From df2ecdcb6e604f8e1dcea1549c929a1ced06c583 Mon Sep 17 00:00:00 2001 From: Michael Stahl Date: Wed, 3 Apr 2013 22:52:40 +0200 Subject: unordf: add unit test for CVE-2012-0037 Change-Id: Ife037f05ddf66bc8c0598cb9521e95a1fa15c26e --- unoxml/qa/complex/unoxml/RDFRepositoryTest.java | 14 ++++++++++++++ .../qa/complex/unoxml/testdocuments/cve_2012_0037.rdf | 19 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf (limited to 'unoxml/qa') diff --git a/unoxml/qa/complex/unoxml/RDFRepositoryTest.java b/unoxml/qa/complex/unoxml/RDFRepositoryTest.java index c84ab56547a9..4356de06e7ac 100644 --- a/unoxml/qa/complex/unoxml/RDFRepositoryTest.java +++ b/unoxml/qa/complex/unoxml/RDFRepositoryTest.java @@ -543,6 +543,20 @@ public class RDFRepositoryTest } } + @Test public void checkCVE_2012_0037() throws Exception + { + XInputStream xIn = new StreamSimulator( + TestDocument.getUrl("cve_2012_0037.rdf"), true, param); + xRep.importGraph(FileFormat.RDF_XML, xIn, manifest, base); + XNamedGraph xGraph = xRep.getGraph(manifest); + assertNotNull("no graph", xGraph); + XEnumeration xEnum = xGraph.getStatements(foo, bar, null); + // there must not be anything more than "EVIL" in the literal + XLiteral evil = Literal.create(xContext, "EVIL"); + Statement FooBarEvil = new Statement(foo, bar, evil, manifest); + assertTrue("EVIL", eq(xEnum, new Statement [] { FooBarEvil })); + } + // utilities ------------------------------------------------------------- public void report2(Exception e) diff --git a/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf b/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf new file mode 100644 index 000000000000..9e2327cef0d8 --- /dev/null +++ b/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf @@ -0,0 +1,19 @@ + + +]> + + + + EVIL&file; + + -- cgit