< prev index next >
test/javax/xml/jaxp/unittest/parsers/Bug6309988.java
Print this page
@@ -1,7 +1,7 @@
/*
- * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
@@ -22,45 +22,64 @@
*/
package parsers;
import java.io.File;
+import java.io.FilePermission;
import java.io.InputStream;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
+import jaxp.library.JAXPTestUtilities;
+
import org.testng.Assert;
import org.testng.annotations.Test;
import org.w3c.dom.Document;
import org.xml.sax.SAXParseException;
/*
* @bug 6309988
* @summary Test elementAttributeLimit, maxOccurLimit, entityExpansionLimit.
*/
+@Test(singleThreaded = true)
public class Bug6309988 {
DocumentBuilderFactory dbf = null;
- static boolean _isSecureMode = false;
- static {
- if (System.getSecurityManager() != null) {
- _isSecureMode = true;
- System.out.println("Security Manager is present");
- } else {
- System.out.println("Security Manager is NOT present");
- }
+
+ public void runWithSecurityManager() throws Exception {
+ JAXPTestUtilities.tryRunWithPolicyManager(() -> test(),
+ new FilePermission(System.getProperty("test.src") + "/-", "read"));
+ }
+
+ public void runWithoutSecurityManager() throws Exception {
+ test();
+ }
+
+ private void test() {
+ testDOMParserElementAttributeLimit();
+ testDOMNSParserElementAttributeLimit();
+ testDOMNSParserElementAttributeLimitWithoutSecureProcessing();
+ testSystemElementAttributeLimitWithoutSecureProcessing();
+ testSystemElementAttributeLimitWithSecureProcessing();
+ testDOMSecureProcessingDefaultValue();
+ testSAXSecureProcessingDefaultValue();
+ testSystemMaxOccurLimitWithoutSecureProcessing();
+ testValidMaxOccurLimitWithOutSecureProcessing();
+ testSystemEntityExpansionLimitWithOutSecureProcessing();
+ testSystemEntityExpansionLimitWithSecureProcessing();
+ testEntityExpansionLimitWithSecureProcessing();
+ testEntityExpansionLimitWithOutSecureProcessing();
}
/*
* Given XML document has more than 10000 attributes. Exception is expected
*/
- @Test
- public void testDOMParserElementAttributeLimit() {
+ private void testDOMParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
Assert.fail("SAXParserException is expected, as given XML document contains more than 10000 attributes");
@@ -73,12 +92,11 @@
/*
* Given XML document has more than 10000 attributes. It should report an
* error.
*/
- @Test
- public void testDOMNSParserElementAttributeLimit() {
+ private void testDOMNSParserElementAttributeLimit() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("DosTest.xml"));
@@ -92,13 +110,12 @@
/*
* Given XML document has more than 10000 attributes. Parsing this XML
* document in non-secure mode, should not report any error.
*/
- @Test
- public void testDOMNSParserElementAttributeLimitWithoutSecureProcessing() {
- if (_isSecureMode)
+ private void testDOMNSParserElementAttributeLimitWithoutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
@@ -119,13 +136,12 @@
* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
- @Test
- public void testSystemElementAttributeLimitWithoutSecureProcessing() {
- if (_isSecureMode)
+ private void testSystemElementAttributeLimitWithoutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
@@ -153,12 +169,11 @@
/*
* Given XML document has 3 attributes and System property is set to 2.
* Parsing this XML document in secure mode, should report an error.
*/
- @Test
- public void testSystemElementAttributeLimitWithSecureProcessing() {
+ private void testSystemElementAttributeLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
System.setProperty("elementAttributeLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
@@ -174,12 +189,11 @@
}
/*
* Default value for secure processing feature should be true.
*/
- @Test
- public void testDOMSecureProcessingDefaultValue() {
+ private void testDOMSecureProcessingDefaultValue() {
try {
dbf = DocumentBuilderFactory.newInstance();
Assert.assertTrue(dbf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
@@ -188,12 +202,11 @@
}
/*
* Default value for secure processing feature should be true.
*/
- @Test
- public void testSAXSecureProcessingDefaultValue() {
+ private void testSAXSecureProcessingDefaultValue() {
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
Assert.assertTrue(spf.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING), "Default value for secureProcessing feature should be true");
} catch (Exception e) {
@@ -204,13 +217,12 @@
/*
* This method sets system property for maxOccurLimit=2 and secure process
* feature is off. Given doument contains more than 2 elements and hence an
* error should be reported.
*/
- @Test
- public void testSystemMaxOccurLimitWithoutSecureProcessing() {
- if (_isSecureMode)
+ private void testSystemMaxOccurLimitWithoutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
@@ -240,13 +252,12 @@
* This test will take longer time to execute( abt 120sec). This method
* tries to validate a document. This document contains an element whose
* maxOccur is '3002'. Since secure processing feature is off, document
* should be parsed without any errors.
*/
- @Test
- public void testValidMaxOccurLimitWithOutSecureProcessing() {
- if (_isSecureMode)
+ private void testValidMaxOccurLimitWithOutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
@@ -277,13 +288,12 @@
* should *not* report an error.
* After 8014530: System properties will override FSP, the result of this
* test should be the same as
* testSystemElementAttributeLimitWithSecureProcessing
*/
- @Test
- public void testSystemEntityExpansionLimitWithOutSecureProcessing() {
- if (_isSecureMode)
+ private void testSystemEntityExpansionLimitWithOutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
System.setProperty("entityExpansionLimit", "2");
dbf = DocumentBuilderFactory.newInstance();
@@ -310,12 +320,11 @@
/*
* System property is set to 2. Given XML document has more than 2 entity
* references. Parsing this document in secure mode, should report an error.
*/
- @Test
- public void testSystemEntityExpansionLimitWithSecureProcessing() {
+ private void testSystemEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
System.setProperty("entityExpansionLimit", "2");
DocumentBuilder parser = dbf.newDocumentBuilder();
@@ -333,12 +342,11 @@
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in secure mode, should report an error.
*/
- @Test
- public void testEntityExpansionLimitWithSecureProcessing() {
+ private void testEntityExpansionLimitWithSecureProcessing() {
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(true);
DocumentBuilder parser = dbf.newDocumentBuilder();
Document doc = parser.parse(this.getClass().getResourceAsStream("entity64K.xml"));
@@ -355,13 +363,12 @@
/*
* Given XML document has more than 64000 entity references. Parsing this
* document in non-secure mode, should not report any error.
*/
- @Test
- public void testEntityExpansionLimitWithOutSecureProcessing() {
- if (_isSecureMode)
+ private void testEntityExpansionLimitWithOutSecureProcessing() {
+ if (isSecureMode())
return; // jaxp secure feature can not be turned off when security
// manager is present
try {
dbf = DocumentBuilderFactory.newInstance();
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false);
@@ -375,6 +382,10 @@
Assert.fail("Exception " + e.getMessage());
} finally {
System.setProperty("entityExpansionLimit", "");
}
}
+
+ private boolean isSecureMode() {
+ return System.getSecurityManager() != null;
+ }
}
< prev index next >