class JDOMEngineTest

Constants

FILES_DIR

Public Instance Methods

test_not_allowed_to_expand_entities_to_files() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 9
    def test_not_allowed_to_expand_entities_to_files
      attack_xml = <<-EOT
      <!DOCTYPE member [
        <!ENTITY a SYSTEM "file://#{FILES_DIR}/jdom_include.txt">
      ]>
      <member>x&a;</member>
      EOT
      assert_equal "x", Hash.from_xml(attack_xml)["member"]
    end
test_not_allowed_to_expand_parameter_entities_to_files() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 19
    def test_not_allowed_to_expand_parameter_entities_to_files
      attack_xml = <<-EOT
      <!DOCTYPE member [
        <!ENTITY % b SYSTEM "file://#{FILES_DIR}/jdom_entities.txt">
        %b;
      ]>
      <member>x&a;</member>
      EOT
      assert_raise Java::OrgXmlSax::SAXParseException do
        assert_equal "x", Hash.from_xml(attack_xml)["member"]
      end
    end
test_not_allowed_to_load_external_doctypes() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 32
    def test_not_allowed_to_load_external_doctypes
      attack_xml = <<-EOT
      <!DOCTYPE member SYSTEM "file://#{FILES_DIR}/jdom_doctype.dtd">
      <member>x&a;</member>
      EOT
      assert_equal "x", Hash.from_xml(attack_xml)["member"]
    end

Private Instance Methods

engine() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 41
def engine
  "JDOM"
end
expansion_attack_error() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 45
def expansion_attack_error
  Java::OrgXmlSax::SAXParseException
end
extended_engine?() click to toggle source
# File activesupport/test/xml_mini/jdom_engine_test.rb, line 49
def extended_engine?
  false
end