summaryrefslogtreecommitdiff
path: root/bkucommon/src/test/java/at/gv/egiz
diff options
context:
space:
mode:
authorBianca Schnalzer <bianca.schnalzer@egiz.gv.at>2017-06-23 12:08:06 +0200
committerBianca Schnalzer <bianca.schnalzer@egiz.gv.at>2017-06-23 12:08:06 +0200
commit08ce5e1262d7b115e0350e445de97c78f9f4c597 (patch)
tree1dfb88505f1871e2816513676a03b58db2e00046 /bkucommon/src/test/java/at/gv/egiz
parent2b395988ade78c58e6feaf55bd6ec129cf5f8e6f (diff)
parentbbe653345bbb5dad2ed2356df6f817dd7de26528 (diff)
downloadmocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.tar.gz
mocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.tar.bz2
mocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.zip
Merge branch 'manuell_XXE_and_SSRF_validation' into 'master'
Manuell xxe and ssrf validation
Diffstat (limited to 'bkucommon/src/test/java/at/gv/egiz')
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java52
1 files changed, 51 insertions, 1 deletions
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
index 23fdfc17..6e5612f6 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
@@ -317,13 +317,54 @@ public class SignatureTest {
}
@Test
+ public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_And_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException {
+
+ SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
+
+ Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+
+ //allow DocTypes to perform this test
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
+ try {
+ signature.setSignatureInfo(signatureInfo);
+ assertTrue("Check_ALLOW_DOCTYPES_System_Property", false);
+
+ } catch (SLCommandException e) {
+ assertTrue("Check_ALLOW_DOCTYPES_System_Property", true);
+
+ }
+ }
+
+ @Test
+ public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_WithOut_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException {
+
+ SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
+
+ Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+
+ //allow DocTypes to perform this test
+ System.clearProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES);
+ try {
+ signature.setSignatureInfo(signatureInfo);
+ assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", false);
+
+ } catch (SLCommandException e) {
+ assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", true);
+
+ }
+ }
+
+ @Test
public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException {
SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+ //allow DocTypes to perform this test
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));
signature.setSignatureInfo(signatureInfo);
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
Node parent = signature.getParent();
Node nextSibling = signature.getNextSibling();
@@ -343,7 +384,10 @@ public class SignatureTest {
Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true);
+ //allow DocTypes to perform this test
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));
signature.setSignatureInfo(signatureInfo);
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
Node parent = signature.getParent();
Node nextSibling = signature.getNextSibling();
@@ -363,7 +407,10 @@ public class SignatureTest {
Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+ //allow DocTypes to perform this test
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));
signature.setSignatureInfo(signatureInfo);
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
Node parent = signature.getParent();
Node nextSibling = signature.getNextSibling();
@@ -383,7 +430,10 @@ public class SignatureTest {
Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true);
- signature.setSignatureInfo(signatureInfo);
+ //allow DocTypes to perform this test
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));
+ signature.setSignatureInfo(signatureInfo);
+ System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
Node parent = signature.getParent();
Node nextSibling = signature.getNextSibling();