Merge pull request #2261 from rodrigc/xml_test

In testParse_with_XXE(), use more temporary variables

Merge pull request #2261 from rodrigc/xml_test
In testParse_with_XXE(), use more temporary variables
ca1cc0e3 · James Nord · ac566a91 · 0a976238 · ca1cc0e3
隐藏空白更改
内联并排

Showing with 5 addition and 2 deletion

core/src/test/java/jenkins/xml/XMLUtilsTest.java core/src/test/java/jenkins/xml/XMLUtilsTest.java +5 -2

未找到文件。
--- a/core/src/test/java/jenkins/xml/XMLUtilsTest.java
+++ b/core/src/test/java/jenkins/xml/XMLUtilsTest.java
@@ -120,11 +120,14 @@ public class XMLUtilsTest {
    @Test
    public void testParse_with_XXE() throws IOException, XPathExpressionException {
        try {
-            Document doc = XMLUtils.parse(new StringReader("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+            final String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
                    "<!DOCTYPE foo [\n" +
                    "   <!ELEMENT foo ANY >\n" +
                    "   <!ENTITY xxe SYSTEM \"http://abc.com/temp/test.jsp\" >]> " +
-                    "<foo>&xxe;</foo>"));
+                    "<foo>&xxe;</foo>";
+
+            StringReader stringReader = new StringReader(xml);
+            Document doc = XMLUtils.parse(stringReader);
            Assert.fail("Expecting SAXException for XXE.");
        } catch (SAXException e) {
            assertThat(e.getMessage(), containsString("DOCTYPE is disallowed"));