Kaydet (Commit) df2ecdcb authored tarafından Michael Stahl's avatar Michael Stahl

unordf: add unit test for CVE-2012-0037

Change-Id: Ife037f05ddf66bc8c0598cb9521e95a1fa15c26e
üst 5fccea4a
......@@ -543,6 +543,20 @@ public class RDFRepositoryTest
}
}
@Test public void checkCVE_2012_0037() throws Exception
{
XInputStream xIn = new StreamSimulator(
TestDocument.getUrl("cve_2012_0037.rdf"), true, param);
xRep.importGraph(FileFormat.RDF_XML, xIn, manifest, base);
XNamedGraph xGraph = xRep.getGraph(manifest);
assertNotNull("no graph", xGraph);
XEnumeration xEnum = xGraph.getStatements(foo, bar, null);
// there must not be anything more than "EVIL" in the literal
XLiteral evil = Literal.create(xContext, "EVIL");
Statement FooBarEvil = new Statement(foo, bar, evil, manifest);
assertTrue("EVIL", eq(xEnum, new Statement [] { FooBarEvil }));
}
// utilities -------------------------------------------------------------
public void report2(Exception e)
......
<?xml version="1.0"?>
<!DOCTYPE rdf [
<!ENTITY file SYSTEM "file:///etc/passwd">
]>
<!--
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
-->
<rdf:RDF
xmlns:baz="uri:"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
<rdf:Description rdf:about="uri:foo">
<baz:bar>EVIL&file;</baz:bar>
</rdf:Description>
</rdf:RDF>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment