Repository: camel Updated Branches: refs/heads/master 504cf03de -> af3af21de
CAMEL-8312: XML External Entity (XXE) injection in XPath. Thanks to Stephan Siano for the patch. Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/1df55964 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/1df55964 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/1df55964 Branch: refs/heads/master Commit: 1df559649a96a1ca0368373387e542f46e4820da Parents: 504cf03 Author: Claus Ibsen <davscl...@apache.org> Authored: Sun Mar 1 11:51:49 2015 +0100 Committer: Claus Ibsen <davscl...@apache.org> Committed: Mon Mar 2 08:15:44 2015 +0100 ---------------------------------------------------------------------- .../apache/camel/builder/xml/XPathBuilder.java | 21 ---------- .../camel/builder/xml/XPathFeatureTest.java | 42 +++++++++++++++----- .../camel/component/xslt/SaxonXsltDTDTest.java | 11 +++-- .../camel/language/xpath/XPathLanguageTest.xml | 2 +- 4 files changed, 40 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/1df55964/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java b/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java index d618705..741fec8 100644 --- a/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java +++ b/camel-core/src/main/java/org/apache/camel/builder/xml/XPathBuilder.java @@ -18,7 +18,6 @@ package org.apache.camel.builder.xml; import java.io.File; import java.io.InputStream; -import java.io.StringReader; import java.util.HashSet; import java.util.LinkedHashMap; import java.util.List; @@ -51,7 +50,6 @@ import org.apache.camel.NoTypeConversionAvailableException; import org.apache.camel.Predicate; import org.apache.camel.RuntimeExpressionException; import org.apache.camel.WrappedFile; -import org.apache.camel.component.bean.BeanInvocation; import org.apache.camel.impl.DefaultExchange; import org.apache.camel.spi.Language; import org.apache.camel.spi.NamespaceAware; @@ -1113,25 +1111,6 @@ public class XPathBuilder extends ServiceSupport implements Expression, Predicat } } - // okay we can try to remedy the failed conversion by some special types - if (answer == null) { - // let's try coercing some common types into something JAXP work with the best for special types - if (body instanceof WrappedFile) { - // special for files so we can work with them out of the box - InputStream is = exchange.getContext().getTypeConverter().convertTo(InputStream.class, exchange, body); - answer = new InputSource(is); - } else if (body instanceof BeanInvocation) { - // if its a null bean invocation then handle that specially - BeanInvocation bi = exchange.getContext().getTypeConverter().convertTo(BeanInvocation.class, exchange, body); - if (bi.getArgs() != null && bi.getArgs().length == 1 && bi.getArgs()[0] == null) { - // its a null argument from the bean invocation so use null as answer - answer = null; - } - } else if (body instanceof String) { - answer = new InputSource(new StringReader((String) body)); - } - } - if (type == null && answer == null) { // fallback to get the body as is answer = body; http://git-wip-us.apache.org/repos/asf/camel/blob/1df55964/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java ---------------------------------------------------------------------- diff --git a/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java b/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java index 0d90530..dfad770 100644 --- a/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java +++ b/camel-core/src/test/java/org/apache/camel/builder/xml/XPathFeatureTest.java @@ -19,11 +19,13 @@ package org.apache.camel.builder.xml; import java.io.FileNotFoundException; -import javax.xml.xpath.XPathExpressionException; - import org.apache.camel.ContextTestSupport; import org.apache.camel.Exchange; +import org.apache.camel.NoTypeConversionAvailableException; +import org.apache.camel.RuntimeCamelException; +import org.apache.camel.TypeConversionException; import org.apache.camel.converter.jaxp.XmlConverter; +import org.xml.sax.SAXParseException; import static org.apache.camel.builder.xml.XPathBuilder.xpath; @@ -32,18 +34,19 @@ public class XPathFeatureTest extends ContextTestSupport { public static final String XML_DATA = " <!DOCTYPE foo [ " + " <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file:///bin/test.sh\" >]> <test> &xxe; </test>"; - - + public static final String XML_DATA_INVALID = " <!DOCTYPE foo [ " + + " <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file:///bin/test.sh\" >]> <test> &xxe; </test><notwellformed>"; + @Override public boolean isUseRouteBuilder() { return false; } - + public void testXPathResult() throws Exception { String result = (String)xpath("/").stringResult().evaluate(createExchange(XML_DATA)); assertEquals("Get a wrong result", " ", result); } - + public void testXPath() throws Exception { // Set this feature will enable the external general entities @@ -52,16 +55,35 @@ public class XPathFeatureTest extends ContextTestSupport { try { xpath("/").stringResult().evaluate(createExchange(XML_DATA)); fail("Expect an Exception here"); - } catch (Exception ex) { - assertTrue("Get a wrong exception cause.", ex instanceof InvalidXPathExpression); - assertTrue("Get a wrong exception cause.", ex.getCause() instanceof XPathExpressionException); + } catch (TypeConversionException ex) { + assertTrue("Get a wrong exception cause.", ex.getCause() instanceof RuntimeCamelException); assertTrue("Get a wrong exception cause.", ex.getCause().getCause() instanceof FileNotFoundException); } finally { System.clearProperty(DOM_BUILER_FACTORY_FEATRUE + ":" + "http://xml.org/sax/features/external-general-entities";); } } - + + public void testXPathNoTypeConverter() throws Exception { + try { + // define a class without type converter as document type + xpath("/").documentType(Exchange.class).stringResult().evaluate(createExchange(XML_DATA)); + fail("Expect an Exception here"); + } catch (RuntimeCamelException ex) { + assertTrue("Get a wrong exception cause.", ex.getCause() instanceof NoTypeConversionAvailableException); + } + } + + public void testXPathResultOnInvalidData() throws Exception { + try { + xpath("/").stringResult().evaluate(createExchange(XML_DATA_INVALID)); + fail("Expect an Exception here"); + } catch (TypeConversionException ex) { + assertTrue("Get a wrong exception cause.", ex.getCause() instanceof RuntimeCamelException); + assertTrue("Get a wrong exception cause.", ex.getCause().getCause() instanceof SAXParseException); + } + } + protected Exchange createExchange(Object xml) { Exchange exchange = createExchangeWithBody(context, xml); return exchange; http://git-wip-us.apache.org/repos/asf/camel/blob/1df55964/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java ---------------------------------------------------------------------- diff --git a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java index b826608..adef1d8 100644 --- a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java +++ b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltDTDTest.java @@ -61,19 +61,22 @@ public class SaxonXsltDTDTest extends CamelTestSupport { Exchange exchange = list.get(0); String xml = exchange.getIn().getBody(String.class); assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0); - - + + endpoint.reset(); + endpoint.expectedMessageCount(1); try { template.sendBody("direct:start2", message); - fail("Expect an exception here"); + list = endpoint.getReceivedExchanges(); + exchange = list.get(0); + xml = exchange.getIn().getBody(String.class); + assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0); } catch (Exception ex) { // expect an exception here assertTrue("Get a wrong exception", ex instanceof CamelExecutionException); // the file could not be found assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException); } - } http://git-wip-us.apache.org/repos/asf/camel/blob/1df55964/components/camel-saxon/src/test/resources/org/apache/camel/language/xpath/XPathLanguageTest.xml ---------------------------------------------------------------------- diff --git a/components/camel-saxon/src/test/resources/org/apache/camel/language/xpath/XPathLanguageTest.xml b/components/camel-saxon/src/test/resources/org/apache/camel/language/xpath/XPathLanguageTest.xml index e1f4485..4012e570 100644 --- a/components/camel-saxon/src/test/resources/org/apache/camel/language/xpath/XPathLanguageTest.xml +++ b/components/camel-saxon/src/test/resources/org/apache/camel/language/xpath/XPathLanguageTest.xml @@ -42,7 +42,7 @@ <route> <from uri="direct:testSaxonWithFactory"/> <setBody> - <xpath factoryRef="saxonFactory" documentType="org.xml.sax.InputSource" resultType="java.lang.String" logNamespaces="true">tokenize(a, '\|')</xpath> + <xpath factoryRef="saxonFactory" resultType="java.lang.String" logNamespaces="true">tokenize(a, '\|')</xpath> </setBody> <log message="Test Saxon with factory: ${body}"/> <to uri="mock:testSaxonWithFactoryResult"/>
