Skip to content
Permalink
Browse files

Prevent doctypes declarations

  • Loading branch information...
iBotPeaches committed May 27, 2017
1 parent 6e47d36 commit f19317d87c316ed254aafa0a27eddd024e25ec6c
@@ -246,6 +246,8 @@ private static Document loadDocument(File file)
throws IOException, SAXException, ParserConfigurationException { throws IOException, SAXException, ParserConfigurationException {


DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
docFactory.setFeature(FEATURE_DISABLE_DOCTYPE_DECL, true);

DocumentBuilder docBuilder = docFactory.newDocumentBuilder(); DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
return docBuilder.parse(file); return docBuilder.parse(file);
} }
@@ -264,10 +266,10 @@ private static void saveDocument(File file, Document doc)


TransformerFactory transformerFactory = TransformerFactory.newInstance(); TransformerFactory transformerFactory = TransformerFactory.newInstance();
Transformer transformer = transformerFactory.newTransformer(); Transformer transformer = transformerFactory.newTransformer();
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
transformer.setOutputProperty(OutputKeys.STANDALONE,"yes");
DOMSource source = new DOMSource(doc); DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(file); StreamResult result = new StreamResult(file);
transformer.transform(source, result); transformer.transform(source, result);
} }

private static final String FEATURE_DISABLE_DOCTYPE_DECL = "http://apache.org/xml/features/disallow-doctype-decl";
} }
@@ -0,0 +1,76 @@
/**
* Copyright 2014 Ryszard Wiśniewski <brut.alll@gmail.com>
* Copyright 2016 Connor Tumbleson <connor.tumbleson@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package brut.androlib;

import brut.directory.ExtFile;
import brut.common.BrutException;
import brut.util.OS;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.logging.Logger;

import static org.junit.Assert.assertEquals;

/**
* @author Connor Tumbleson <connor.tumbleson@gmail.com>
*/
public class ExternalEntityTest {

@BeforeClass
public static void beforeClass() throws Exception {
sOrigDir = new ExtFile(OS.createTempDirectory());
TestUtils.copyResourceDir(ExternalEntityTest.class, "brut/apktool/doctype/", sOrigDir);

LOGGER.info("Building doctype.apk...");
File testApk = new File(sOrigDir, "doctype.apk");
new Androlib().build(sOrigDir, testApk);

LOGGER.info("Decoding doctype.apk...");
ApkDecoder apkDecoder = new ApkDecoder(testApk);
apkDecoder.setOutDir(new File(sOrigDir + File.separator + "output"));
apkDecoder.decode();
}

@AfterClass
public static void afterClass() throws BrutException {
OS.rmdir(sOrigDir);
}

@Test
public void doctypeTest() throws BrutException, IOException {

String expected = TestUtils.replaceNewlines("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n" +
"<manifest android:versionCode=\"1\" android:versionName=\"1.0\" hardwareAccelerated=\"true\" package=\"com.ibotpeaches.doctype\" platformBuildVersionCode=\"23\" platformBuildVersionName=\"6.0-2438415\"\n" +
" xmlns:android=\"http://schemas.android.com/apk/res/android\">\n" +
" <supports-screens android:anyDensity=\"true\" android:smallScreens=\"true\" android:normalScreens=\"true\" android:largeScreens=\"true\" android:resizeable=\"true\" android:xlargeScreens=\"true\" />\n" +
"</manifest>");

byte[] encoded = Files.readAllBytes(Paths.get(sOrigDir + File.separator + "output" + File.separator + "AndroidManifest.xml"));
String obtained = TestUtils.replaceNewlines(new String(encoded));
assertEquals(expected, obtained);
}

private static ExtFile sOrigDir;

private final static Logger LOGGER = Logger.getLogger(ExternalEntityTest.class.getName());
}
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!DOCTYPE manifest [<!ENTITY e1 SYSTEM 'http://ibotpeaches.com?z=APKTOOLXXE;'>]>
<manifest hardwareAccelerated="true" package="com.ibotpeaches.doctype" platformBuildVersionCode="24" platformBuildVersionName="6.0-2456767" xmlns:android="http://schemas.android.com/apk/res/android">
&e1;
<supports-screens android:anyDensity="true" android:largeScreens="true" android:normalScreens="true" android:resizeable="true" android:smallScreens="true" android:xlargeScreens="true"/>
</manifest>
@@ -0,0 +1,12 @@
version: 2.0.0
apkFileName: doctype.apk
isFrameworkApk: false
usesFramework:
ids:
- 1
packageInfo:
forced-package-id: '127'
versionInfo:
versionCode: '1'
versionName: '1.0'
compressionType: false

0 comments on commit f19317d

Please sign in to comment.
You can’t perform that action at this time.