlData = os.toString("UTF-8");
- @Test
- public void testValidateFalse() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ assertNotNull(xmlData);
+ assertFalse(xmlData.isEmpty());
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ parseXML(xmlData);
- XSSFMap map = mapInfo.getXSSFMapById(4);
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
+
+ @Test
+ public void testValidateFalse() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("55923.xlsx")) {
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
+
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- assertNotNull("XSSFMap is null", map);
+ XSSFMap map = mapInfo.getXSSFMapById(4);
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, false);
- String xmlData = os.toString("UTF-8");
+ assertNotNull("XSSFMap is null", map);
- assertNotNull(xmlData);
- assertFalse(xmlData.isEmpty());
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, false);
+ String xmlData = os.toString("UTF-8");
+
+ assertNotNull(xmlData);
+ assertFalse(xmlData.isEmpty());
- parseXML(xmlData);
+ parseXML(xmlData);
- found = true;
- }
- assertTrue(found);
- }
- }
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
- @Test
- public void testRefElementsInXmlSchema_Bugzilla_56730() throws Exception {
- try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("56730.xlsx")) {
+ @Test
+ public void testRefElementsInXmlSchema_Bugzilla_56730() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("56730.xlsx")) {
- boolean found = false;
- for (POIXMLDocumentPart p : wb.getRelations()) {
+ boolean found = false;
+ for (POIXMLDocumentPart p : wb.getRelations()) {
- if (!(p instanceof MapInfo)) {
- continue;
- }
- MapInfo mapInfo = (MapInfo) p;
+ if (!(p instanceof MapInfo)) {
+ continue;
+ }
+ MapInfo mapInfo = (MapInfo) p;
- XSSFMap map = mapInfo.getXSSFMapById(1);
+ XSSFMap map = mapInfo.getXSSFMapById(1);
- assertNotNull("XSSFMap is null", map);
+ assertNotNull("XSSFMap is null", map);
- XSSFExportToXml exporter = new XSSFExportToXml(map);
- ByteArrayOutputStream os = new ByteArrayOutputStream();
- exporter.exportToXML(os, true);
- String xmlData = os.toString("UTF-8");
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ exporter.exportToXML(os, true);
+ String xmlData = os.toString("UTF-8");
- assertNotNull(xmlData);
- assertFalse(xmlData.isEmpty());
+ assertNotNull(xmlData);
+ assertFalse(xmlData.isEmpty());
- assertEquals("2014-12-31", xmlData.split("<DATE>")[1].split("</DATE>")[0].trim());
- assertEquals("12.5", xmlData.split("<REFELEMENT>")[1].split("</REFELEMENT>")[0].trim());
+ assertEquals("2014-12-31", xmlData.split("<DATE>")[1].split("</DATE>")[0].trim());
+ assertEquals("12.5", xmlData.split("<REFELEMENT>")[1].split("</REFELEMENT>")[0].trim());
- parseXML(xmlData);
+ parseXML(xmlData);
- found = true;
- }
- assertTrue(found);
- }
- }
+ found = true;
+ }
+ assertTrue(found);
+ }
+ }
- @Test
- public void testBug59026() throws Exception {
+ @Test
+ public void testBug59026() throws Exception {
try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("59026.xlsx")) {
Collection<XSSFMap> mappings = wb.getCustomXMLMappings();
assertTrue(mappings.size() > 0);
@@ -657,7 +658,7 @@ public final class TestXSSFExportToXML {
}
}
}
-
+
@Test
public void testExportTableWithNonMappedColumn_Bugzilla_61281() throws Exception {
try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("61281.xlsx")) {
@@ -671,4 +672,15 @@ public final class TestXSSFExportToXML {
}
}
}
+
+ @Test(expected = SAXParseException.class)
+ public void testXXEInSchema() throws Exception {
+ try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("xxe_in_schema.xlsx")) {
+ for (XSSFMap map : wb.getCustomXMLMappings()) {
+ XSSFExportToXml exporter = new XSSFExportToXml(map);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ exporter.exportToXML(bos, true);
+ }
+ }
+ }
}
Added: poi/trunk/test-data/spreadsheet/xxe_in_schema.xlsx
URL: http://svn.apache.org/viewvc/poi/trunk/test-data/spreadsheet/xxe_in_schema.xlsx?rev=1867484&view=auto
==============================================================================
Binary file - no diff available.
Propchange: poi/trunk/test-data/spreadsheet/xxe_in_schema.xlsx
------------------------------------------------------------------------------
--- svn:mime-type (added)
+++ svn:mime-type Tue Sep 24 18:33:37 2019
@@ -0,0 +1 @@
+application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org