< prev index next >
test/javax/xml/jaxp/functional/test/auctionportal/AuctionItemRepository.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
--- 1,7 ----
/*
! * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*** 20,62 ****
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package test.auctionportal;
! import static test.auctionportal.HiBidConstants.SP_ENTITY_EXPANSION_LIMIT;
! import static test.auctionportal.HiBidConstants.SP_MAX_OCCUR_LIMIT;
import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_LANGUAGE;
import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_SOURCE;
! import static org.testng.Assert.assertTrue;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
- import java.io.FilePermission;
import java.io.InputStream;
! import static javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING;
! import static javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
! import jaxp.library.JAXPFileBaseTest;
! import static jaxp.library.JAXPTestUtilities.USER_DIR;
! import static jaxp.library.JAXPTestUtilities.compareDocumentWithGold;
! import static org.testng.Assert.assertFalse;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.xml.sax.SAXParseException;
- import static test.auctionportal.HiBidConstants.GOLDEN_DIR;
- import static test.auctionportal.HiBidConstants.XML_DIR;
/**
* This is a test class for the Auction portal HiBid.com.
*/
! public class AuctionItemRepository extends JAXPFileBaseTest {
/**
* XML file for parsing.
*/
private final static String ENTITY_XML = XML_DIR + "entity.xml";
--- 20,65 ----
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package test.auctionportal;
! import static javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING;
! import static javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI;
! import static jaxp.library.JAXPTestUtilities.USER_DIR;
! import static jaxp.library.JAXPTestUtilities.compareDocumentWithGold;
! import static org.testng.Assert.assertFalse;
! import static org.testng.Assert.assertTrue;
! import static test.auctionportal.HiBidConstants.GOLDEN_DIR;
import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_LANGUAGE;
import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_SOURCE;
! import static test.auctionportal.HiBidConstants.SP_ENTITY_EXPANSION_LIMIT;
! import static test.auctionportal.HiBidConstants.SP_MAX_OCCUR_LIMIT;
! import static test.auctionportal.HiBidConstants.XML_DIR;
!
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
!
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
!
! import org.testng.annotations.Listeners;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.xml.sax.SAXParseException;
/**
* This is a test class for the Auction portal HiBid.com.
*/
! @Listeners({jaxp.library.FilePolicy.class})
! public class AuctionItemRepository {
/**
* XML file for parsing.
*/
private final static String ENTITY_XML = XML_DIR + "entity.xml";
*** 78,92 ****
SAXParserFactory factory = SAXParserFactory.newInstance();
// Secure processing will limit XML processing to conform to
// implementation limits.
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
// Set entityExpansionLimit as 2 should expect fatalError
! setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(128000));
SAXParser parser = factory.newSAXParser();
MyErrorHandler fatalHandler = new MyErrorHandler();
- setPermissions(new FilePermission(ENTITY_XML, "read"));
parser.parse(new File(ENTITY_XML), fatalHandler);
assertFalse(fatalHandler.isAnyError());
}
/**
* Setting the EntityExpansion Limit to 2 and checks if the XML
--- 81,94 ----
SAXParserFactory factory = SAXParserFactory.newInstance();
// Secure processing will limit XML processing to conform to
// implementation limits.
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
// Set entityExpansionLimit as 2 should expect fatalError
! System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(128000));
SAXParser parser = factory.newSAXParser();
MyErrorHandler fatalHandler = new MyErrorHandler();
parser.parse(new File(ENTITY_XML), fatalHandler);
assertFalse(fatalHandler.isAnyError());
}
/**
* Setting the EntityExpansion Limit to 2 and checks if the XML
*** 101,115 ****
SAXParserFactory factory = SAXParserFactory.newInstance();
// Secure processing will limit XML processing to conform to
// implementation limits.
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
// Set entityExpansionLimit as 2 should expect SAXParseException.
! setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2));
SAXParser parser = factory.newSAXParser();
MyErrorHandler fatalHandler = new MyErrorHandler();
- setPermissions(new FilePermission(ENTITY_XML, "read"));
parser.parse(new File(ENTITY_XML), fatalHandler);
}
/**
* Testing set MaxOccursLimit to 10000 in the secure processing enabled for
--- 103,116 ----
SAXParserFactory factory = SAXParserFactory.newInstance();
// Secure processing will limit XML processing to conform to
// implementation limits.
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
// Set entityExpansionLimit as 2 should expect SAXParseException.
! System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2));
SAXParser parser = factory.newSAXParser();
MyErrorHandler fatalHandler = new MyErrorHandler();
parser.parse(new File(ENTITY_XML), fatalHandler);
}
/**
* Testing set MaxOccursLimit to 10000 in the secure processing enabled for
*** 122,135 ****
String schema_file = XML_DIR + "toys.xsd";
String xml_file = XML_DIR + "toys.xml";
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(true);
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
! setSystemProperty(SP_MAX_OCCUR_LIMIT, String.valueOf(10000));
SAXParser parser = factory.newSAXParser();
parser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA_NS_URI);
- setPermissions(new FilePermission(XML_DIR + "-", "read"));
parser.setProperty(JAXP_SCHEMA_SOURCE, new File(schema_file));
try (InputStream is = new FileInputStream(xml_file)) {
MyErrorHandler eh = new MyErrorHandler();
parser.parse(is, eh);
assertFalse(eh.isAnyError());
--- 123,135 ----
String schema_file = XML_DIR + "toys.xsd";
String xml_file = XML_DIR + "toys.xml";
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(true);
factory.setFeature(FEATURE_SECURE_PROCESSING, true);
! System.setProperty(SP_MAX_OCCUR_LIMIT, String.valueOf(10000));
SAXParser parser = factory.newSAXParser();
parser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA_NS_URI);
parser.setProperty(JAXP_SCHEMA_SOURCE, new File(schema_file));
try (InputStream is = new FileInputStream(xml_file)) {
MyErrorHandler eh = new MyErrorHandler();
parser.parse(is, eh);
assertFalse(eh.isAnyError());
*** 144,164 ****
*/
@Test
public void testEntityExpansionDOMPos() throws Exception {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(FEATURE_SECURE_PROCESSING, true);
! setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(10000));
DocumentBuilder dBuilder = dfactory.newDocumentBuilder();
MyErrorHandler eh = new MyErrorHandler();
dBuilder.setErrorHandler(eh);
- try {
- setPermissions(new FilePermission(ENTITY_XML, "read"));
dBuilder.parse(ENTITY_XML);
assertFalse(eh.isAnyError());
- } finally {
- setPermissions();
- }
}
/**
* Use a DocumentBuilder to create a DOM object and see how does the Secure
* Processing feature and entityExpansionLimit value affects output.
--- 144,159 ----
*/
@Test
public void testEntityExpansionDOMPos() throws Exception {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(FEATURE_SECURE_PROCESSING, true);
! System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(10000));
DocumentBuilder dBuilder = dfactory.newDocumentBuilder();
MyErrorHandler eh = new MyErrorHandler();
dBuilder.setErrorHandler(eh);
dBuilder.parse(ENTITY_XML);
assertFalse(eh.isAnyError());
}
/**
* Use a DocumentBuilder to create a DOM object and see how does the Secure
* Processing feature and entityExpansionLimit value affects output.
*** 168,182 ****
*/
@Test(expectedExceptions = SAXParseException.class)
public void testEntityExpansionDOMNeg() throws Exception {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(FEATURE_SECURE_PROCESSING, true);
! setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2));
DocumentBuilder dBuilder = dfactory.newDocumentBuilder();
MyErrorHandler eh = new MyErrorHandler();
dBuilder.setErrorHandler(eh);
- setPermissions(new FilePermission(ENTITY_XML, "read"));
dBuilder.parse(ENTITY_XML);
}
/**
* Test xi:include with a SAXParserFactory.
--- 163,176 ----
*/
@Test(expectedExceptions = SAXParseException.class)
public void testEntityExpansionDOMNeg() throws Exception {
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setFeature(FEATURE_SECURE_PROCESSING, true);
! System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2));
DocumentBuilder dBuilder = dfactory.newDocumentBuilder();
MyErrorHandler eh = new MyErrorHandler();
dBuilder.setErrorHandler(eh);
dBuilder.parse(ENTITY_XML);
}
/**
* Test xi:include with a SAXParserFactory.
< prev index next >