diff options
author | Bianca Schnalzer <bianca.schnalzer@egiz.gv.at> | 2017-06-23 10:05:35 +0200 |
---|---|---|
committer | Bianca Schnalzer <bianca.schnalzer@egiz.gv.at> | 2017-06-23 10:05:35 +0200 |
commit | 2b395988ade78c58e6feaf55bd6ec129cf5f8e6f (patch) | |
tree | ca64698b31b478abe7fb5cde97398646f4105699 /bkucommon | |
parent | f31c5c8e557b611ff4f5e43443975fb08a202863 (diff) | |
parent | 0603c0fbdfe028113431c65590b6e7e28929f6f6 (diff) | |
download | mocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.tar.gz mocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.tar.bz2 mocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.zip |
Merge branch 'manuell_XXE_and_SSRF_validation' into 'master'
Manuell xxe and ssrf validation
Diffstat (limited to 'bkucommon')
-rw-r--r-- | bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java | 3 | ||||
-rw-r--r-- | bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java index 8891cce7..0c637d72 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java @@ -26,6 +26,7 @@ package at.gv.egiz.bku.binding; import iaik.utils.Base64InputStream; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; @@ -737,7 +738,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement protected void assignXMLRequest(InputStream is, String charset) throws IOException, SLException { - Reader r = new InputStreamReader(is, charset); + Reader r = new InputStreamReader(new BufferedInputStream(is), charset); StreamSource source = new StreamSource(r); slCommand = slCommandFactory.createSLCommand(source); log.info("XMLRequest={}. Created new command: {}.", diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java index eda3e4e8..cfe5a130 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java @@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands; import static org.junit.Assert.assertTrue; +import java.io.BufferedReader; import java.io.Reader; import java.io.StringReader; @@ -83,10 +84,10 @@ public class SLCommandFactoryTest { @Test(expected=SLRequestException.class) public void createMalformedCommand() throws SLCommandException, SLRuntimeException, SLRequestException, SLVersionException { - Reader requestReader = new StringReader( + Reader requestReader = new BufferedReader(new StringReader( "<NullOperationRequest xmlns=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" + "missplacedContent" + - "</NullOperationRequest>"); + "</NullOperationRequest>")); StreamSource source = new StreamSource(requestReader); factory.createSLCommand(source); |