diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-22 14:56:15 +0200 |
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-22 14:56:15 +0200 |
| commit | d840a372f84518c4026efd3d463cfcffac930e46 (patch) | |
| tree | 63e3e273ceeb8f55de18467eda109c0f488c5f67 /BKUViewer/src | |
| parent | 345a8534ff39cc9550cbacabe2b3fffe20293508 (diff) | |
| download | mocca-d840a372f84518c4026efd3d463cfcffac930e46.tar.gz mocca-d840a372f84518c4026efd3d463cfcffac930e46.tar.bz2 mocca-d840a372f84518c4026efd3d463cfcffac930e46.zip | |
update jUnit test do validate XXE prevention in Signed data viewer
Diffstat (limited to 'BKUViewer/src')
| -rw-r--r-- | BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java | 22 | ||||
| -rw-r--r-- | BKUViewer/src/test/resources/at/gv/egiz/bku/slxhtml/zugang_with_DocType.xhtml | 21 |
2 files changed, 43 insertions, 0 deletions
diff --git a/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java b/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java index 1dd8c45f..d51b52eb 100644 --- a/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java +++ b/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java @@ -71,4 +71,26 @@ public class ValidatorTest { } + @Test + public void testValidateWithDocType() throws ValidationException { + + String slxhtmlFile = "at/gv/egiz/bku/slxhtml/zugang_with_DocType.xhtml"; + + Validator validator = ValidatorFactory.newValidator("application/xhtml+xml"); + + ClassLoader cl = ValidatorTest.class.getClassLoader(); + InputStream slxhtml = cl.getResourceAsStream(slxhtmlFile); + long t0 = System.currentTimeMillis(); + try { + validator.validate(slxhtml, null); + + } catch (ValidationException e) { + e.printStackTrace(); + throw e; + } + long t1 = System.currentTimeMillis(); + log.info("Validated SLXHTML file '{}' in {}ms.", slxhtmlFile, t1 - t0); + + } + } diff --git a/BKUViewer/src/test/resources/at/gv/egiz/bku/slxhtml/zugang_with_DocType.xhtml b/BKUViewer/src/test/resources/at/gv/egiz/bku/slxhtml/zugang_with_DocType.xhtml new file mode 100644 index 00000000..7417897f --- /dev/null +++ b/BKUViewer/src/test/resources/at/gv/egiz/bku/slxhtml/zugang_with_DocType.xhtml @@ -0,0 +1,21 @@ +<!DOCTYPE lolz [ + <!ELEMENT foo ANY > + <!ENTITY xxe SYSTEM "file:///etc/testtesttst" > +]> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>&xxe;Signatur der Anmeldedaten</title> + <style media="screen" type="text/css">.boldstyle { font-weight: bold; } .italicstyle { font-style: italic; } .annotationstyle { font-size: small; }</style> + </head> + <body> + <h1>Signatur der Anmeldedaten</h1> + <p></p> + <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">Horst Rotzstopper</span>, geboren am 12.12.1985, den Zugang zur gesicherten Anwendung.</h4> + <p></p> + <h4>Datum und Uhrzeit: 07.11.2008, 14:04:18</h4> + <h4>wbPK(*): LTpz8VYzns2jrx0J8Gm/R/nAhxA=</h4> + <p></p> + <hr></hr> + <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + </body> +</html>
\ No newline at end of file |