Skip to content
Permalink
Browse files
XML External Entity (XXE) injection in XmlConverter. Thanks to Stepha…
…n Siano for the patch.
  • Loading branch information
davsclaus committed Mar 2, 2015
1 parent 1df5596 commit 7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
Showing 2 changed files with 17 additions and 5 deletions.
@@ -596,6 +596,12 @@ public SAXSource toSAXSourceFromStream(StreamSource source, Exchange exchange) t
} catch (Exception e) {
LOG.warn("SAXParser doesn't support the feature {} with value {}, due to {}.", new Object[]{javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, "true", e});
}
try {
sfactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (SAXException e) {
LOG.warn("SAXParser doesn't support the feature {} with value {}, due to {}."
, new Object[]{"http://xml.org/sax/features/external-general-entities", false, e});
}
}
sfactory.setNamespaceAware(true);
SAXParser parser = sfactory.newSAXParser();
@@ -57,19 +57,25 @@ private void sendEntityMessage(Object message) throws Exception {
Exchange exchange = list.get(0);
String xml = exchange.getIn().getBody(String.class);
assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0);




try {
endpoint.reset();
endpoint.expectedMessageCount(1);

template.sendBody("direct:start2", message);
fail("Expect an exception here");

assertMockEndpointsSatisfied();

list = endpoint.getReceivedExchanges();
exchange = list.get(0);
xml = exchange.getIn().getBody(String.class);
assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0);
} catch (Exception ex) {
// expect an exception here
assertTrue("Get a wrong exception", ex instanceof CamelExecutionException);
// the file could not be found
assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException);
}

}


0 comments on commit 7d19340

Please sign in to comment.