File: CVE-2016-9180.t

package info (click to toggle)
libxml-twig-perl 1%3A3.54-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,044 kB
  • sloc: perl: 21,338; xml: 423; makefile: 13
file content (41 lines) | stat: -rw-r--r-- 1,221 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
#!/usr/bin/perl

use strict;
use warnings;
use Test::More;
use Test::Exception;

BEGIN { use_ok('XML::Twig'); }

my $twig = XML::Twig->new( expand_external_ents => 1 );
$twig->parsefile('t/CVE-2016-9180.xml');
my $result = $twig->sprint;
like( $result, qr/Boom/, 'external entity expanded (expand_external_ents 1)' );

TODO: {
    local $TODO = 'This test currently fails: https://rt.cpan.org/Public/Bug/Display.html?id=118097';

$twig = XML::Twig->new( expand_external_ents => 0 );
$twig->parsefile('t/CVE-2016-9180.xml');
$result = $twig->sprint;
unlike( $result, qr/Boom/,
    'external entity not expanded (expand_external_ents 0)' );

$twig = XML::Twig->new( expand_external_ents => -1 );
$twig->parsefile('t/CVE-2016-9180.xml');
$result = $twig->sprint;
unlike( $result, qr/Boom/,
    'external entity not expanded and no fail (expand_external_ents -1)' );

}

$twig = XML::Twig->new( no_xxe => 1 );
throws_ok { $twig->parsefile('t/CVE-2016-9180.xml') } qr/cannot expand &xxe;/,
    'external entity not expanded (no_xxe 1)';

$twig = XML::Twig->new( no_xxe => 0 );
$twig->parsefile('t/CVE-2016-9180.xml');
$result = $twig->sprint;
like( $result, qr/Boom/, 'external entity expanded (no_xxe 0)' );

done_testing();