import unittest
from unittest.mock import Mock
from nbxmpp import dispatcher
class XMLVulnerability(unittest.TestCase):
def setUp(self):
self.stream = Mock()
self.stream.is_websocket = False
self.dispatcher = dispatcher.StanzaDispatcher(self.stream)
self._error_handler = Mock()
self.dispatcher.subscribe('parsing-error', self._error_handler)
self.dispatcher.reset_parser()
def test_exponential_entity_expansion(self):
bomb = """
]>
&c;"""
self.dispatcher.process_data(bomb)
self._error_handler.assert_called()
def test_quadratic_blowup(self):
bomb = """
]>
&a;&a;&a;... repeat"""
self.dispatcher.process_data(bomb)
self._error_handler.assert_called()
def test_external_entity_expansion(self):
bomb = """
]>
ⅇ"""
self.dispatcher.process_data(bomb)
self._error_handler.assert_called()
def test_external_local_entity_expansion(self):
bomb = """
]>
ⅇ"""
self.dispatcher.process_data(bomb)
self._error_handler.assert_called()
def test_dtd_retrival(self):
bomb = """
text
"""
self.dispatcher.process_data(bomb)
self._error_handler.assert_called()
if __name__ == '__main__':
unittest.main()