wechat/weixin-java-tools
1
0
Fork 0
mirror of https://gitee.com/binary/weixin-java-tools.git synced 2025-11-01 11:38:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

🎨 #1427 fix XmlUtils.xml2Map() method which was vulnerable to XXE vulnerability

Browse Source
This commit is contained in:
Binary Wang
2020-03-28 22:16:53 +08:00
parent 1f49ac0781
commit a9cd7d2c2f
2 changed files with 29 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
weixin-java-common/src/test/java/me/chanjar/weixin/common/util/XmlUtilsTest.java
View File

@ -1,10 +1,10 @@
package me.chanjar.weixin.common.util;
import org.testng.annotations.Test;
import java.util.List;
import java.util.Map;
import org.testng.annotations.*;
import static org.assertj.core.api.Assertions.assertThat;
/**
@ -17,6 +17,17 @@ import static org.assertj.core.api.Assertions.assertThat;
*/
public class XmlUtilsTest {
@Test(expectedExceptions = {RuntimeException.class})
public void testXml2Map_xxe() {
String xml = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
"<!DOCTYPE test [\n" +
"<!ENTITY xxe SYSTEM \"file:///etc/passwd\">\n" +
"<!ENTITY xxe2 SYSTEM \"http://localhost/test.php\">\n" +
"]>\n" +
"<xml></xml>";
XmlUtils.xml2Map(xml);
}
@Test
public void testXml2Map() {
String xml = "<xml>\n" +