1 /* 2 * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 package test.auctionportal; 24 25 import static test.auctionportal.HiBidConstants.SP_ENTITY_EXPANSION_LIMIT; 26 import static test.auctionportal.HiBidConstants.SP_MAX_OCCUR_LIMIT; 27 import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_LANGUAGE; 28 import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_SOURCE; 29 import static org.testng.Assert.assertTrue; 30 import java.io.File; 31 import java.io.FileInputStream; 32 import java.io.FileOutputStream; 33 import java.io.FilePermission; 34 import java.io.InputStream; 35 import static javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING; 36 import static javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI; 37 import javax.xml.parsers.DocumentBuilder; 38 import javax.xml.parsers.DocumentBuilderFactory; 39 import javax.xml.parsers.SAXParser; 40 import javax.xml.parsers.SAXParserFactory; 41 import javax.xml.transform.TransformerFactory; 42 import javax.xml.transform.dom.DOMSource; 43 import javax.xml.transform.stream.StreamResult; 44 import jaxp.library.JAXPFileBaseTest; 45 import static jaxp.library.JAXPTestUtilities.USER_DIR; 46 import static jaxp.library.JAXPTestUtilities.compareDocumentWithGold; 47 import static org.testng.Assert.assertFalse; 48 import org.testng.annotations.Test; 49 import org.w3c.dom.Document; 50 import org.xml.sax.SAXParseException; 51 import static test.auctionportal.HiBidConstants.GOLDEN_DIR; 52 import static test.auctionportal.HiBidConstants.XML_DIR; 53 54 /** 55 * This is a test class for the Auction portal HiBid.com. 56 */ 57 public class AuctionItemRepository extends JAXPFileBaseTest { 58 /** 59 * XML file for parsing. 60 */ 61 private final static String ENTITY_XML = XML_DIR + "entity.xml"; 62 63 /** 64 * Feature name. 65 */ 66 private final static String FEATURE_NAME = "http://xml.org/sax/features/namespace-prefixes"; 67 68 /** 69 * Setting the EntityExpansion Limit to 128000 and checks if the XML 70 * document that has more than two levels of entity expansion is parsed or 71 * not. Previous system property was changed to jdk.xml.entityExpansionLimit 72 * see http://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html. 73 * 74 * @throws Exception If any errors occur. 75 */ 76 @Test 77 public void testEntityExpansionSAXPos() throws Exception { 78 SAXParserFactory factory = SAXParserFactory.newInstance(); 79 // Secure processing will limit XML processing to conform to 80 // implementation limits. 81 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 82 // Set entityExpansionLimit as 2 should expect fatalError 83 setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(128000)); 84 SAXParser parser = factory.newSAXParser(); 85 86 MyErrorHandler fatalHandler = new MyErrorHandler(); 87 setPermissions(new FilePermission(ENTITY_XML, "read")); 88 parser.parse(new File(ENTITY_XML), fatalHandler); 89 assertFalse(fatalHandler.isAnyError()); 90 } 91 /** 92 * Setting the EntityExpansion Limit to 2 and checks if the XML 93 * document that has more than two levels of entity expansion is parsed or 94 * not. Previous system property was changed to jdk.xml.entityExpansionLimit 95 * see http://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html. 96 * 97 * @throws Exception If any errors occur. 98 */ 99 @Test(expectedExceptions = SAXParseException.class) 100 public void testEntityExpansionSAXNeg() throws Exception { 101 SAXParserFactory factory = SAXParserFactory.newInstance(); 102 // Secure processing will limit XML processing to conform to 103 // implementation limits. 104 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 105 // Set entityExpansionLimit as 2 should expect SAXParseException. 106 setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2)); 107 108 SAXParser parser = factory.newSAXParser(); 109 MyErrorHandler fatalHandler = new MyErrorHandler(); 110 setPermissions(new FilePermission(ENTITY_XML, "read")); 111 parser.parse(new File(ENTITY_XML), fatalHandler); 112 } 113 114 /** 115 * Testing set MaxOccursLimit to 10000 in the secure processing enabled for 116 * SAXParserFactory. 117 * 118 * @throws Exception If any errors occur. 119 */ 120 @Test 121 public void testMaxOccurLimitPos() throws Exception { 122 String schema_file = XML_DIR + "toys.xsd"; 123 String xml_file = XML_DIR + "toys.xml"; 124 SAXParserFactory factory = SAXParserFactory.newInstance(); 125 factory.setValidating(true); 126 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 127 setSystemProperty(SP_MAX_OCCUR_LIMIT, String.valueOf(10000)); 128 SAXParser parser = factory.newSAXParser(); 129 parser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA_NS_URI); 130 setPermissions(new FilePermission(XML_DIR + "-", "read")); 131 parser.setProperty(JAXP_SCHEMA_SOURCE, new File(schema_file)); 132 try (InputStream is = new FileInputStream(xml_file)) { 133 MyErrorHandler eh = new MyErrorHandler(); 134 parser.parse(is, eh); 135 assertFalse(eh.isAnyError()); 136 } 137 } 138 139 /** 140 * Use a DocumentBuilder to create a DOM object and see if Secure Processing 141 * feature affects the entity expansion. 142 * 143 * @throws Exception If any errors occur. 144 */ 145 @Test 146 public void testEntityExpansionDOMPos() throws Exception { 147 DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); 148 dfactory.setFeature(FEATURE_SECURE_PROCESSING, true); 149 setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(10000)); 150 DocumentBuilder dBuilder = dfactory.newDocumentBuilder(); 151 MyErrorHandler eh = new MyErrorHandler(); 152 dBuilder.setErrorHandler(eh); 153 try { 154 setPermissions(new FilePermission(ENTITY_XML, "read")); 155 dBuilder.parse(ENTITY_XML); 156 assertFalse(eh.isAnyError()); 157 } finally { 158 setPermissions(); 159 } 160 } 161 162 /** 163 * Use a DocumentBuilder to create a DOM object and see how does the Secure 164 * Processing feature and entityExpansionLimit value affects output. 165 * Negative test that when entityExpansionLimit is too small. 166 * 167 * @throws Exception If any errors occur. 168 */ 169 @Test(expectedExceptions = SAXParseException.class) 170 public void testEntityExpansionDOMNeg() throws Exception { 171 DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); 172 dfactory.setFeature(FEATURE_SECURE_PROCESSING, true); 173 setSystemProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2)); 174 DocumentBuilder dBuilder = dfactory.newDocumentBuilder(); 175 MyErrorHandler eh = new MyErrorHandler(); 176 dBuilder.setErrorHandler(eh); 177 setPermissions(new FilePermission(ENTITY_XML, "read")); 178 dBuilder.parse(ENTITY_XML); 179 } 180 181 /** 182 * Test xi:include with a SAXParserFactory. 183 * 184 * @throws Exception If any errors occur. 185 */ 186 @Test(groups = {"readWriteLocalFiles"}) 187 public void testXIncludeSAXPos() throws Exception { 188 String resultFile = USER_DIR + "doc_xinclude.out"; 189 String goldFile = GOLDEN_DIR + "doc_xincludeGold.xml"; 190 String xmlFile = XML_DIR + "doc_xinclude.xml"; 191 192 try(FileOutputStream fos = new FileOutputStream(resultFile)) { 193 XInclHandler xh = new XInclHandler(fos, null); 194 SAXParserFactory spf = SAXParserFactory.newInstance(); 195 spf.setNamespaceAware(true); 196 spf.setXIncludeAware(true); 197 spf.setFeature(FEATURE_NAME, true); | 1 /* 2 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 package test.auctionportal; 24 25 import static javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING; 26 import static javax.xml.XMLConstants.W3C_XML_SCHEMA_NS_URI; 27 import static jaxp.library.JAXPTestUtilities.USER_DIR; 28 import static jaxp.library.JAXPTestUtilities.compareDocumentWithGold; 29 import static org.testng.Assert.assertFalse; 30 import static org.testng.Assert.assertTrue; 31 import static test.auctionportal.HiBidConstants.GOLDEN_DIR; 32 import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_LANGUAGE; 33 import static test.auctionportal.HiBidConstants.JAXP_SCHEMA_SOURCE; 34 import static test.auctionportal.HiBidConstants.SP_ENTITY_EXPANSION_LIMIT; 35 import static test.auctionportal.HiBidConstants.SP_MAX_OCCUR_LIMIT; 36 import static test.auctionportal.HiBidConstants.XML_DIR; 37 38 import java.io.File; 39 import java.io.FileInputStream; 40 import java.io.FileOutputStream; 41 import java.io.InputStream; 42 43 import javax.xml.parsers.DocumentBuilder; 44 import javax.xml.parsers.DocumentBuilderFactory; 45 import javax.xml.parsers.SAXParser; 46 import javax.xml.parsers.SAXParserFactory; 47 import javax.xml.transform.TransformerFactory; 48 import javax.xml.transform.dom.DOMSource; 49 import javax.xml.transform.stream.StreamResult; 50 51 import org.testng.annotations.Listeners; 52 import org.testng.annotations.Test; 53 import org.w3c.dom.Document; 54 import org.xml.sax.SAXParseException; 55 56 /** 57 * This is a test class for the Auction portal HiBid.com. 58 */ 59 @Listeners({jaxp.library.FilePolicy.class}) 60 public class AuctionItemRepository { 61 /** 62 * XML file for parsing. 63 */ 64 private final static String ENTITY_XML = XML_DIR + "entity.xml"; 65 66 /** 67 * Feature name. 68 */ 69 private final static String FEATURE_NAME = "http://xml.org/sax/features/namespace-prefixes"; 70 71 /** 72 * Setting the EntityExpansion Limit to 128000 and checks if the XML 73 * document that has more than two levels of entity expansion is parsed or 74 * not. Previous system property was changed to jdk.xml.entityExpansionLimit 75 * see http://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html. 76 * 77 * @throws Exception If any errors occur. 78 */ 79 @Test 80 public void testEntityExpansionSAXPos() throws Exception { 81 SAXParserFactory factory = SAXParserFactory.newInstance(); 82 // Secure processing will limit XML processing to conform to 83 // implementation limits. 84 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 85 // Set entityExpansionLimit as 2 should expect fatalError 86 System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(128000)); 87 SAXParser parser = factory.newSAXParser(); 88 89 MyErrorHandler fatalHandler = new MyErrorHandler(); 90 parser.parse(new File(ENTITY_XML), fatalHandler); 91 assertFalse(fatalHandler.isAnyError()); 92 } 93 /** 94 * Setting the EntityExpansion Limit to 2 and checks if the XML 95 * document that has more than two levels of entity expansion is parsed or 96 * not. Previous system property was changed to jdk.xml.entityExpansionLimit 97 * see http://docs.oracle.com/javase/tutorial/jaxp/limits/limits.html. 98 * 99 * @throws Exception If any errors occur. 100 */ 101 @Test(expectedExceptions = SAXParseException.class) 102 public void testEntityExpansionSAXNeg() throws Exception { 103 SAXParserFactory factory = SAXParserFactory.newInstance(); 104 // Secure processing will limit XML processing to conform to 105 // implementation limits. 106 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 107 // Set entityExpansionLimit as 2 should expect SAXParseException. 108 System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2)); 109 110 SAXParser parser = factory.newSAXParser(); 111 MyErrorHandler fatalHandler = new MyErrorHandler(); 112 parser.parse(new File(ENTITY_XML), fatalHandler); 113 } 114 115 /** 116 * Testing set MaxOccursLimit to 10000 in the secure processing enabled for 117 * SAXParserFactory. 118 * 119 * @throws Exception If any errors occur. 120 */ 121 @Test 122 public void testMaxOccurLimitPos() throws Exception { 123 String schema_file = XML_DIR + "toys.xsd"; 124 String xml_file = XML_DIR + "toys.xml"; 125 SAXParserFactory factory = SAXParserFactory.newInstance(); 126 factory.setValidating(true); 127 factory.setFeature(FEATURE_SECURE_PROCESSING, true); 128 System.setProperty(SP_MAX_OCCUR_LIMIT, String.valueOf(10000)); 129 SAXParser parser = factory.newSAXParser(); 130 parser.setProperty(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA_NS_URI); 131 parser.setProperty(JAXP_SCHEMA_SOURCE, new File(schema_file)); 132 try (InputStream is = new FileInputStream(xml_file)) { 133 MyErrorHandler eh = new MyErrorHandler(); 134 parser.parse(is, eh); 135 assertFalse(eh.isAnyError()); 136 } 137 } 138 139 /** 140 * Use a DocumentBuilder to create a DOM object and see if Secure Processing 141 * feature affects the entity expansion. 142 * 143 * @throws Exception If any errors occur. 144 */ 145 @Test 146 public void testEntityExpansionDOMPos() throws Exception { 147 DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); 148 dfactory.setFeature(FEATURE_SECURE_PROCESSING, true); 149 System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(10000)); 150 DocumentBuilder dBuilder = dfactory.newDocumentBuilder(); 151 MyErrorHandler eh = new MyErrorHandler(); 152 dBuilder.setErrorHandler(eh); 153 dBuilder.parse(ENTITY_XML); 154 assertFalse(eh.isAnyError()); 155 } 156 157 /** 158 * Use a DocumentBuilder to create a DOM object and see how does the Secure 159 * Processing feature and entityExpansionLimit value affects output. 160 * Negative test that when entityExpansionLimit is too small. 161 * 162 * @throws Exception If any errors occur. 163 */ 164 @Test(expectedExceptions = SAXParseException.class) 165 public void testEntityExpansionDOMNeg() throws Exception { 166 DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); 167 dfactory.setFeature(FEATURE_SECURE_PROCESSING, true); 168 System.setProperty(SP_ENTITY_EXPANSION_LIMIT, String.valueOf(2)); 169 DocumentBuilder dBuilder = dfactory.newDocumentBuilder(); 170 MyErrorHandler eh = new MyErrorHandler(); 171 dBuilder.setErrorHandler(eh); 172 dBuilder.parse(ENTITY_XML); 173 } 174 175 /** 176 * Test xi:include with a SAXParserFactory. 177 * 178 * @throws Exception If any errors occur. 179 */ 180 @Test(groups = {"readWriteLocalFiles"}) 181 public void testXIncludeSAXPos() throws Exception { 182 String resultFile = USER_DIR + "doc_xinclude.out"; 183 String goldFile = GOLDEN_DIR + "doc_xincludeGold.xml"; 184 String xmlFile = XML_DIR + "doc_xinclude.xml"; 185 186 try(FileOutputStream fos = new FileOutputStream(resultFile)) { 187 XInclHandler xh = new XInclHandler(fos, null); 188 SAXParserFactory spf = SAXParserFactory.newInstance(); 189 spf.setNamespaceAware(true); 190 spf.setXIncludeAware(true); 191 spf.setFeature(FEATURE_NAME, true); |