seanjmullan commented on a change in pull request #58:
URL:
https://github.com/apache/santuario-xml-security-java/pull/58#discussion_r701302753
##########
File path:
src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResourceResolverTest.java
##########
@@ -96,4 +98,40 @@ public void testLocalFileWithEmptyBaseURI() throws Exception
{
}
}
+ @org.junit.jupiter.api.Test
+ public void testIsSafeURIToResolveFile() throws Exception {
+ Document doc = TestUtils.newDocument();
+ Attr uriAttr = doc.createAttribute("URI");
+ String basedir = System.getProperty("basedir");
+ String file = new File(basedir, "pom.xml").toURI().toString();
+ uriAttr.setValue(file);
+
+ ResourceResolverContext resolverContext =
+ new ResourceResolverContext(uriAttr, null, false);
+ assertFalse(resolverContext.isSafeURIToResolve());
+ }
+
+ @org.junit.jupiter.api.Test
+ public void testIsSafeURIToResolveHTTP() throws Exception {
+ Document doc = TestUtils.newDocument();
+ Attr uriAttr = doc.createAttribute("URI");
+ String basedir = System.getProperty("basedir");
+ uriAttr.setValue("http://www.apache.org";);
+
+ ResourceResolverContext resolverContext =
+ new ResourceResolverContext(uriAttr, null, false);
+ assertFalse(resolverContext.isSafeURIToResolve());
+ }
+
+ @org.junit.jupiter.api.Test
+ public void testIsSafeURIToResolveLocalReference() throws Exception {
+ Document doc = TestUtils.newDocument();
+ Attr uriAttr = doc.createAttribute("URI");
+ String basedir = System.getProperty("basedir");
+ uriAttr.setValue("#1234");
+
+ ResourceResolverContext resolverContext =
+ new ResourceResolverContext(uriAttr, null, false);
+ assertTrue(resolverContext.isSafeURIToResolve());
+ }
Review comment:
How about also adding a test with a file or http baseUri?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
