You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flex.apache.org by cd...@apache.org on 2015/12/20 13:47:39 UTC

[09/31] flex-blazeds git commit: Created a portable test for the xml parsing problem.

Created a portable test for the xml parsing problem.


Project: http://git-wip-us.apache.org/repos/asf/flex-blazeds/repo
Commit: http://git-wip-us.apache.org/repos/asf/flex-blazeds/commit/cefee668
Tree: http://git-wip-us.apache.org/repos/asf/flex-blazeds/tree/cefee668
Diff: http://git-wip-us.apache.org/repos/asf/flex-blazeds/diff/cefee668

Branch: refs/heads/master
Commit: cefee6684909415844e59c706404ea7ec701dff8
Parents: af405aa
Author: Christofer Dutz <ch...@codecentric.de>
Authored: Thu Jul 23 14:53:14 2015 +0200
Committer: Christofer Dutz <ch...@codecentric.de>
Committed: Thu Jul 23 14:53:14 2015 +0200

----------------------------------------------------------------------
 .../BlazeDsXmlProcessingXXEVulnerability.java     | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flex-blazeds/blob/cefee668/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
----------------------------------------------------------------------
diff --git a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
index 71519dc..39da7a4 100644
--- a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
+++ b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java
@@ -2,11 +2,14 @@ package flex.messaging.securityadvisories;
 
 import com.sun.org.apache.xml.internal.serialize.OutputFormat;
 import com.sun.org.apache.xml.internal.serialize.XMLSerializer;
+import flex.messaging.util.DoubleUtil;
 import flex.messaging.util.XMLUtil;
 import junit.framework.Assert;
 import junit.framework.TestCase;
 import org.w3c.dom.Document;
 
+import java.io.File;
+import java.io.PrintWriter;
 import java.io.StringWriter;
 
 /**
@@ -16,12 +19,21 @@ import java.io.StringWriter;
 public class BlazeDsXmlProcessingXXEVulnerability extends TestCase {
 
     public void testVulnerability() throws Exception {
+        int secret = (int) (Math.random() * 1000);
+
+        // Create a temp file containing a secret.
+        File temp = File.createTempFile("xxe-test", ".txt");
+        PrintWriter out = new PrintWriter(temp);
+        out.println(Integer.toString(secret));
+        out.close();
+
+        String uri = temp.toURI().toASCIIString();
         StringBuffer xml = new StringBuffer(512);
         xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n");
         xml.append("<!DOCTYPE foo [\r\n");
         xml.append("<!ELEMENT foo ANY >\r\n");
-        xml.append("<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\r\n");
-        xml.append("<foo>&xxe;</foo>");
+        xml.append("<!ENTITY xxe SYSTEM \"" + uri + "\" >]>\r\n");
+        xml.append("<foo>The Secret is: &xxe;</foo>");
 
         Document data = XMLUtil.stringToDocument(xml.toString());
 
@@ -30,7 +42,7 @@ public class BlazeDsXmlProcessingXXEVulnerability extends TestCase {
         XMLSerializer serial = new XMLSerializer(stringOut, format);
         serial.serialize(data);
 
-        Assert.assertTrue(stringOut.toString().contains("&xxe;"));
+        Assert.assertFalse(stringOut.toString().contains("The Secret is: " + Integer.toString(secret)));
     }
 
 }