1 | // License: GPL. For details, see LICENSE file.
|
---|
2 | package org.openstreetmap.josm.tools;
|
---|
3 |
|
---|
4 | import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
|
---|
5 | import org.junit.jupiter.api.extension.RegisterExtension;
|
---|
6 | import org.junit.jupiter.api.Test;
|
---|
7 | import org.openstreetmap.josm.TestUtils;
|
---|
8 | import org.openstreetmap.josm.testutils.JOSMTestRules;
|
---|
9 | import org.xml.sax.InputSource;
|
---|
10 | import org.xml.sax.SAXException;
|
---|
11 | import org.xml.sax.helpers.DefaultHandler;
|
---|
12 |
|
---|
13 | import javax.xml.parsers.ParserConfigurationException;
|
---|
14 | import javax.xml.transform.Transformer;
|
---|
15 | import javax.xml.transform.TransformerException;
|
---|
16 | import javax.xml.transform.stream.StreamResult;
|
---|
17 | import javax.xml.transform.stream.StreamSource;
|
---|
18 | import java.io.FileInputStream;
|
---|
19 | import java.io.IOException;
|
---|
20 | import java.io.StringWriter;
|
---|
21 |
|
---|
22 | import static org.junit.jupiter.api.Assertions.assertEquals;
|
---|
23 | import static org.junit.jupiter.api.Assertions.assertNotNull;
|
---|
24 | import static org.junit.jupiter.api.Assertions.fail;
|
---|
25 |
|
---|
26 | /**
|
---|
27 | * Unit tests of {@link XmlUtils} class.
|
---|
28 | */
|
---|
29 | class XmlUtilsTest {
|
---|
30 |
|
---|
31 | /**
|
---|
32 | * Use default, basic test rules.
|
---|
33 | */
|
---|
34 | @RegisterExtension
|
---|
35 | @SuppressFBWarnings(value = "URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD")
|
---|
36 | public JOSMTestRules rules = new JOSMTestRules();
|
---|
37 |
|
---|
38 | private static final String EXPECTED = "External Entity: Failed to read external document 'passwd', " +
|
---|
39 | "because 'file' access is not allowed due to restriction set by the accessExternalDTD property.";
|
---|
40 |
|
---|
41 | @Test
|
---|
42 | void testExternalEntitiesParsingDom() throws IOException, ParserConfigurationException {
|
---|
43 | try {
|
---|
44 | final String source = TestUtils.getTestDataRoot() + "dom_external_entity.xml";
|
---|
45 | XmlUtils.parseSafeDOM(new FileInputStream(source));
|
---|
46 | fail("Parsing a document with external entities should not be allowed.");
|
---|
47 | } catch (SAXException e) {
|
---|
48 | assertEquals("External Entity: Failed to read external document 'passwd', " +
|
---|
49 | "because 'file' access is not allowed due to restriction set by the accessExternalDTD property.", e.getMessage());
|
---|
50 | }
|
---|
51 | }
|
---|
52 |
|
---|
53 | @Test
|
---|
54 | void testExternalEntitiesTransformer() throws IOException {
|
---|
55 | try {
|
---|
56 | final String source = TestUtils.getTestDataRoot() + "dom_external_entity.xml";
|
---|
57 | final Transformer transformer = XmlUtils.newSafeTransformerFactory().newTransformer();
|
---|
58 | transformer.transform(new StreamSource(new FileInputStream(source)), new StreamResult(new StringWriter()));
|
---|
59 | fail("Parsing a document with external entities should not be allowed.");
|
---|
60 | } catch (TransformerException e) {
|
---|
61 | assertNotNull(e.getCause());
|
---|
62 | assertEquals(EXPECTED, e.getCause().getMessage());
|
---|
63 | }
|
---|
64 | }
|
---|
65 |
|
---|
66 | @Test
|
---|
67 | void testExternalEntitiesSaxParser() throws IOException, ParserConfigurationException {
|
---|
68 | try {
|
---|
69 | final String source = TestUtils.getTestDataRoot() + "dom_external_entity.xml";
|
---|
70 | final DefaultHandler handler = new DefaultHandler();
|
---|
71 | XmlUtils.parseSafeSAX(new InputSource(new FileInputStream(source)), handler);
|
---|
72 | fail("Parsing a document with external entities should not be allowed.");
|
---|
73 | } catch (SAXException e) {
|
---|
74 | String expected = "DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.";
|
---|
75 | assertEquals(expected, e.getMessage());
|
---|
76 | }
|
---|
77 | }
|
---|
78 | }
|
---|