DrMark (owner)

Fork Of

Revisions

gist: 7177 Download_button fork
public
Public Clone URL: git://gist.github.com/7177.git
Embed All Files: show embed
rexml_spec.rb #
raw 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

##
# This is a Shoulda version of the test to verify that you have the REXML bug patched: 
#     (http://weblog.rubyonrails.org/2008/8/23/dos-vulnerabilities-in-rexml)
#
# AUTHORS: Dr. Mark Lane (http://www.workingwithrails.com/person/12039-dr-mark-lane)
#          Geoffrey Grosenbach http://nubyonrails.com
#          Also http://p.ramaze.net/1887  
#
# INSTALLATION:
#          Copy to test/unit/rexml_test.rb
#
# RUN:
#   rake test:units
 
require File.dirname(__FILE__) + '/../test_helper'
 
class REXMLTest < ActiveSupport::TestCase
  context "The REXML library" do
 
    should "handle the DOS vulnerability" do
      # http://weblog.rubyonrails.org/2008/8/23/dos-vulnerabilities-in-rexml
      # From http://p.ramaze.net/1887
      dom = REXML::Document.new('<?xml version="1.0" encoding="UTF-8"?>
        <!DOCTYPE member [
        <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
        <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
        <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
        <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
        <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
        <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
        <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
        ]>
        <member>
        &a;
        </member>')
 
      assert_raise RuntimeError do
        puts dom.root.elements.to_a('//member').first.text
      end
    end
  end
 
end