X-Git-Url: https://git.opendaylight.org/gerrit/gitweb?p=controller.git;a=blobdiff_plain;f=opendaylight%2Fnetconf%2Fnetconf-util%2Fsrc%2Ftest%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fnetconf%2Futil%2Fxml%2FXmlUtilTest.java;fp=opendaylight%2Fnetconf%2Fnetconf-util%2Fsrc%2Ftest%2Fjava%2Forg%2Fopendaylight%2Fcontroller%2Fnetconf%2Futil%2Fxml%2FXmlUtilTest.java;h=79aa565df9bcf7a0392938be0184384393275c43;hp=3796dd996ae47179265837c488a58aa52c60870d;hb=8ef160aa623096fc2905bb449997306bbec2b295;hpb=e719eefb01604c4004a459a0c9999053e747360c

diff --git a/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java b/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
index 3796dd996a..79aa565df9 100644
--- a/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
+++ b/opendaylight/netconf/netconf-util/src/test/java/org/opendaylight/controller/netconf/util/xml/XmlUtilTest.java
@@ -61,6 +61,18 @@ public class XmlUtilTest {
 
     }
 
+    @Test(expected = SAXParseException.class)
+    public void testXXEFlaw() throws Exception {
+        XmlUtil.readXmlToDocument("<!DOCTYPE foo [  \n" +
+                "<!ELEMENT foo ANY >\n" +
+                "<!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]>\n" +
+                "<hello xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\">\n" +
+                "  <capabilities>\n" +
+                "    <capability>urn:ietf:params:netconf:base:1.0 &xxe;</capability>\n" +
+                "  </capabilities>\n" +
+                "  </hello>]]>]]>");
+    }
+
     @Test
     public void testXPath() throws Exception {
         final XPathExpression correctXPath = XMLNetconfUtil.compileXPath("/top/innerText");