source: josm/trunk/test/unit/org/openstreetmap/josm/tools/ImageProviderTest.java @ 11526

Last change on this file since 11526 was 11526, checked in by Don-vip, 7 months ago

fix #14319 - CVE-2017-5617: svgSalamander SSRF (Server-Side Request Forgery)

  • Property svn:eol-style set to native
File size: 3.7 KB
Line 
1// License: GPL. For details, see LICENSE file.
2package org.openstreetmap.josm.tools;
3
4import static org.junit.Assert.assertEquals;
5import static org.junit.Assert.assertFalse;
6import static org.junit.Assert.assertNotNull;
7
8import java.awt.Transparency;
9import java.awt.image.BufferedImage;
10import java.io.File;
11import java.io.IOException;
12import java.util.logging.Handler;
13import java.util.logging.LogRecord;
14import java.util.logging.Logger;
15
16import javax.swing.ImageIcon;
17
18import org.junit.BeforeClass;
19import org.junit.Test;
20import org.openstreetmap.josm.JOSMFixture;
21import org.openstreetmap.josm.TestUtils;
22
23import com.kitfox.svg.SVGConst;
24
25/**
26 * Unit tests of {@link ImageProvider} class.
27 */
28public class ImageProviderTest {
29
30    private static final class LogHandler14319 extends Handler {
31        boolean failed;
32
33        @Override
34        public void publish(LogRecord record) {
35            if ("Could not load image: https://host-in-the-trusted-network.com/test.jpg".equals(record.getMessage())) {
36                failed = true;
37            }
38        }
39
40        @Override
41        public void flush() {
42        }
43
44        @Override
45        public void close() throws SecurityException {
46        }
47    }
48
49    /**
50     * Setup test.
51     */
52    @BeforeClass
53    public static void setUp() {
54        JOSMFixture.createUnitTestFixture().init();
55    }
56
57    /**
58     * Non-regression test for ticket <a href="https://josm.openstreetmap.de/ticket/9984">#9984</a>
59     * @throws IOException if an error occurs during reading
60     */
61    @Test
62    public void testTicket9984() throws IOException {
63        File file = new File(TestUtils.getRegressionDataFile(9984, "tile.png"));
64        assertEquals(Transparency.TRANSLUCENT, ImageProvider.read(file, true, true).getTransparency());
65        assertEquals(Transparency.TRANSLUCENT, ImageProvider.read(file, false, true).getTransparency());
66        assertEquals(Transparency.OPAQUE, ImageProvider.read(file, false, false).getTransparency());
67        assertEquals(Transparency.OPAQUE, ImageProvider.read(file, true, false).getTransparency());
68    }
69
70    /**
71     * Non-regression test for ticket <a href="https://josm.openstreetmap.de/ticket/10030">#10030</a>
72     * @throws IOException if an error occurs during reading
73     */
74    @Test
75    public void testTicket10030() throws IOException {
76        File file = new File(TestUtils.getRegressionDataFile(10030, "tile.jpg"));
77        BufferedImage img = ImageProvider.read(file, true, true);
78        assertNotNull(img);
79    }
80
81    /**
82     * Non-regression test for ticket <a href="https://josm.openstreetmap.de/ticket/14319">#14319</a>
83     * @throws IOException if an error occurs during reading
84     */
85    @Test
86    public void testTicket14319() throws IOException {
87        LogHandler14319 handler = new LogHandler14319();
88        Logger.getLogger(SVGConst.SVG_LOGGER).addHandler(handler);
89        ImageIcon img = new ImageProvider(
90                new File(TestUtils.getRegressionDataDir(14319)).getAbsolutePath(), "attack.svg").get();
91        assertNotNull(img);
92        assertFalse(handler.failed);
93    }
94
95    /**
96     * Test fetching an image using {@code wiki://} protocol.
97     */
98    @Test
99    public void testWikiProtocol() {
100        // https://commons.wikimedia.org/wiki/File:OpenJDK_logo.svg
101        assertNotNull(ImageProvider.get("wiki://OpenJDK_logo.svg"));
102    }
103
104    /**
105     * Test fetching an image using {@code data:} URL.
106     */
107    @Test
108    public void testDataUrl() {
109        // Red dot image, taken from https://en.wikipedia.org/wiki/Data_URI_scheme#HTML
110        assertNotNull(ImageProvider.get("data:image/png;base64," +
111                "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4"+
112                "//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="));
113    }
114}
Note: See TracBrowser for help on using the repository browser.