Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
db8b636e
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
db8b636e
编写于
2月 08, 2013
作者:
B
Ben Murphy
提交者:
Aaron Patterson
3月 15, 2013
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
JDOM XXE Protection [CVE-2013-1856]
上级
8be69139
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
45 addition
and
2 deletion
+45
-2
activesupport/lib/active_support/xml_mini/jdom.rb
activesupport/lib/active_support/xml_mini/jdom.rb
+6
-0
activesupport/test/fixtures/xml/jdom_doctype.dtd
activesupport/test/fixtures/xml/jdom_doctype.dtd
+1
-0
activesupport/test/fixtures/xml/jdom_entities.txt
activesupport/test/fixtures/xml/jdom_entities.txt
+1
-0
activesupport/test/fixtures/xml/jdom_include.txt
activesupport/test/fixtures/xml/jdom_include.txt
+1
-0
activesupport/test/xml_mini/jdom_engine_test.rb
activesupport/test/xml_mini/jdom_engine_test.rb
+36
-2
未找到文件。
activesupport/lib/active_support/xml_mini/jdom.rb
浏览文件 @
db8b636e
...
...
@@ -37,6 +37,12 @@ def parse(data)
{}
else
@dbf
=
DocumentBuilderFactory
.
new_instance
# secure processing of java xml
# http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html
@dbf
.
setFeature
(
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
,
false
)
@dbf
.
setFeature
(
"http://xml.org/sax/features/external-general-entities"
,
false
)
@dbf
.
setFeature
(
"http://xml.org/sax/features/external-parameter-entities"
,
false
)
@dbf
.
setFeature
(
javax
.
xml
.
XMLConstants
::
FEATURE_SECURE_PROCESSING
,
true
)
xml_string_reader
=
StringReader
.
new
(
data
)
xml_input_source
=
InputSource
.
new
(
xml_string_reader
)
doc
=
@dbf
.
new_document_builder
.
parse
(
xml_input_source
)
...
...
activesupport/test/fixtures/xml/jdom_doctype.dtd
0 → 100644
浏览文件 @
db8b636e
<!ENTITY a "external entity">
activesupport/test/fixtures/xml/jdom_entities.txt
0 → 100644
浏览文件 @
db8b636e
<!ENTITY a "hello">
activesupport/test/fixtures/xml/jdom_include.txt
0 → 100644
浏览文件 @
db8b636e
include me
activesupport/test/xml_mini/jdom_engine_test.rb
浏览文件 @
db8b636e
...
...
@@ -3,9 +3,12 @@
require
'active_support/xml_mini'
require
'active_support/core_ext/hash/conversions'
class
JDOMEngineTest
<
ActiveSupport
::
TestCase
include
ActiveSupport
FILES_DIR
=
File
.
dirname
(
__FILE__
)
+
'/../fixtures/xml'
def
setup
@default_backend
=
XmlMini
.
backend
XmlMini
.
backend
=
'JDOM'
...
...
@@ -30,10 +33,41 @@ def test_file_from_xml
assert_equal
'image/png'
,
file
.
content_type
end
def
test_not_allowed_to_expand_entities_to_files
attack_xml
=
<<-
EOT
<!DOCTYPE member [
<!ENTITY a SYSTEM "file://
#{
FILES_DIR
}
/jdom_include.txt">
]>
<member>x&a;</member>
EOT
assert_equal
'x'
,
Hash
.
from_xml
(
attack_xml
)[
"member"
]
end
def
test_not_allowed_to_expand_parameter_entities_to_files
attack_xml
=
<<-
EOT
<!DOCTYPE member [
<!ENTITY % b SYSTEM "file://
#{
FILES_DIR
}
/jdom_entities.txt">
%b;
]>
<member>x&a;</member>
EOT
assert_raise
Java
::
OrgXmlSax
::
SAXParseException
do
assert_equal
'x'
,
Hash
.
from_xml
(
attack_xml
)[
"member"
]
end
end
def
test_not_allowed_to_load_external_doctypes
attack_xml
=
<<-
EOT
<!DOCTYPE member SYSTEM "file://
#{
FILES_DIR
}
/jdom_doctype.dtd">
<member>x&a;</member>
EOT
assert_equal
'x'
,
Hash
.
from_xml
(
attack_xml
)[
"member"
]
end
def
test_exception_thrown_on_expansion_attack
assert_raise
Nativ
eException
do
assert_raise
Java
::
OrgXmlSax
::
SAXPars
eException
do
attack_xml
=
<<-
EOT
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE member [
<!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
<!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录