| 1 |  |  | # -*- coding: utf-8 -*- | 
            
                                                                                                            
                            
            
                                    
            
            
                | 2 |  |  | # Copyright (C) 2018 Greenbone Networks GmbH | 
            
                                                                                                            
                            
            
                                    
            
            
                | 3 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 4 |  |  | # SPDX-License-Identifier: GPL-3.0-or-later | 
            
                                                                                                            
                            
            
                                    
            
            
                | 5 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 6 |  |  | # This program is free software: you can redistribute it and/or modify | 
            
                                                                                                            
                            
            
                                    
            
            
                | 7 |  |  | # it under the terms of the GNU General Public License as published by | 
            
                                                                                                            
                            
            
                                    
            
            
                | 8 |  |  | # the Free Software Foundation, either version 3 of the License, or | 
            
                                                                                                            
                            
            
                                    
            
            
                | 9 |  |  | # (at your option) any later version. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 10 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 11 |  |  | # This program is distributed in the hope that it will be useful, | 
            
                                                                                                            
                            
            
                                    
            
            
                | 12 |  |  | # but WITHOUT ANY WARRANTY; without even the implied warranty of | 
            
                                                                                                            
                            
            
                                    
            
            
                | 13 |  |  | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | 
            
                                                                                                            
                            
            
                                    
            
            
                | 14 |  |  | # GNU General Public License for more details. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 15 |  |  | # | 
            
                                                                                                            
                            
            
                                    
            
            
                | 16 |  |  | # You should have received a copy of the GNU General Public License | 
            
                                                                                                            
                            
            
                                    
            
            
                | 17 |  |  | # along with this program.  If not, see <http://www.gnu.org/licenses/>. | 
            
                                                                                                            
                            
            
                                    
            
            
                | 18 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 19 |  |  | import unittest | 
            
                                                                                                            
                            
            
                                    
            
            
                | 20 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 21 |  |  | from gvm.errors import GvmError | 
            
                                                                                                            
                            
            
                                    
            
            
                | 22 |  |  | from gvm.xml import validate_xml_string | 
            
                                                                                                            
                            
            
                                    
            
            
                | 23 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 24 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 25 |  |  | class ValidXmlStringTestCase(unittest.TestCase): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 26 |  |  |     def test_missing_closing_tag(self): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 27 |  |  |         with self.assertRaises(GvmError): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 28 |  |  |             validate_xml_string('<foo>') | 
            
                                                                                                            
                            
            
                                    
            
            
                | 29 |  |  |  | 
            
                                                                                                            
                            
            
                                    
            
            
                | 30 |  |  |     def test_invalid_tag(self): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 31 |  |  |         with self.assertRaises(GvmError): | 
            
                                                                                                            
                            
            
                                    
            
            
                | 32 |  |  |             validate_xml_string('<foo&bar/>') | 
            
                                                                                                            
                                                                
            
                                    
            
            
                | 33 |  |  |  | 
            
                                                        
            
                                    
            
            
                | 34 |  |  |     def test_xml_bomb(self): | 
            
                                                        
            
                                    
            
            
                | 35 |  |  |         xml = ( | 
            
                                                        
            
                                    
            
            
                | 36 |  |  |             '<!DOCTYPE xmlbomb [' | 
            
                                                        
            
                                    
            
            
                | 37 |  |  |             '<!ENTITY a "1234567890" >' | 
            
                                                        
            
                                    
            
            
                | 38 |  |  |             '<!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;">' | 
            
                                                        
            
                                    
            
            
                | 39 |  |  |             '<!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;">' | 
            
                                                        
            
                                    
            
            
                | 40 |  |  |             '<!ENTITY d "&c;&c;&c;&c;&c;&c;&c;&c;">' | 
            
                                                        
            
                                    
            
            
                | 41 |  |  |             ']>' | 
            
                                                        
            
                                    
            
            
                | 42 |  |  |             '<bomb>&c;</bomb>' | 
            
                                                        
            
                                    
            
            
                | 43 |  |  |         ) | 
            
                                                        
            
                                    
            
            
                | 44 |  |  |         with self.assertRaises(GvmError): | 
            
                                                        
            
                                    
            
            
                | 45 |  |  |             validate_xml_string(xml) | 
            
                                                        
            
                                    
            
            
                | 46 |  |  |  |