BUG-2511 Fix XXE vulnerability in Netconf

[controller.git] / opendaylight / netconf / netconf-util / src / test / java / org / opendaylight / controller / netconf / util / xml / XmlUtilTest.java

diff --git a/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java b/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
index 3796dd996ae47179265837c488a58aa52c60870d..79aa565df9bcf7a0392938be0184384393275c43 100644 (file)
--- a/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
+++ b/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
@@ -61,6 +61,18 @@ public class XmlUtilTest {
 
     }
 
+    @Test(expected = SAXParseException.class)
+    public void testXXEFlaw() throws Exception {
+        XmlUtil.readXmlToDocument("<!DOCTYPE foo [  \n" +
+                "<!ELEMENT foo ANY >\n" +
+                "<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\n" +
+                "<hello xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\">\n" +
+                "  <capabilities>\n" +
+                "    <capability>urn:ietf:params:netconf:base:1.0 &xxe;</capability>\n" +
+                "  </capabilities>\n" +
+                "  </hello>]]>]]>");
+    }
+
     @Test
     public void testXPath() throws Exception {
         final XPathExpression correctXPath = XMLNetconfUtil.compileXPath("/top/innerText");