summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRemko Tronçon <git@el-tramo.be>2011-06-01 21:09:23 (GMT)
committerRemko Tronçon <git@el-tramo.be>2011-06-01 21:09:23 (GMT)
commit9928be64a4c19f497302963d23ed0efc66b899c0 (patch)
tree1227659abb5814ac28bab2eaa84aefda8ff3f7a6 /Swiften/Parser/UnitTest
parent3f72e2c3b7ce5a83287dc136c68b7ef6d2cc66bd (diff)
downloadswift-9928be64a4c19f497302963d23ed0efc66b899c0.zip
swift-9928be64a4c19f497302963d23ed0efc66b899c0.tar.bz2
Added fix for a billion laughs attack on Expat.
Diffstat (limited to 'Swiften/Parser/UnitTest')
-rw-r--r--Swiften/Parser/UnitTest/XMLParserTest.cpp43
1 files changed, 43 insertions, 0 deletions
diff --git a/Swiften/Parser/UnitTest/XMLParserTest.cpp b/Swiften/Parser/UnitTest/XMLParserTest.cpp
index 426b7a0..2086ece 100644
--- a/Swiften/Parser/UnitTest/XMLParserTest.cpp
+++ b/Swiften/Parser/UnitTest/XMLParserTest.cpp
@@ -25,12 +25,14 @@ class XMLParserTest : public CppUnit::TestFixture {
CPPUNIT_TEST(testParse_NestedElements);
CPPUNIT_TEST(testParse_ElementInNamespacedElement);
CPPUNIT_TEST(testParse_CharacterData);
+ CPPUNIT_TEST(testParse_XMLEntity);
CPPUNIT_TEST(testParse_NamespacePrefix);
CPPUNIT_TEST(testParse_UnhandledXML);
CPPUNIT_TEST(testParse_InvalidXML);
CPPUNIT_TEST(testParse_InErrorState);
CPPUNIT_TEST(testParse_Incremental);
CPPUNIT_TEST(testParse_WhitespaceInAttribute);
+ CPPUNIT_TEST(testParse_BillionLaughs);
CPPUNIT_TEST_SUITE_END();
public:
@@ -124,6 +126,26 @@ class XMLParserTest : public CppUnit::TestFixture {
CPPUNIT_ASSERT_EQUAL(std::string("html"), client_.events[6].data);
}
+ void testParse_XMLEntity() {
+ ParserType testling(&client_);
+
+ CPPUNIT_ASSERT(testling.parse("<html>&lt;&gt;</html>"));
+
+ CPPUNIT_ASSERT_EQUAL(static_cast<size_t>(4), client_.events.size());
+
+ CPPUNIT_ASSERT_EQUAL(Client::StartElement, client_.events[0].type);
+ CPPUNIT_ASSERT_EQUAL(std::string("html"), client_.events[0].data);
+
+ CPPUNIT_ASSERT_EQUAL(Client::CharacterData, client_.events[1].type);
+ CPPUNIT_ASSERT_EQUAL(std::string("<"), client_.events[1].data);
+
+ CPPUNIT_ASSERT_EQUAL(Client::CharacterData, client_.events[2].type);
+ CPPUNIT_ASSERT_EQUAL(std::string(">"), client_.events[2].data);
+
+ CPPUNIT_ASSERT_EQUAL(Client::EndElement, client_.events[3].type);
+ CPPUNIT_ASSERT_EQUAL(std::string("html"), client_.events[3].data);
+ }
+
void testParse_NamespacePrefix() {
ParserType testling(&client_);
@@ -205,6 +227,27 @@ class XMLParserTest : public CppUnit::TestFixture {
CPPUNIT_ASSERT_EQUAL(Client::EndElement, client_.events[2].type);
CPPUNIT_ASSERT_EQUAL(std::string("presence"), client_.events[2].data);
}
+
+ void testParse_BillionLaughs() {
+ ParserType testling(&client_);
+
+ CPPUNIT_ASSERT(!testling.parse(
+ "<?xml version=\"1.0\"?>"
+ "<!DOCTYPE lolz ["
+ " <!ENTITY lol \"lol\">"
+ " <!ENTITY lol2 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">"
+ " <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">"
+ " <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">"
+ " <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">"
+ " <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">"
+ " <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">"
+ " <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">"
+ " <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">"
+ "]>"
+ "<lolz>&lol9;</lolz>"
+ ));
+
+ }
private:
class Client : public XMLParserClient {