diff options
Diffstat (limited to 'activesupport/test/xml_mini')
| -rw-r--r-- | activesupport/test/xml_mini/jdom_engine_test.rb | 167 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/libxml_engine_test.rb | 211 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/libxmlsax_engine_test.rb | 201 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/nokogiri_engine_test.rb | 221 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/nokogirisax_engine_test.rb | 222 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/rexml_engine_test.rb | 38 | ||||
| -rw-r--r-- | activesupport/test/xml_mini/xml_mini_engine_test.rb | 264 |
7 files changed, 342 insertions, 982 deletions
diff --git a/activesupport/test/xml_mini/jdom_engine_test.rb b/activesupport/test/xml_mini/jdom_engine_test.rb index ed4de8aba2..97a533aafb 100644 --- a/activesupport/test/xml_mini/jdom_engine_test.rb +++ b/activesupport/test/xml_mini/jdom_engine_test.rb @@ -1,37 +1,10 @@ -if RUBY_PLATFORM =~ /java/ - require 'abstract_unit' - require 'active_support/xml_mini' - require 'active_support/core_ext/hash/conversions' +# frozen_string_literal: true +require_relative "xml_mini_engine_test" - class JDOMEngineTest < ActiveSupport::TestCase - include ActiveSupport - - FILES_DIR = File.dirname(__FILE__) + '/../fixtures/xml' - - def setup - @default_backend = XmlMini.backend - XmlMini.backend = 'JDOM' - end - - def teardown - XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?('blog') - assert hash['blog'].has_key?('logo') - - file = hash['blog']['logo'] - assert_equal 'logo.png', file.original_filename - assert_equal 'image/png', file.content_type - end +XMLMiniEngineTest.run_with_platform("java") do + class JDOMEngineTest < XMLMiniEngineTest + FILES_DIR = File.expand_path("../fixtures/xml", __dir__) def test_not_allowed_to_expand_entities_to_files attack_xml = <<-EOT @@ -40,7 +13,7 @@ if RUBY_PLATFORM =~ /java/ ]> <member>x&a;</member> EOT - assert_equal 'x', Hash.from_xml(attack_xml)["member"] + assert_equal "x", Hash.from_xml(attack_xml)["member"] end def test_not_allowed_to_expand_parameter_entities_to_files @@ -52,137 +25,29 @@ if RUBY_PLATFORM =~ /java/ <member>x&a;</member> EOT assert_raise Java::OrgXmlSax::SAXParseException do - assert_equal 'x', Hash.from_xml(attack_xml)["member"] + assert_equal "x", Hash.from_xml(attack_xml)["member"] end end - def test_not_allowed_to_load_external_doctypes attack_xml = <<-EOT <!DOCTYPE member SYSTEM "file://#{FILES_DIR}/jdom_doctype.dtd"> <member>x&a;</member> EOT - assert_equal 'x', Hash.from_xml(attack_xml)["member"] + assert_equal "x", Hash.from_xml(attack_xml)["member"] end - def test_exception_thrown_on_expansion_attack - assert_raise Java::OrgXmlSax::SAXParseException do - attack_xml = <<-EOT - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - Hash.from_xml(attack_xml) + private + def engine + "JDOM" end - end - - def test_setting_JDOM_as_backend - XmlMini.backend = 'JDOM' - assert_equal XmlMini_JDOM, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse('')) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end + def expansion_attack_error + Java::OrgXmlSax::SAXParseException + end - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - hash = XmlMini.with_backend('REXML') { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def extended_engine? + false end end - -else - # don't run these test because we aren't running in JRuby end diff --git a/activesupport/test/xml_mini/libxml_engine_test.rb b/activesupport/test/xml_mini/libxml_engine_test.rb index a8df2e1f7b..3eef3946a3 100644 --- a/activesupport/test/xml_mini/libxml_engine_test.rb +++ b/activesupport/test/xml_mini/libxml_engine_test.rb @@ -1,204 +1,21 @@ -begin - require 'libxml' -rescue LoadError - # Skip libxml tests -else -require 'abstract_unit' -require 'active_support/xml_mini' -require 'active_support/core_ext/hash/conversions' +# frozen_string_literal: true -class LibxmlEngineTest < ActiveSupport::TestCase - include ActiveSupport +require_relative "xml_mini_engine_test" - def setup - @default_backend = XmlMini.backend - XmlMini.backend = 'LibXML' - - LibXML::XML::Error.set_handler(&lambda { |error| }) #silence libxml, exceptions will do - end - - def teardown - XmlMini.backend = @default_backend - end - - def test_exception_thrown_on_expansion_attack - assert_raise LibXML::XML::Error do - attack_xml = %{<?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - } - Hash.from_xml(attack_xml) +XMLMiniEngineTest.run_with_gem("libxml") do + class LibxmlEngineTest < XMLMiniEngineTest + def setup + super + LibXML::XML::Error.set_handler(&lambda { |error| }) # silence libxml, exceptions will do end - end - - def test_setting_libxml_as_backend - XmlMini.backend = 'LibXML' - assert_equal XmlMini_LibXML, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse('')) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end + private + def engine + "LibXML" + end - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) + def expansion_attack_error + LibXML::XML::Error + end end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = XmlMini.with_backend('REXML') { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) - end -end - end diff --git a/activesupport/test/xml_mini/libxmlsax_engine_test.rb b/activesupport/test/xml_mini/libxmlsax_engine_test.rb index d6d90639e2..8e4a30a48e 100644 --- a/activesupport/test/xml_mini/libxmlsax_engine_test.rb +++ b/activesupport/test/xml_mini/libxmlsax_engine_test.rb @@ -1,195 +1,16 @@ -begin - require 'libxml' -rescue LoadError - # Skip libxml tests -else -require 'abstract_unit' -require 'active_support/xml_mini' -require 'active_support/core_ext/hash/conversions' +# frozen_string_literal: true -class LibXMLSAXEngineTest < ActiveSupport::TestCase - include ActiveSupport +require_relative "xml_mini_engine_test" - def setup - @default_backend = XmlMini.backend - XmlMini.backend = 'LibXMLSAX' - end - - def teardown - XmlMini.backend = @default_backend - end - - def test_exception_thrown_on_expansion_attack - assert_raise LibXML::XML::Error do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - - Hash.from_xml(attack_xml) - end - end - - def test_setting_libxml_as_backend - XmlMini.backend = 'LibXMLSAX' - assert_equal XmlMini_LibXMLSAX, XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, XmlMini.parse(nil)) - assert_equal({}, XmlMini.parse('')) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end +XMLMiniEngineTest.run_with_gem("libxml") do + class LibXMLSAXEngineTest < XMLMiniEngineTest + private + def engine + "LibXMLSAX" + end - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml + def expansion_attack_error + LibXML::XML::Error + end end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = XmlMini.with_backend('REXML') { XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) - end -end - end diff --git a/activesupport/test/xml_mini/nokogiri_engine_test.rb b/activesupport/test/xml_mini/nokogiri_engine_test.rb index 1314c9065a..f1584bcedf 100644 --- a/activesupport/test/xml_mini/nokogiri_engine_test.rb +++ b/activesupport/test/xml_mini/nokogiri_engine_test.rb @@ -1,215 +1,16 @@ -begin - require 'nokogiri' -rescue LoadError - # Skip nokogiri tests -else -require 'abstract_unit' -require 'active_support/xml_mini' -require 'active_support/core_ext/hash/conversions' +# frozen_string_literal: true -class NokogiriEngineTest < ActiveSupport::TestCase - def setup - @default_backend = ActiveSupport::XmlMini.backend - ActiveSupport::XmlMini.backend = 'Nokogiri' - end - - def teardown - ActiveSupport::XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?('blog') - assert hash['blog'].has_key?('logo') - - file = hash['blog']['logo'] - assert_equal 'logo.png', file.original_filename - assert_equal 'image/png', file.content_type - end - - def test_exception_thrown_on_expansion_attack - assert_raise Nokogiri::XML::SyntaxError do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - Hash.from_xml(attack_xml) - end - end - - def test_setting_nokogiri_as_backend - ActiveSupport::XmlMini.backend = 'Nokogiri' - assert_equal ActiveSupport::XmlMini_Nokogiri, ActiveSupport::XmlMini.backend - end - - def test_blank_returns_empty_hash - assert_equal({}, ActiveSupport::XmlMini.parse(nil)) - assert_equal({}, ActiveSupport::XmlMini.parse('')) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end - - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml - end +require_relative "xml_mini_engine_test" - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end +XMLMiniEngineTest.run_with_gem("nokogiri") do + class NokogiriEngineTest < XMLMiniEngineTest + private + def engine + "Nokogiri" + end - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml + def expansion_attack_error + Nokogiri::XML::SyntaxError + end end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = ActiveSupport::XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = ActiveSupport::XmlMini.with_backend('REXML') { ActiveSupport::XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) - end -end - end diff --git a/activesupport/test/xml_mini/nokogirisax_engine_test.rb b/activesupport/test/xml_mini/nokogirisax_engine_test.rb index 7978a50921..f38a56e83b 100644 --- a/activesupport/test/xml_mini/nokogirisax_engine_test.rb +++ b/activesupport/test/xml_mini/nokogirisax_engine_test.rb @@ -1,216 +1,16 @@ -begin - require 'nokogiri' -rescue LoadError - # Skip nokogiri tests -else -require 'abstract_unit' -require 'active_support/xml_mini' -require 'active_support/core_ext/hash/conversions' +# frozen_string_literal: true -class NokogiriSAXEngineTest < ActiveSupport::TestCase - def setup - @default_backend = ActiveSupport::XmlMini.backend - ActiveSupport::XmlMini.backend = 'NokogiriSAX' - end - - def teardown - ActiveSupport::XmlMini.backend = @default_backend - end - - def test_file_from_xml - hash = Hash.from_xml(<<-eoxml) - <blog> - <logo type="file" name="logo.png" content_type="image/png"> - </logo> - </blog> - eoxml - assert hash.has_key?('blog') - assert hash['blog'].has_key?('logo') - - file = hash['blog']['logo'] - assert_equal 'logo.png', file.original_filename - assert_equal 'image/png', file.content_type - end - - def test_exception_thrown_on_expansion_attack - assert_raise RuntimeError do - attack_xml = <<-EOT - <?xml version="1.0" encoding="UTF-8"?> - <!DOCTYPE member [ - <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> - <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> - <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> - <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> - <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> - <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> - <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> - ]> - <member> - &a; - </member> - EOT - - Hash.from_xml(attack_xml) - end - end - - def test_setting_nokogirisax_as_backend - ActiveSupport::XmlMini.backend = 'NokogiriSAX' - assert_equal ActiveSupport::XmlMini_NokogiriSAX, ActiveSupport::XmlMini.backend - end +require_relative "xml_mini_engine_test" - def test_blank_returns_empty_hash - assert_equal({}, ActiveSupport::XmlMini.parse(nil)) - assert_equal({}, ActiveSupport::XmlMini.parse('')) - end - - def test_array_type_makes_an_array - assert_equal_rexml(<<-eoxml) - <blog> - <posts type="array"> - <post>a post</post> - <post>another post</post> - </posts> - </blog> - eoxml - end - - def test_one_node_document_as_hash - assert_equal_rexml(<<-eoxml) - <products/> - eoxml - end - - def test_one_node_with_attributes_document_as_hash - assert_equal_rexml(<<-eoxml) - <products foo="bar"/> - eoxml - end - - def test_products_node_with_book_node_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - </products> - eoxml - end - - def test_products_node_with_two_book_nodes_as_hash - assert_equal_rexml(<<-eoxml) - <products> - <book name="awesome" id="12345" /> - <book name="america" id="67890" /> - </products> - eoxml - end +XMLMiniEngineTest.run_with_gem("nokogiri") do + class NokogiriSAXEngineTest < XMLMiniEngineTest + private + def engine + "NokogiriSAX" + end - def test_single_node_with_content_as_hash - assert_equal_rexml(<<-eoxml) - <products> - hello world - </products> - eoxml + def expansion_attack_error + RuntimeError + end end - - def test_children_with_children - assert_equal_rexml(<<-eoxml) - <root> - <products> - <book name="america" id="67890" /> - </products> - </root> - eoxml - end - - def test_children_with_text - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello everyone - </products> - </root> - eoxml - end - - def test_children_with_non_adjacent_text - assert_equal_rexml(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - end - - def test_parse_from_io - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) - end - - def test_children_with_simple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock]]> - </products> - </root> - eoxml - end - - def test_children_with_multiple_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> - </products> - </root> - eoxml - end - - def test_children_with_text_and_cdata - assert_equal_rexml(<<-eoxml) - <root> - <products> - hello <![CDATA[cdatablock]]> - morning - </products> - </root> - eoxml - end - - def test_children_with_blank_text - assert_equal_rexml(<<-eoxml) - <root> - <products> </products> - </root> - eoxml - end - - def test_children_with_blank_text_and_attribute - assert_equal_rexml(<<-eoxml) - <root> - <products type="file"> </products> - </root> - eoxml - end - - private - def assert_equal_rexml(xml) - parsed_xml = ActiveSupport::XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = ActiveSupport::XmlMini.with_backend('REXML') { ActiveSupport::XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) - end -end - end diff --git a/activesupport/test/xml_mini/rexml_engine_test.rb b/activesupport/test/xml_mini/rexml_engine_test.rb index f0067ca656..34bf81fa75 100644 --- a/activesupport/test/xml_mini/rexml_engine_test.rb +++ b/activesupport/test/xml_mini/rexml_engine_test.rb @@ -1,35 +1,27 @@ -require 'abstract_unit' -require 'active_support/xml_mini' +# frozen_string_literal: true -class REXMLEngineTest < ActiveSupport::TestCase +require_relative "xml_mini_engine_test" + +class REXMLEngineTest < XMLMiniEngineTest def test_default_is_rexml assert_equal ActiveSupport::XmlMini_REXML, ActiveSupport::XmlMini.backend end - def test_set_rexml_as_backend - ActiveSupport::XmlMini.backend = 'REXML' - assert_equal ActiveSupport::XmlMini_REXML, ActiveSupport::XmlMini.backend + def test_parse_from_empty_string + assert_equal({}, ActiveSupport::XmlMini.parse("")) end - def test_parse_from_io - ActiveSupport::XmlMini.backend = 'REXML' - io = StringIO.new(<<-eoxml) - <root> - good - <products> - hello everyone - </products> - morning - </root> - eoxml - assert_equal_rexml(io) + def test_parse_from_frozen_string + xml_string = "<root></root>".freeze + assert_equal({ "root" => {} }, ActiveSupport::XmlMini.parse(xml_string)) end private - def assert_equal_rexml(xml) - parsed_xml = ActiveSupport::XmlMini.parse(xml) - xml.rewind if xml.respond_to?(:rewind) - hash = ActiveSupport::XmlMini.with_backend('REXML') { ActiveSupport::XmlMini.parse(xml) } - assert_equal(hash, parsed_xml) + def engine + "REXML" + end + + def expansion_attack_error + RuntimeError end end diff --git a/activesupport/test/xml_mini/xml_mini_engine_test.rb b/activesupport/test/xml_mini/xml_mini_engine_test.rb new file mode 100644 index 0000000000..5c4c28d9b7 --- /dev/null +++ b/activesupport/test/xml_mini/xml_mini_engine_test.rb @@ -0,0 +1,264 @@ +# frozen_string_literal: true + +require "abstract_unit" +require "active_support/xml_mini" +require "active_support/core_ext/hash/conversions" + +class XMLMiniEngineTest < ActiveSupport::TestCase + def self.run_with_gem(gem_name) + require gem_name + yield + rescue LoadError + # Skip tests unless gem is available + end + + def self.run_with_platform(platform_name) + yield if RUBY_PLATFORM.include?(platform_name) + end + + def self.inherited(base) + base.include EngineTests + super + end + + def setup + @default_backend = ActiveSupport::XmlMini.backend + ActiveSupport::XmlMini.backend = engine + super + end + + def teardown + ActiveSupport::XmlMini.backend = @default_backend + super + end + + module EngineTests + def test_file_from_xml + hash = Hash.from_xml(<<-eoxml) + <blog> + <logo type="file" name="logo.png" content_type="image/png"> + </logo> + </blog> + eoxml + assert hash.key?("blog") + assert hash["blog"].key?("logo") + + file = hash["blog"]["logo"] + assert_equal "logo.png", file.original_filename + assert_equal "image/png", file.content_type + end + + def test_exception_thrown_on_expansion_attack + assert_raise expansion_attack_error do + Hash.from_xml(<<-eoxml) + <?xml version="1.0" encoding="UTF-8"?> + <!DOCTYPE member [ + <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> + <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;"> + <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;"> + <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;"> + <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;"> + <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;"> + <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"> + ]> + <member> + &a; + </member> + eoxml + end + end + + def test_setting_backend + assert_engine_class ActiveSupport::XmlMini.backend + end + + def test_blank_returns_empty_hash + assert_equal({}, ActiveSupport::XmlMini.parse(nil)) + assert_equal({}, ActiveSupport::XmlMini.parse("")) + end + + def test_parse_from_frozen_string + xml_string = "<root/>".freeze + assert_equal({ "root" => {} }, ActiveSupport::XmlMini.parse(xml_string)) + end + + def test_array_type_makes_an_array + assert_equal_rexml(<<-eoxml) + <blog> + <posts type="array"> + <post>a post</post> + <post>another post</post> + </posts> + </blog> + eoxml + end + + def test_one_node_document_as_hash + assert_equal_rexml(<<-eoxml) + <products/> + eoxml + end + + def test_one_node_with_attributes_document_as_hash + assert_equal_rexml(<<-eoxml) + <products foo="bar"/> + eoxml + end + + def test_products_node_with_book_node_as_hash + assert_equal_rexml(<<-eoxml) + <products> + <book name="awesome" id="12345" /> + </products> + eoxml + end + + def test_products_node_with_two_book_nodes_as_hash + assert_equal_rexml(<<-eoxml) + <products> + <book name="awesome" id="12345" /> + <book name="america" id="67890" /> + </products> + eoxml + end + + def test_single_node_with_content_as_hash + assert_equal_rexml(<<-eoxml) + <products> + hello world + </products> + eoxml + end + + def test_children_with_children + assert_equal_rexml(<<-eoxml) + <root> + <products> + <book name="america" id="67890" /> + </products> + </root> + eoxml + end + + def test_children_with_text + assert_equal_rexml(<<-eoxml) + <root> + <products> + hello everyone + </products> + </root> + eoxml + end + + def test_children_with_non_adjacent_text + assert_equal_rexml(<<-eoxml) + <root> + good + <products> + hello everyone + </products> + morning + </root> + eoxml + end + + def test_parse_from_io + skip_unless_extended_engine + + assert_equal_rexml(StringIO.new(<<-eoxml)) + <root> + good + <products> + hello everyone + </products> + morning + </root> + eoxml + end + + def test_children_with_simple_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + <![CDATA[cdatablock]]> + </products> + </root> + eoxml + end + + def test_children_with_multiple_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + <![CDATA[cdatablock1]]><![CDATA[cdatablock2]]> + </products> + </root> + eoxml + end + + def test_children_with_text_and_cdata + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> + hello <![CDATA[cdatablock]]> + morning + </products> + </root> + eoxml + end + + def test_children_with_blank_text + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products> </products> + </root> + eoxml + end + + def test_children_with_blank_text_and_attribute + skip_unless_extended_engine + + assert_equal_rexml(<<-eoxml) + <root> + <products type="file"> </products> + </root> + eoxml + end + + private + def engine + raise NotImplementedError + end + + def assert_engine_class(actual) + assert_equal ActiveSupport.const_get("XmlMini_#{engine}"), actual + end + + def assert_equal_rexml(xml) + parsed_xml = ActiveSupport::XmlMini.parse(xml) + xml.rewind if xml.respond_to?(:rewind) + hash = ActiveSupport::XmlMini.with_backend("REXML") { ActiveSupport::XmlMini.parse(xml) } + assert_equal(hash, parsed_xml) + end + + def expansion_attack_error + raise NotImplementedError + end + + def extended_engine? + true + end + + def skip_unless_extended_engine + skip "#{engine} is not an extended engine" unless extended_engine? + end + end +end |