Changeset 11526 in josm for trunk/test


Ignore:
Timestamp:
2017-02-02T01:22:52+01:00 (3 years ago)
Author:
Don-vip
Message:

fix #14319 - CVE-2017-5617: svgSalamander SSRF (Server-Side Request Forgery)

Location:
trunk/test
Files:
2 added
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/test/unit/org/openstreetmap/josm/tools/ImageProviderTest.java

    r10409 r11526  
    33
    44import static org.junit.Assert.assertEquals;
     5import static org.junit.Assert.assertFalse;
    56import static org.junit.Assert.assertNotNull;
    67
     
    910import java.io.File;
    1011import java.io.IOException;
     12import java.util.logging.Handler;
     13import java.util.logging.LogRecord;
     14import java.util.logging.Logger;
     15
     16import javax.swing.ImageIcon;
    1117
    1218import org.junit.BeforeClass;
     
    1521import org.openstreetmap.josm.TestUtils;
    1622
     23import com.kitfox.svg.SVGConst;
     24
    1725/**
    1826 * Unit tests of {@link ImageProvider} class.
    1927 */
    2028public class ImageProviderTest {
     29
     30    private static final class LogHandler14319 extends Handler {
     31        boolean failed;
     32
     33        @Override
     34        public void publish(LogRecord record) {
     35            if ("Could not load image: https://host-in-the-trusted-network.com/test.jpg".equals(record.getMessage())) {
     36                failed = true;
     37            }
     38        }
     39
     40        @Override
     41        public void flush() {
     42        }
     43
     44        @Override
     45        public void close() throws SecurityException {
     46        }
     47    }
    2148
    2249    /**
     
    5380
    5481    /**
     82     * Non-regression test for ticket <a href="https://josm.openstreetmap.de/ticket/14319">#14319</a>
     83     * @throws IOException if an error occurs during reading
     84     */
     85    @Test
     86    public void testTicket14319() throws IOException {
     87        LogHandler14319 handler = new LogHandler14319();
     88        Logger.getLogger(SVGConst.SVG_LOGGER).addHandler(handler);
     89        ImageIcon img = new ImageProvider(
     90                new File(TestUtils.getRegressionDataDir(14319)).getAbsolutePath(), "attack.svg").get();
     91        assertNotNull(img);
     92        assertFalse(handler.failed);
     93    }
     94
     95    /**
    5596     * Test fetching an image using {@code wiki://} protocol.
    5697     */
Note: See TracChangeset for help on using the changeset viewer.