diff options
| author | Michael Stahl <mstahl@redhat.com> | 2013-04-03 22:52:40 +0200 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2013-04-03 22:53:37 +0200 |
| commit | df2ecdcb6e604f8e1dcea1549c929a1ced06c583 (patch) | |
| tree | 940191cda0d806c5079883539bca12ad3bfcd182 /unoxml | |
| parent | 5fccea4add2eb5b838733becdb4dc3120151a82f (diff) | |
unordf: add unit test for CVE-2012-0037
Change-Id: Ife037f05ddf66bc8c0598cb9521e95a1fa15c26e
Diffstat (limited to 'unoxml')
| -rw-r--r-- | unoxml/qa/complex/unoxml/RDFRepositoryTest.java | 14 | ||||
| -rw-r--r-- | unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf | 19 |
2 files changed, 33 insertions, 0 deletions
diff --git a/unoxml/qa/complex/unoxml/RDFRepositoryTest.java b/unoxml/qa/complex/unoxml/RDFRepositoryTest.java index c84ab56547a9..4356de06e7ac 100644 --- a/unoxml/qa/complex/unoxml/RDFRepositoryTest.java +++ b/unoxml/qa/complex/unoxml/RDFRepositoryTest.java @@ -543,6 +543,20 @@ public class RDFRepositoryTest } } + @Test public void checkCVE_2012_0037() throws Exception + { + XInputStream xIn = new StreamSimulator( + TestDocument.getUrl("cve_2012_0037.rdf"), true, param); + xRep.importGraph(FileFormat.RDF_XML, xIn, manifest, base); + XNamedGraph xGraph = xRep.getGraph(manifest); + assertNotNull("no graph", xGraph); + XEnumeration xEnum = xGraph.getStatements(foo, bar, null); + // there must not be anything more than "EVIL" in the literal + XLiteral evil = Literal.create(xContext, "EVIL"); + Statement FooBarEvil = new Statement(foo, bar, evil, manifest); + assertTrue("EVIL", eq(xEnum, new Statement [] { FooBarEvil })); + } + // utilities ------------------------------------------------------------- public void report2(Exception e) diff --git a/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf b/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf new file mode 100644 index 000000000000..9e2327cef0d8 --- /dev/null +++ b/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf @@ -0,0 +1,19 @@ +<?xml version="1.0"?> +<!DOCTYPE rdf [ + <!ENTITY file SYSTEM "file:///etc/passwd"> +]> +<!-- + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * +--> +<rdf:RDF + xmlns:baz="uri:" + xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> + <rdf:Description rdf:about="uri:foo"> + <baz:bar>EVIL&file;</baz:bar> + </rdf:Description> +</rdf:RDF> |