Repository: flex-blazeds Updated Branches: refs/heads/develop af405aa59 -> cefee6684
Created a portable test for the xml parsing problem. Project: http://git-wip-us.apache.org/repos/asf/flex-blazeds/repo Commit: http://git-wip-us.apache.org/repos/asf/flex-blazeds/commit/cefee668 Tree: http://git-wip-us.apache.org/repos/asf/flex-blazeds/tree/cefee668 Diff: http://git-wip-us.apache.org/repos/asf/flex-blazeds/diff/cefee668 Branch: refs/heads/develop Commit: cefee6684909415844e59c706404ea7ec701dff8 Parents: af405aa Author: Christofer Dutz <[email protected]> Authored: Thu Jul 23 14:53:14 2015 +0200 Committer: Christofer Dutz <[email protected]> Committed: Thu Jul 23 14:53:14 2015 +0200 ---------------------------------------------------------------------- .../BlazeDsXmlProcessingXXEVulnerability.java | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/flex-blazeds/blob/cefee668/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java ---------------------------------------------------------------------- diff --git a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java index 71519dc..39da7a4 100644 --- a/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java +++ b/modules/testsuite/src/test/java/flex/messaging/securityadvisories/BlazeDsXmlProcessingXXEVulnerability.java @@ -2,11 +2,14 @@ package flex.messaging.securityadvisories; import com.sun.org.apache.xml.internal.serialize.OutputFormat; import com.sun.org.apache.xml.internal.serialize.XMLSerializer; +import flex.messaging.util.DoubleUtil; import flex.messaging.util.XMLUtil; import junit.framework.Assert; import junit.framework.TestCase; import org.w3c.dom.Document; +import java.io.File; +import java.io.PrintWriter; import java.io.StringWriter; /** @@ -16,12 +19,21 @@ import java.io.StringWriter; public class BlazeDsXmlProcessingXXEVulnerability extends TestCase { public void testVulnerability() throws Exception { + int secret = (int) (Math.random() * 1000); + + // Create a temp file containing a secret. + File temp = File.createTempFile("xxe-test", ".txt"); + PrintWriter out = new PrintWriter(temp); + out.println(Integer.toString(secret)); + out.close(); + + String uri = temp.toURI().toASCIIString(); StringBuffer xml = new StringBuffer(512); xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n"); xml.append("<!DOCTYPE foo [\r\n"); xml.append("<!ELEMENT foo ANY >\r\n"); - xml.append("<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\r\n"); - xml.append("<foo>&xxe;</foo>"); + xml.append("<!ENTITY xxe SYSTEM \"" + uri + "\" >]>\r\n"); + xml.append("<foo>The Secret is: &xxe;</foo>"); Document data = XMLUtil.stringToDocument(xml.toString()); @@ -30,7 +42,7 @@ public class BlazeDsXmlProcessingXXEVulnerability extends TestCase { XMLSerializer serial = new XMLSerializer(stringOut, format); serial.serialize(data); - Assert.assertTrue(stringOut.toString().contains("&xxe;")); + Assert.assertFalse(stringOut.toString().contains("The Secret is: " + Integer.toString(secret))); } }
