diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2016-11-20 17:57:16 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-11-20 17:57:16 +0100 |
| commit | 71117e1451f3fa74605059bc6f87b9282686f624 (patch) | |
| tree | 852e8747830339662da6a2e71f17a08f0d6a8808 | |
| parent | 5aea0952e7cb445e614652e3cd9aba71a836eed0 (diff) | |
| parent | 8e3901b5e6b4900cb4dd4cc1154180f42b51db2b (diff) | |
| download | rails-71117e1451f3fa74605059bc6f87b9282686f624.tar.gz rails-71117e1451f3fa74605059bc6f87b9282686f624.tar.bz2 rails-71117e1451f3fa74605059bc6f87b9282686f624.zip | |
Merge pull request #27111 from maclover7/jm-xmlmini
Refactor ActiveSupport::XMLMini test suite
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/jdom_engine_test.rb | 155 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/libxml_engine_test.rb | 201 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/libxmlsax_engine_test.rb | 196 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/nokogiri_engine_test.rb | 216 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/nokogirisax_engine_test.rb | 217 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/rexml_engine_test.rb | 42 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/xml_mini_engine_test.rb | 257 |
9 files changed, 317 insertions, 970 deletions
@@ -48,6 +48,7 @@ end # Active Support. gem "dalli", ">= 2.2.1" gem "listen", ">= 3.0.5", "< 3.2", require: false +gem "libxml-ruby", platforms: :ruby # Active Job. group :job do diff --git a/Gemfile.lock b/Gemfile.lock index 06e822964b..bec01cda4a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -214,6 +214,7 @@ GEM kindlerb (1.0.1) mustache nokogiri + libxml-ruby (2.9.0) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -381,6 +382,7 @@ DEPENDENCIES jquery-rails json (>= 2.0.0) kindlerb (>= 1.0.1) + libxml-ruby listen (>= 3.0.5, < 3.2) minitest (< 5.3.4) mocha (~> 0.14) diff --git a/activesupport/test/xml_mini/jdom_engine_test.rb b/activesupport/test/xml_mini/jdom_engine_test.rb index 816d57972c..a29949ab87 100644 --- a/activesupport/test/xml_mini/jdom_engine_test.rb +++ b/activesupport/test/xml_mini/jdom_engine_test.rb @@ -1,37 +1,9 @@ -if RUBY_PLATFORM.include?("java") - require "abstract_unit" - require "active_support/xml_mini" - require "active_support/core_ext/hash/conversions" - - class JDOMEngineTest < ActiveSupport::TestCase - include ActiveSupport +require_relative "xml_mini_engine_test" +XMLMiniEngineTest.run_with_platform("java") do + class JDOMEngineTest < XMLMiniEngineTest FILES_DIR = File.dirname(__FILE__) + "/../fixtures/xml" - def setup - @default_backend = XmlMini.backend - XmlMini.backend = "JDOM" - end - - def teardown - XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?("blog") - assert hash["blog"].has_key?("logo") - - file = hash["blog"]["logo"] - assert_equal "logo.png", file.original_filename - assert_equal "image/png", file.content_type - end - def test_not_allowed_to_expand_entities_to_files attack_xml = <<-EOT <!DOCTYPE member [ @@ -63,121 +35,18 @@ if RUBY_PLATFORM.include?("java") assert_equal "x", Hash.from_xml(attack_xml)["member"] end - def test_exception_thrown_on_expansion_attack - assert_raise Java::OrgXmlSax::SAXParseException do - attack_xml = <<-EOT - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - Hash.from_xml(attack_xml) - end - end - - def test_setting_JDOM_as_backend - XmlMini.backend = "JDOM" - assert_equal XmlMini_JDOM, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse("")) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end + private - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end + def engine + "JDOM" + end - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end + def expansion_attack_error + Java::OrgXmlSax::SAXParseException + end - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - hash = XmlMini.with_backend("REXML") { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def extended_engine? + false end end end diff --git a/activesupport/test/xml_mini/libxml_engine_test.rb b/activesupport/test/xml_mini/libxml_engine_test.rb index 81b0d3c407..e3b06e24b7 100644 --- a/activesupport/test/xml_mini/libxml_engine_test.rb +++ b/activesupport/test/xml_mini/libxml_engine_test.rb @@ -1,203 +1,20 @@ -begin - require "libxml" -rescue LoadError - # Skip libxml tests -else - require "abstract_unit" - require "active_support/xml_mini" - require "active_support/core_ext/hash/conversions" - - class LibxmlEngineTest < ActiveSupport::TestCase - include ActiveSupport +require_relative "xml_mini_engine_test" +XMLMiniEngineTest.run_with_gem("libxml") do + class LibxmlEngineTest < XMLMiniEngineTest def setup - @default_backend = XmlMini.backend - XmlMini.backend = "LibXML" - + super LibXML::XML::Error.set_handler(&lambda { |error| }) #silence libxml, exceptions will do end - def teardown - XmlMini.backend = @default_backend - end + private - def test_exception_thrown_on_expansion_attack - assert_raise LibXML::XML::Error do - attack_xml = %{<?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - } - Hash.from_xml(attack_xml) + def engine + "LibXML" end - end - - def test_setting_libxml_as_backend - XmlMini.backend = "LibXML" - assert_equal XmlMini_LibXML, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse("")) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = XmlMini.with_backend("REXML") { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def expansion_attack_error + LibXML::XML::Error end end - end diff --git a/activesupport/test/xml_mini/libxmlsax_engine_test.rb b/activesupport/test/xml_mini/libxmlsax_engine_test.rb index e25fa2813c..b677f115e5 100644 --- a/activesupport/test/xml_mini/libxmlsax_engine_test.rb +++ b/activesupport/test/xml_mini/libxmlsax_engine_test.rb @@ -1,195 +1,15 @@ -begin - require "libxml" -rescue LoadError - # Skip libxml tests -else - require "abstract_unit" - require "active_support/xml_mini" - require "active_support/core_ext/hash/conversions" +require_relative "xml_mini_engine_test" - class LibXMLSAXEngineTest < ActiveSupport::TestCase - include ActiveSupport - - def setup - @default_backend = XmlMini.backend - XmlMini.backend = "LibXMLSAX" - end - - def teardown - XmlMini.backend = @default_backend - end - - def test_exception_thrown_on_expansion_attack - assert_raise LibXML::XML::Error do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT +XMLMiniEngineTest.run_with_gem("libxml") do + class LibXMLSAXEngineTest < XMLMiniEngineTest + private - Hash.from_xml(attack_xml) + def engine + "LibXMLSAX" end - end - - def test_setting_libxml_as_backend - XmlMini.backend = "LibXMLSAX" - assert_equal XmlMini_LibXMLSAX, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse("")) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = XmlMini.with_backend("REXML") { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def expansion_attack_error + LibXML::XML::Error end end - end diff --git a/activesupport/test/xml_mini/nokogiri_engine_test.rb b/activesupport/test/xml_mini/nokogiri_engine_test.rb index 44b82da4e4..e90dfa173f 100644 --- a/activesupport/test/xml_mini/nokogiri_engine_test.rb +++ b/activesupport/test/xml_mini/nokogiri_engine_test.rb @@ -1,215 +1,15 @@ -begin - require "nokogiri" -rescue LoadError - # Skip nokogiri tests -else - require "abstract_unit" - require "active_support/xml_mini" - require "active_support/core_ext/hash/conversions" +require_relative "xml_mini_engine_test" - class NokogiriEngineTest < ActiveSupport::TestCase - def setup - @default_backend = ActiveSupport::XmlMini.backend - ActiveSupport::XmlMini.backend = "Nokogiri" - end - - def teardown - ActiveSupport::XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?("blog") - assert hash["blog"].has_key?("logo") - - file = hash["blog"]["logo"] - assert_equal "logo.png", file.original_filename - assert_equal "image/png", file.content_type - end +XMLMiniEngineTest.run_with_gem("nokogiri") do + class NokogiriEngineTest < XMLMiniEngineTest + private - def test_exception_thrown_on_expansion_attack - assert_raise Nokogiri::XML::SyntaxError do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - Hash.from_xml(attack_xml) + def engine + "Nokogiri" end - end - - def test_setting_nokogiri_as_backend - ActiveSupport::XmlMini.backend = "Nokogiri" - assert_equal ActiveSupport::XmlMini_Nokogiri, ActiveSupport::XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, ActiveSupport::XmlMini.parse(nil)) - assert_equal({}, ActiveSupport::XmlMini.parse("")) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = ActiveSupport::XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = ActiveSupport::XmlMini.with_backend("REXML") { ActiveSupport::XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def expansion_attack_error + Nokogiri::XML::SyntaxError end end - end diff --git a/activesupport/test/xml_mini/nokogirisax_engine_test.rb b/activesupport/test/xml_mini/nokogirisax_engine_test.rb index 24b35cadf6..0f559dc7a5 100644 --- a/activesupport/test/xml_mini/nokogirisax_engine_test.rb +++ b/activesupport/test/xml_mini/nokogirisax_engine_test.rb @@ -1,216 +1,15 @@ -begin - require "nokogiri" -rescue LoadError - # Skip nokogiri tests -else - require "abstract_unit" - require "active_support/xml_mini" - require "active_support/core_ext/hash/conversions" +require_relative "xml_mini_engine_test" - class NokogiriSAXEngineTest < ActiveSupport::TestCase - def setup - @default_backend = ActiveSupport::XmlMini.backend - ActiveSupport::XmlMini.backend = "NokogiriSAX" - end - - def teardown - ActiveSupport::XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?("blog") - assert hash["blog"].has_key?("logo") - - file = hash["blog"]["logo"] - assert_equal "logo.png", file.original_filename - assert_equal "image/png", file.content_type - end - - def test_exception_thrown_on_expansion_attack - assert_raise RuntimeError do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT +XMLMiniEngineTest.run_with_gem("nokogiri") do + class NokogiriSAXEngineTest < XMLMiniEngineTest + private - Hash.from_xml(attack_xml) + def engine + "NokogiriSAX" end - end - - def test_setting_nokogirisax_as_backend - ActiveSupport::XmlMini.backend = "NokogiriSAX" - assert_equal ActiveSupport::XmlMini_NokogiriSAX, ActiveSupport::XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, ActiveSupport::XmlMini.parse(nil)) - assert_equal({}, ActiveSupport::XmlMini.parse("")) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = ActiveSupport::XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = ActiveSupport::XmlMini.with_backend("REXML") { ActiveSupport::XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def expansion_attack_error + RuntimeError end end - end diff --git a/activesupport/test/xml_mini/rexml_engine_test.rb b/activesupport/test/xml_mini/rexml_engine_test.rb index dc62f3f671..085cf2caf7 100644 --- a/activesupport/test/xml_mini/rexml_engine_test.rb +++ b/activesupport/test/xml_mini/rexml_engine_test.rb @@ -1,44 +1,26 @@ -require "abstract_unit" -require "active_support/xml_mini" +require_relative "xml_mini_engine_test" -class REXMLEngineTest < ActiveSupport::TestCase +class REXMLEngineTest < XMLMiniEngineTest def test_default_is_rexml assert_equal ActiveSupport::XmlMini_REXML, ActiveSupport::XmlMini.backend end - def test_set_rexml_as_backend - ActiveSupport::XmlMini.backend = "REXML" - assert_equal ActiveSupport::XmlMini_REXML, ActiveSupport::XmlMini.backend - end - - def test_parse_from_io - ActiveSupport::XmlMini.backend = "REXML" - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - hash = ActiveSupport::XmlMini.parse(io) - assert hash.has_key?("root") - assert hash["root"].has_key?("products") - assert_match "good", hash["root"]["__content__"] - products = hash["root"]["products"] - assert products.has_key?("__content__") - assert_match "hello everyone", products["__content__"] - end - def test_parse_from_empty_string - ActiveSupport::XmlMini.backend = "REXML" assert_equal({}, ActiveSupport::XmlMini.parse("")) end def test_parse_from_frozen_string - ActiveSupport::XmlMini.backend = "REXML" xml_string = "<root></root>".freeze assert_equal({ "root" => {} }, ActiveSupport::XmlMini.parse(xml_string)) end + + private + + def engine + "REXML" + end + + def expansion_attack_error + RuntimeError + end end diff --git a/activesupport/test/xml_mini/xml_mini_engine_test.rb b/activesupport/test/xml_mini/xml_mini_engine_test.rb new file mode 100644 index 0000000000..5be9084c9d --- /dev/null +++ b/activesupport/test/xml_mini/xml_mini_engine_test.rb @@ -0,0 +1,257 @@ +require "abstract_unit" +require "active_support/xml_mini" +require "active_support/core_ext/hash/conversions" + +class XMLMiniEngineTest < ActiveSupport::TestCase + def self.run_with_gem(gem_name) + require gem_name + yield + rescue LoadError + # Skip tests unless gem is available + end + + def self.run_with_platform(platform_name) + yield if RUBY_PLATFORM.include?(platform_name) + end + + def self.inherited(base) + base.include EngineTests + super + end + + def setup + @default_backend = ActiveSupport::XmlMini.backend + ActiveSupport::XmlMini.backend = engine + super + end + + def teardown + ActiveSupport::XmlMini.backend = @default_backend + super + end + + module EngineTests + def test_file_from_xml + hash = Hash.from_xml(<<-eoxml) + <blog> + <logo type="file" name="logo.png" content_type="image/png"> + </logo> + </blog> + eoxml + assert hash.key?("blog") + assert hash["blog"].key?("logo") + + file = hash["blog"]["logo"] + assert_equal "logo.png", file.original_filename + assert_equal "image/png", file.content_type + end + + def test_exception_thrown_on_expansion_attack + assert_raise expansion_attack_error do + Hash.from_xml(<<-eoxml) + <?xml version="1.0" encoding="UTF-8"?> + <!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> + ]> + <member> + &a; + </member> + eoxml + end + end + + def test_setting_backend + assert_engine_class ActiveSupport::XmlMini.backend + end + + def test_blank_returns_empty_hash + assert_equal({}, ActiveSupport::XmlMini.parse(nil)) + assert_equal({}, ActiveSupport::XmlMini.parse("")) + end + + def test_array_type_makes_an_array + assert_equal_rexml(<<-eoxml) + <blog> + <posts type="array"> + <post>a post</post> + <post>another post</post> + </posts> + </blog> + eoxml + end + + def test_one_node_document_as_hash + assert_equal_rexml(<<-eoxml) + <products/> + eoxml + end + + def test_one_node_with_attributes_document_as_hash + assert_equal_rexml(<<-eoxml) + <products foo="bar"/> + eoxml + end + + def test_products_node_with_book_node_as_hash + assert_equal_rexml(<<-eoxml) + <products> + <book name="awesome" id="12345" /> + </products> + eoxml + end + + def test_products_node_with_two_book_nodes_as_hash + assert_equal_rexml(<<-eoxml) + <products> + <book name="awesome" id="12345" /> + <book name="america" id="67890" /> + </products> + eoxml + end + + def test_single_node_with_content_as_hash + assert_equal_rexml(<<-eoxml) + <products> + hello world + </products> + eoxml + end + + def test_children_with_children + assert_equal_rexml(<<-eoxml) + <root> + <products> + <book name="america" id="67890" /> + </products> + </root> + eoxml + end + + def test_children_with_text + assert_equal_rexml(<<-eoxml) + <root> + <products> + hello everyone + </products> + </root> + eoxml + end + + def test_children_with_non_adjacent_text + assert_equal_rexml(<<-eoxml) + <root> + good + <products> + hello everyone + </products> + morning + </root> + eoxml + end + + def test_parse_from_io + skip_unless_extended_engine + + assert_equal_rexml(StringIO.new(<<-eoxml)) + <root> + good + <products> + hello everyone + </products> + morning + </root> + eoxml + end + + def test_children_with_simple_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + <![CDATA[cdatablock]]> + </products> + </root> + eoxml + end + + def test_children_with_multiple_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> + </products> + </root> + eoxml + end + + def test_children_with_text_and_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + hello <![CDATA[cdatablock]]> + morning + </products> + </root> + eoxml + end + + def test_children_with_blank_text + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> </products> + </root> + eoxml + end + + def test_children_with_blank_text_and_attribute + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products type="file"> </products> + </root> + eoxml + end + + private + def engine + raise NotImplementedError + end + + def assert_engine_class(actual) + assert_equal ActiveSupport.const_get("XmlMini_#{engine}"), actual + end + + def assert_equal_rexml(xml) + parsed_xml = ActiveSupport::XmlMini.parse(xml) + xml.rewind if xml.respond_to?(:rewind) + hash = ActiveSupport::XmlMini.with_backend("REXML") { ActiveSupport::XmlMini.parse(xml) } + assert_equal(hash, parsed_xml) + end + + def expansion_attack_error + raise NotImplementedError + end + + def extended_engine? + true + end + + def skip_unless_extended_engine + skip "#{engine} is not an extended engine" unless extended_engine? + end + end +end |