class JDOMEngineTest
Constants
- FILES_DIR
Public Instance Methods
test_not_allowed_to_expand_entities_to_files()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 9 def test_not_allowed_to_expand_entities_to_files attack_xml = <<-EOT <!DOCTYPE member [ <!ENTITY a SYSTEM "file://#{FILES_DIR}/jdom_include.txt"> ]> <member>x&a;</member> EOT assert_equal "x", Hash.from_xml(attack_xml)["member"] end
test_not_allowed_to_expand_parameter_entities_to_files()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 19 def test_not_allowed_to_expand_parameter_entities_to_files attack_xml = <<-EOT <!DOCTYPE member [ <!ENTITY % b SYSTEM "file://#{FILES_DIR}/jdom_entities.txt"> %b; ]> <member>x&a;</member> EOT assert_raise Java::OrgXmlSax::SAXParseException do assert_equal "x", Hash.from_xml(attack_xml)["member"] end end
test_not_allowed_to_load_external_doctypes()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 32 def test_not_allowed_to_load_external_doctypes attack_xml = <<-EOT <!DOCTYPE member SYSTEM "file://#{FILES_DIR}/jdom_doctype.dtd"> <member>x&a;</member> EOT assert_equal "x", Hash.from_xml(attack_xml)["member"] end
Private Instance Methods
engine()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 41 def engine "JDOM" end
expansion_attack_error()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 45 def expansion_attack_error Java::OrgXmlSax::SAXParseException end
extended_engine?()
click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 49 def extended_engine? false end