Refresh patches.
Debian Janitor
1 year, 11 months ago
| 0 | ; Copyright (c) Rich Hickey. All rights reserved. | |
| 1 | ; The use and distribution terms for this software are covered by the | |
| 2 | ; Eclipse Public License 1.0 (http://opensource.org/licenses/eclipse-1.0.php) | |
| 3 | ; which can be found in the file epl-v10.html at the root of this distribution. | |
| 4 | ; By using this software in any fashion, you are agreeing to be bound by | |
| 5 | ; the terms of this license. | |
| 6 | ; You must not remove this notice, or any other, from this software. | |
| 7 | ||
| 8 | ;;Author: Frantisek Sodomka | |
| 9 | ||
| 10 | ||
| 11 | (ns clojure.test-clojure.clojure-xml | |
| 12 | (:use clojure.test) | |
| 13 | (:require [clojure.xml :as xml]) | |
| 14 | (:import [java.io ByteArrayInputStream])) | |
| 15 | ||
| 16 | (deftest CLJ-2611-avoid-XXE | |
| 17 | (let [xml-str "<?xml version=\"1.0\" encoding=\"UTF-8\" ?> | |
| 18 | <!DOCTYPE foo [ | |
| 19 | <!ELEMENT foo ANY > | |
| 20 | <!ENTITY xxe SYSTEM \"file:///etc/hostname\" >]> | |
| 21 | <foo>&xxe;</foo>"] | |
| 22 | (is (= {:tag :foo, :attrs nil, :content nil} | |
| 23 | (with-open [input (ByteArrayInputStream. (.getBytes xml-str))] | |
| 24 | (xml/parse input)))))) | |
| 25 | ; parse | |
| 26 | ||
| 27 | ; emit-element | |
| 28 | ; emit | |
| 29 |