diff options
Diffstat (limited to 'test/rexml/test_document.rb')
-rw-r--r-- | test/rexml/test_document.rb | 130 |
1 files changed, 65 insertions, 65 deletions
diff --git a/test/rexml/test_document.rb b/test/rexml/test_document.rb index 8f37b2f12b..f4e78c9c03 100644 --- a/test/rexml/test_document.rb +++ b/test/rexml/test_document.rb @@ -41,7 +41,8 @@ EOF REXML::Security.entity_expansion_limit = @default_entity_expansion_limit end - XML_WITH_NESTED_ENTITY = <<EOF + def test_general_entity_have_value + xml = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> @@ -57,7 +58,21 @@ EOF </member> EOF - XML_WITH_NESTED_EMPTY_ENTITY = <<EOF + doc = REXML::Document.new(xml) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(xml) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + end + + def test_general_entity_empty_value + xml = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> @@ -73,35 +88,21 @@ EOF </member> EOF - XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF -<!DOCTYPE root [ - <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> - <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> - <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> - <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> - <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> - <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> - <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> - <!ENTITY test "test %g;"> -]> -<cd></cd> -EOF - - XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY = <<EOF -<!DOCTYPE root [ - <!ENTITY % a ""> - <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> - <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> - <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> - <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> - <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> - <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> - <!ENTITY test "test %g;"> -]> -<cd></cd> -EOF + doc = REXML::Document.new(xml) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + doc = REXML::Document.new(xml) + assert_raise(RuntimeError) do + doc.root.children.first.value + end + assert_equal(101, doc.entity_expansion_count) + end - XML_WITH_4_ENTITY_EXPANSION = <<EOF + def test_general_entity_with_default_entity + xml = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ <!ENTITY a "a"> @@ -114,64 +115,63 @@ EOF </member> EOF - def test_general_entity_have_value - doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) - assert_raise(RuntimeError) do - doc.root.children.first.value - end - REXML::Security.entity_expansion_limit = 100 - assert_equal(100, REXML::Security.entity_expansion_limit) - doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) - assert_raise(RuntimeError) do - doc.root.children.first.value - end - assert_equal(101, doc.entity_expansion_count) - end - - def test_general_entity_empty_value - doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) - assert_raise(RuntimeError) do - doc.root.children.first.value - end - REXML::Security.entity_expansion_limit = 100 - assert_equal(100, REXML::Security.entity_expansion_limit) - doc = REXML::Document.new(XML_WITH_NESTED_EMPTY_ENTITY) - assert_raise(RuntimeError) do - doc.root.children.first.value - end - assert_equal(101, doc.entity_expansion_count) - end - - def test_general_entity_with_default_entity REXML::Security.entity_expansion_limit = 4 - doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) + doc = REXML::Document.new(xml) assert_equal("\na\na a\n<\n", doc.root.children.first.value) REXML::Security.entity_expansion_limit = 3 - doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) + doc = REXML::Document.new(xml) assert_raise(RuntimeError) do doc.root.children.first.value end end def test_parameter_entity_have_value + xml = <<EOF +<!DOCTYPE root [ + <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + assert_raise(REXML::ParseException) do - REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + REXML::Document.new(xml) end REXML::Security.entity_expansion_limit = 100 assert_equal(100, REXML::Security.entity_expansion_limit) assert_raise(REXML::ParseException) do - REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + REXML::Document.new(xml) end end def test_parameter_entity_empty_value + xml = <<EOF +<!DOCTYPE root [ + <!ENTITY % a ""> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + assert_raise(REXML::ParseException) do - REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + REXML::Document.new(xml) end REXML::Security.entity_expansion_limit = 100 assert_equal(100, REXML::Security.entity_expansion_limit) assert_raise(REXML::ParseException) do - REXML::Document.new(XML_WITH_NESTED_EMPTY_PARAMETER_ENTITY) + REXML::Document.new(xml) end end end |