You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flex.apache.org by cd...@apache.org on 2015/12/20 13:47:39 UTC
[09/31] flex-blazeds git commit: Created a portable test for the xml
parsing problem.
Created a portable test for the xml parsing problem.
Project: http://git-wip-us.apache.org/repos/asf/flex-blazeds/repo
Commit: http://git-wip-us.apache.org/repos/asf/flex-blazeds/commit/cefee668
Tree: http://git-wip-us.apache.org/repos/asf/flex-blazeds/tree/cefee668
Diff: http://git-wip-us.apache.org/repos/asf/flex-blazeds/diff/cefee668
Branch: refs/heads/master
Commit: cefee6684909415844e59c706404ea7ec701dff8
Parents: af405aa
Author: Christofer Dutz <ch...@codecentric.de>
Authored: Thu Jul 23 14:53:14 2015 +0200
Committer: Christofer Dutz <ch...@codecentric.de>
Committed: Thu Jul 23 14:53:14 2015 +0200
----------------------------------------------------------------------
.../BlazeDsXmlProcessingXXEVulnerability.java | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/flex-blazeds/blob/cefee668/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
----------------------------------------------------------------------
diff --git a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
index 71519dc..39da7a4 100644
--- a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
+++ b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
@@ -2,11 +2,14 @@ package flex.messaging.securityadvisories;
import com.sun.org.apache.xml.internal.serialize.OutputFormat;
import com.sun.org.apache.xml.internal.serialize.XMLSerializer;
+import flex.messaging.util.DoubleUtil;
import flex.messaging.util.XMLUtil;
import junit.framework.Assert;
import junit.framework.TestCase;
import org.w3c.dom.Document;
+import java.io.File;
+import java.io.PrintWriter;
import java.io.StringWriter;
/**
@@ -16,12 +19,21 @@ import java.io.StringWriter;
public class BlazeDsXmlProcessingXXEVulnerability extends TestCase {
public void testVulnerability() throws Exception {
+ int secret = (int) (Math.random() * 1000);
+
+ // Create a temp file containing a secret.
+ File temp = File.createTempFile("xxe-test", ".txt");
+ PrintWriter out = new PrintWriter(temp);
+ out.println(Integer.toString(secret));
+ out.close();
+
+ String uri = temp.toURI().toASCIIString();
StringBuffer xml = new StringBuffer(512);
xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n");
xml.append("<!DOCTYPE foo [\r\n");
xml.append("<!ELEMENT foo ANY >\r\n");
- xml.append("<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\r\n");
- xml.append("<foo>&xxe;</foo>");
+ xml.append("<!ENTITY xxe SYSTEM \"" + uri + "\" >]>\r\n");
+ xml.append("<foo>The Secret is: &xxe;</foo>");
Document data = XMLUtil.stringToDocument(xml.toString());
@@ -30,7 +42,7 @@ public class BlazeDsXmlProcessingXXEVulnerability extends TestCase {
XMLSerializer serial = new XMLSerializer(stringOut, format);
serial.serialize(data);
- Assert.assertTrue(stringOut.toString().contains("&xxe;"));
+ Assert.assertFalse(stringOut.toString().contains("The Secret is: " + Integer.toString(secret)));
}
}