summaryrefslogtreecommitdiff
path: root/bkucommon/src/test/java/at/gv
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2017-06-22 14:26:15 +0200
committerThomas Lenz <thomas.lenz@egiz.gv.at>2017-06-22 14:26:15 +0200
commit345a8534ff39cc9550cbacabe2b3fffe20293508 (patch)
tree67c2deb3c10d00ecb758a162c4ff88221b7e3741 /bkucommon/src/test/java/at/gv
parentf31c5c8e557b611ff4f5e43443975fb08a202863 (diff)
downloadmocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.gz
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.tar.bz2
mocca-345a8534ff39cc9550cbacabe2b3fffe20293508.zip
implement a workaround to fix XXE and SSRF problems in an old XMLStreamParser implementation of a third party library
Diffstat (limited to 'bkucommon/src/test/java/at/gv')
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java5
1 files changed, 3 insertions, 2 deletions
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
index eda3e4e8..cfe5a130 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
@@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands;
import static org.junit.Assert.assertTrue;
+import java.io.BufferedReader;
import java.io.Reader;
import java.io.StringReader;
@@ -83,10 +84,10 @@ public class SLCommandFactoryTest {
@Test(expected=SLRequestException.class)
public void createMalformedCommand() throws SLCommandException, SLRuntimeException, SLRequestException, SLVersionException {
- Reader requestReader = new StringReader(
+ Reader requestReader = new BufferedReader(new StringReader(
"<NullOperationRequest xmlns=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
"missplacedContent" +
- "</NullOperationRequest>");
+ "</NullOperationRequest>"));
StreamSource source = new StreamSource(requestReader);
factory.createSLCommand(source);