diff options
author | Bianca Schnalzer <bianca.schnalzer@egiz.gv.at> | 2017-06-23 12:08:06 +0200 |
---|---|---|
committer | Bianca Schnalzer <bianca.schnalzer@egiz.gv.at> | 2017-06-23 12:08:06 +0200 |
commit | 08ce5e1262d7b115e0350e445de97c78f9f4c597 (patch) | |
tree | 1dfb88505f1871e2816513676a03b58db2e00046 /bkucommon/src/test/java/at/gv/egiz | |
parent | 2b395988ade78c58e6feaf55bd6ec129cf5f8e6f (diff) | |
parent | bbe653345bbb5dad2ed2356df6f817dd7de26528 (diff) | |
download | mocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.tar.gz mocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.tar.bz2 mocca-08ce5e1262d7b115e0350e445de97c78f9f4c597.zip |
Merge branch 'manuell_XXE_and_SSRF_validation' into 'master'
Manuell xxe and ssrf validation
Diffstat (limited to 'bkucommon/src/test/java/at/gv/egiz')
-rw-r--r-- | bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 23fdfc17..6e5612f6 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -317,13 +317,54 @@ public class SignatureTest { } @Test + public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_And_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); + try { + signature.setSignatureInfo(signatureInfo); + assertTrue("Check_ALLOW_DOCTYPES_System_Property", false); + + } catch (SLCommandException e) { + assertTrue("Check_ALLOW_DOCTYPES_System_Property", true); + + } + } + + @Test + public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_WithOut_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + + //allow DocTypes to perform this test + System.clearProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES); + try { + signature.setSignatureInfo(signatureInfo); + assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", false); + + } catch (SLCommandException e) { + assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", true); + + } + } + + @Test public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException { SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -343,7 +384,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -363,7 +407,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -383,7 +430,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true); - signature.setSignatureInfo(signatureInfo); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); + signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); |