[2/2] camel git commit: CAMEL-8312: XML External Entity (XXE) injection in XPath. Thanks to Stephan Siano for the patch.

Fri, 08 May 2015 08:10:15 -0700 

CAMEL-8312: XML External Entity (XXE) injection in XPath. Thanks to Stephan 
Siano for the patch.

Conflicts:
        camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/601ddda4
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/601ddda4
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/601ddda4

Branch: refs/heads/camel-2.12.x
Commit: 601ddda449ae9a350597ac73f88f470a6f6549be
Parents: b0ee3e0
Author: Claus Ibsen <davscl...@apache.org>
Authored: Sun Mar 1 11:51:49 2015 +0100
Committer: Christian Schneider <ch...@die-schneider.net>
Committed: Fri May 8 17:08:22 2015 +0200

----------------------------------------------------------------------
 .../apache/camel/builder/xml/XPathBuilder.java  | 20 ----------
 .../camel/builder/xml/XPathFeatureTest.java     | 42 +++++++++++++++-----
 .../camel/component/xslt/SaxonXsltDTDTest.java  | 11 +++--
 3 files changed, 39 insertions(+), 34 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/601ddda4/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java
----------------------------------------------------------------------
diff --git 
a/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java 
b/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java
index 403a1fb..8bb1a0d 100644
--- a/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java
+++ b/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java
@@ -52,7 +52,6 @@ import org.apache.camel.NoTypeConversionAvailableException;
 import org.apache.camel.Predicate;
 import org.apache.camel.RuntimeExpressionException;
 import org.apache.camel.WrappedFile;
-import org.apache.camel.component.bean.BeanInvocation;
 import org.apache.camel.impl.DefaultExchange;
 import org.apache.camel.spi.Language;
 import org.apache.camel.spi.NamespaceAware;
@@ -1117,25 +1116,6 @@ public class XPathBuilder extends ServiceSupport 
implements Expression, Predicat
             }
         }
 
-        // okay we can try to remedy the failed conversion by some special 
types
-        if (answer == null) {
-            // let's try coercing some common types into something JAXP work 
with the best for special types
-            if (body instanceof WrappedFile) {
-                // special for files so we can work with them out of the box
-                InputStream is = 
exchange.getContext().getTypeConverter().convertTo(InputStream.class, exchange, 
body);
-                answer = new InputSource(is);
-            } else if (body instanceof BeanInvocation) {
-                // if its a null bean invocation then handle that specially
-                BeanInvocation bi = 
exchange.getContext().getTypeConverter().convertTo(BeanInvocation.class, 
exchange, body);
-                if (bi.getArgs() != null && bi.getArgs().length == 1 && 
bi.getArgs()[0] == null) {
-                    // its a null argument from the bean invocation so use 
null as answer
-                    answer = null;
-                }
-            } else if (body instanceof String) {
-                answer = new InputSource(new StringReader((String) body));
-            }
-        }
-
         if (type == null && answer == null) {
             // fallback to get the body as is
             answer = body;

http://git-wip-us.apache.org/repos/asf/camel/blob/601ddda4/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java
----------------------------------------------------------------------
diff --git 
a/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java 
b/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java
index 0d90530..dfad770 100644
--- 
a/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java
+++ 
b/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java
@@ -19,11 +19,13 @@ package org.apache.camel.builder.xml;
 
 import java.io.FileNotFoundException;
 
-import javax.xml.xpath.XPathExpressionException;
-
 import org.apache.camel.ContextTestSupport;
 import org.apache.camel.Exchange;
+import org.apache.camel.NoTypeConversionAvailableException;
+import org.apache.camel.RuntimeCamelException;
+import org.apache.camel.TypeConversionException;
 import org.apache.camel.converter.jaxp.XmlConverter;
+import org.xml.sax.SAXParseException;
 
 import static org.apache.camel.builder.xml.XPathBuilder.xpath;
 
@@ -32,18 +34,19 @@ public class XPathFeatureTest extends ContextTestSupport {
     
     public static final String XML_DATA = " <!DOCTYPE foo [ " 
         + " <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file:///bin/test.sh\" 
>]> <test> &xxe; </test>";
-                                              
-    
+    public static final String XML_DATA_INVALID = " <!DOCTYPE foo [ " 
+            + " <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM 
\"file:///bin/test.sh\" >]> <test> &xxe; </test><notwellformed>";
+
     @Override
     public boolean isUseRouteBuilder() {
         return false;
     }
-  
+
     public void testXPathResult() throws Exception {
         String result = 
(String)xpath("/").stringResult().evaluate(createExchange(XML_DATA));
         assertEquals("Get a wrong result", "  ", result);
     }
-    
+
     public void testXPath() throws Exception {
         
         // Set this feature will enable the external general entities
@@ -52,16 +55,35 @@ public class XPathFeatureTest extends ContextTestSupport {
         try {
             xpath("/").stringResult().evaluate(createExchange(XML_DATA));
             fail("Expect an Exception here");
-        } catch (Exception ex) {
-            assertTrue("Get a wrong exception cause.", ex instanceof 
InvalidXPathExpression);
-            assertTrue("Get a wrong exception cause.", ex.getCause() 
instanceof XPathExpressionException);
+        } catch (TypeConversionException ex) {
+            assertTrue("Get a wrong exception cause.", ex.getCause() 
instanceof RuntimeCamelException);
             assertTrue("Get a wrong exception cause.", 
ex.getCause().getCause() instanceof FileNotFoundException);
         } finally {
             System.clearProperty(DOM_BUILER_FACTORY_FEATRUE + ":" 
                 + "http://xml.org/sax/features/external-general-entities";);
         }
     }
-    
+
+    public void testXPathNoTypeConverter() throws Exception {
+        try {
+            // define a class without type converter as document type
+            
xpath("/").documentType(Exchange.class).stringResult().evaluate(createExchange(XML_DATA));
+            fail("Expect an Exception here");
+        } catch (RuntimeCamelException ex) {
+            assertTrue("Get a wrong exception cause.", ex.getCause() 
instanceof NoTypeConversionAvailableException);
+        }
+    }
+
+    public void testXPathResultOnInvalidData() throws Exception {
+        try {
+            
xpath("/").stringResult().evaluate(createExchange(XML_DATA_INVALID));
+            fail("Expect an Exception here");
+        } catch (TypeConversionException ex) {
+            assertTrue("Get a wrong exception cause.", ex.getCause() 
instanceof RuntimeCamelException);
+            assertTrue("Get a wrong exception cause.", 
ex.getCause().getCause() instanceof SAXParseException);
+        }
+    }
+
     protected Exchange createExchange(Object xml) {
         Exchange exchange = createExchangeWithBody(context, xml);
         return exchange;

http://git-wip-us.apache.org/repos/asf/camel/blob/601ddda4/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java
----------------------------------------------------------------------
diff --git 
a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java
 
b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java
index b826608..adef1d8 100644
--- 
a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java
+++ 
b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java
@@ -61,19 +61,22 @@ public class SaxonXsltDTDTest extends CamelTestSupport {
         Exchange exchange = list.get(0);
         String xml = exchange.getIn().getBody(String.class);
         assertTrue("Get a wrong transformed message", 
xml.indexOf("<transformed subject=\"\">") > 0);
-        
-        
+
+        endpoint.reset();
+        endpoint.expectedMessageCount(1);
         
         try {
             template.sendBody("direct:start2", message);
-            fail("Expect an exception here");
+            list = endpoint.getReceivedExchanges();
+            exchange = list.get(0);
+            xml = exchange.getIn().getBody(String.class);
+            assertTrue("Get a wrong transformed message", 
xml.indexOf("<transformed subject=\"\">") > 0);
         } catch (Exception ex) {
             // expect an exception here
             assertTrue("Get a wrong exception", ex instanceof 
CamelExecutionException);
             // the file could not be found
             assertTrue("Get a wrong exception cause", ex.getCause() instanceof 
TransformerException);
         }
-        
     }

Reply via email to