< prev index next >
test/javax/xml/jaxp/unittest/parsers/Bug6309988.java
Print this page
*** 1,7 ****
/*
! * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
--- 1,7 ----
/*
! * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*** 22,66 ****
*/
package parsers;
import java.io.File;
import java.io.InputStream;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.xml.sax.SAXParseException;
/*
* @bug 6309988
* @summary Test elementAttributeLimit, maxOccurLimit, entityExpansionLimit.
*/
public class Bug6309988 {
DocumentBuilderFactory dbf = null;
! static boolean _isSecureMode = false;
! static {
! if (System.getSecurityManager() != null) {
! _isSecureMode = true;
! System.out.println("Security Manager is present");
! } else {
! System.out.println("Security Manager is NOT present");
! }
}
/*
* Given XML document has more than 10000 attributes. Exception is expected
*/
! @Test
! public void testDOMParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
Assert.fail("SAXParserException is expected, as given XML document contains more than 10000 attributes");
--- 22,85 ----
*/
package parsers;
import java.io.File;
+ import java.io.FilePermission;
import java.io.InputStream;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
+ import jaxp.library.JAXPTestUtilities;
+
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.xml.sax.SAXParseException;
/*
* @bug 6309988
* @summary Test elementAttributeLimit, maxOccurLimit, entityExpansionLimit.
*/
+ @Test(singleThreaded = true)
public class Bug6309988 {
DocumentBuilderFactory dbf = null;
!
! public void runWithSecurityManager() throws Exception {
! JAXPTestUtilities.tryRunWithPolicyManager(() -> test(),
! new FilePermission(System.getProperty("test.src") + "/-", "read"));
! }
!
! public void runWithoutSecurityManager() throws Exception {
! test();
! }
!
! private void test() {
! testDOMParserElementAttributeLimit();
! testDOMNSParserElementAttributeLimit();
! testDOMNSParserElementAttributeLimitWithoutSecureProcessing();
! testSystemElementAttributeLimitWithoutSecureProcessing();
! testSystemElementAttributeLimitWithSecureProcessing();
! testDOMSecureProcessingDefaultValue();
! testSAXSecureProcessingDefaultValue();
! testSystemMaxOccurLimitWithoutSecureProcessing();
! testValidMaxOccurLimitWithOutSecureProcessing();
! testSystemEntityExpansionLimitWithOutSecureProcessing();
! testSystemEntityExpansionLimitWithSecureProcessing();
! testEntityExpansionLimitWithSecureProcessing();
! testEntityExpansionLimitWithOutSecureProcessing();
}
/*
* Given XML document has more than 10000 attributes. Exception is expected
*/
! private void testDOMParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
Assert.fail("SAXParserException is expected, as given XML document contains more than 10000 attributes");
*** 73,84 ****
/*
* Given XML document has more than 10000 attributes. It should report an
* error.
*/
! @Test
! public void testDOMNSParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
--- 92,102 ----
/*
* Given XML document has more than 10000 attributes. It should report an
* error.
*/
! private void testDOMNSParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
*** 92,104 ****
/*
* Given XML document has more than 10000 attributes. Parsing this XML
* document in non-secure mode, should not report any error.
*/
! @Test
! public void testDOMNSParserElementAttributeLimitWithoutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
--- 110,121 ----
/*
* Given XML document has more than 10000 attributes. Parsing this XML
* document in non-secure mode, should not report any error.
*/
! private void testDOMNSParserElementAttributeLimitWithoutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
*** 119,131 ****
* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
! @Test
! public void testSystemElementAttributeLimitWithoutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
--- 136,147 ----
* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
! private void testSystemElementAttributeLimitWithoutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
*** 153,164 ****
/*
* Given XML document has 3 attributes and System property is set to 2.
* Parsing this XML document in secure mode, should report an error.
*/
! @Test
! public void testSystemElementAttributeLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
System.setProperty("elementAttributeLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
--- 169,179 ----
/*
* Given XML document has 3 attributes and System property is set to 2.
* Parsing this XML document in secure mode, should report an error.
*/
! private void testSystemElementAttributeLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
System.setProperty("elementAttributeLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
*** 174,185 ****
}
/*
* Default value for secure processing feature should be true.
*/
! @Test
! public void testDOMSecureProcessingDefaultValue() {
try {
dbf = DocumentBuilderFactory.newInstance();
Assert.assertTrue(dbf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
--- 189,199 ----
}
/*
* Default value for secure processing feature should be true.
*/
! private void testDOMSecureProcessingDefaultValue() {
try {
dbf = DocumentBuilderFactory.newInstance();
Assert.assertTrue(dbf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
*** 188,199 ****
}
/*
* Default value for secure processing feature should be true.
*/
! @Test
! public void testSAXSecureProcessingDefaultValue() {
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
Assert.assertTrue(spf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
--- 202,212 ----
}
/*
* Default value for secure processing feature should be true.
*/
! private void testSAXSecureProcessingDefaultValue() {
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
Assert.assertTrue(spf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
*** 204,216 ****
/*
* This method sets system property for maxOccurLimit=2 and secure process
* feature is off. Given doument contains more than 2 elements and hence an
* error should be reported.
*/
! @Test
! public void testSystemMaxOccurLimitWithoutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
--- 217,228 ----
/*
* This method sets system property for maxOccurLimit=2 and secure process
* feature is off. Given doument contains more than 2 elements and hence an
* error should be reported.
*/
! private void testSystemMaxOccurLimitWithoutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
*** 240,252 ****
* This test will take longer time to execute( abt 120sec). This method
* tries to validate a document. This document contains an element whose
* maxOccur is '3002'. Since secure processing feature is off, document
* should be parsed without any errors.
*/
! @Test
! public void testValidMaxOccurLimitWithOutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
--- 252,263 ----
* This test will take longer time to execute( abt 120sec). This method
* tries to validate a document. This document contains an element whose
* maxOccur is '3002'. Since secure processing feature is off, document
* should be parsed without any errors.
*/
! private void testValidMaxOccurLimitWithOutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
*** 277,289 ****
* should *not* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
! @Test
! public void testSystemEntityExpansionLimitWithOutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
System.setProperty("entityExpansionLimit", "2");
dbf = DocumentBuilderFactory.newInstance();
--- 288,299 ----
* should *not* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
! private void testSystemEntityExpansionLimitWithOutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
System.setProperty("entityExpansionLimit", "2");
dbf = DocumentBuilderFactory.newInstance();
*** 310,321 ****
/*
* System property is set to 2. Given XML document has more than 2 entity
* references. Parsing this document in secure mode, should report an error.
*/
! @Test
! public void testSystemEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
System.setProperty("entityExpansionLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
--- 320,330 ----
/*
* System property is set to 2. Given XML document has more than 2 entity
* references. Parsing this document in secure mode, should report an error.
*/
! private void testSystemEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
System.setProperty("entityExpansionLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
*** 333,344 ****
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in secure mode, should report an error.
*/
! @Test
! public void testEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("entity64K.xml"));
--- 342,352 ----
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in secure mode, should report an error.
*/
! private void testEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("entity64K.xml"));
*** 355,367 ****
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in non-secure mode, should not report any error.
*/
! @Test
! public void testEntityExpansionLimitWithOutSecureProcessing() {
! if (_isSecureMode)
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
--- 363,374 ----
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in non-secure mode, should not report any error.
*/
! private void testEntityExpansionLimitWithOutSecureProcessing() {
! if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
*** 375,380 ****
--- 382,391 ----
Assert.fail("Exception " + e.getMessage());
} finally {
System.setProperty("entityExpansionLimit", "");
}
}
+
+ private boolean isSecureMode() {
+ return System.getSecurityManager() != null;
+ }
}
< prev index next >