From 345a8534ff39cc9550cbacabe2b3fffe20293508 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 22 Jun 2017 14:26:15 +0200 Subject: implement a workaround to fix XXE and SSRF problems in an old XMLStreamParser implementation of a third party library --- .../test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'bkucommon/src/test/java') diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java index eda3e4e8..cfe5a130 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/SLCommandFactoryTest.java @@ -26,6 +26,7 @@ package at.gv.egiz.bku.slcommands; import static org.junit.Assert.assertTrue; +import java.io.BufferedReader; import java.io.Reader; import java.io.StringReader; @@ -83,10 +84,10 @@ public class SLCommandFactoryTest { @Test(expected=SLRequestException.class) public void createMalformedCommand() throws SLCommandException, SLRuntimeException, SLRequestException, SLVersionException { - Reader requestReader = new StringReader( + Reader requestReader = new BufferedReader(new StringReader( "" + "missplacedContent" + - ""); + "")); StreamSource source = new StreamSource(requestReader); factory.createSLCommand(source); -- cgit v1.2.3