summaryrefslogtreecommitdiff
path: root/bkucommon
diff options
context:
space:
mode:
authorBianca Schnalzer <bianca.schnalzer@egiz.gv.at>2017-06-23 10:05:35 +0200
committerBianca Schnalzer <bianca.schnalzer@egiz.gv.at>2017-06-23 10:05:35 +0200
commit2b395988ade78c58e6feaf55bd6ec129cf5f8e6f (patch)
treeca64698b31b478abe7fb5cde97398646f4105699 /bkucommon
parentf31c5c8e557b611ff4f5e43443975fb08a202863 (diff)
parent0603c0fbdfe028113431c65590b6e7e28929f6f6 (diff)
downloadmocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.tar.gz
mocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.tar.bz2
mocca-2b395988ade78c58e6feaf55bd6ec129cf5f8e6f.zip
Merge branch 'manuell_XXE_and_SSRF_validation' into 'master'
Manuell xxe and ssrf validation
Diffstat (limited to 'bkucommon')
-rw-r--r--bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java3
-rw-r--r--bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java5
2 files changed, 5 insertions, 3 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
index 8891cce7..0c637d72 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessorImpl.java
@@ -26,6 +26,7 @@ package at.gv.egiz.bku.binding;
import iaik.utils.Base64InputStream;
+import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
@@ -737,7 +738,7 @@ public class HTTPBindingProcessorImpl extends AbstractBindingProcessor implement
protected void assignXMLRequest(InputStream is, String charset)
throws IOException, SLException {
- Reader r = new InputStreamReader(is, charset);
+ Reader r = new InputStreamReader(new BufferedInputStream(is), charset);
StreamSource source = new StreamSource(r);
slCommand = slCommandFactory.createSLCommand(source);
log.info("XMLRequest={}. Created new command: {}.",
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
index eda3e4e8..cfe5a130 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java
@@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands;
import static org.junit.Assert.assertTrue;
+import java.io.BufferedReader;
import java.io.Reader;
import java.io.StringReader;
@@ -83,10 +84,10 @@ public class SLCommandFactoryTest {
@Test(expected=SLRequestException.class)
public void createMalformedCommand() throws SLCommandException, SLRuntimeException, SLRequestException, SLVersionException {
- Reader requestReader = new StringReader(
+ Reader requestReader = new BufferedReader(new StringReader(
"<NullOperationRequest xmlns=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
"missplacedContent" +
- "</NullOperationRequest>");
+ "</NullOperationRequest>"));
StreamSource source = new StreamSource(requestReader);
factory.createSLCommand(source);