unoxml: port checkCVE_2012_0037 from java to CppUnittest

so CI will be able to catch the problem reported in https://gerrit.libreoffice.org/c/core/+/169327 Change-Id: Id00e5f50fbf43f63f4bad5af13a62e4db88f82d9 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169932 Tested-by: Jenkins Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
2024-07-03 12:42:07 +02:00 · 2024-07-03 12:42:07 +02:00 · cdda6533b4
commit cdda6533b4
parent cc256da45a
5 changed files with 106 additions and 14 deletions
--- a/unoxml/CppunitTest_unoxml_rdftest.mk
+++ b/unoxml/CppunitTest_unoxml_rdftest.mk
@ -0,0 +1,38 @@
+# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
+#
+# This file is part of the LibreOffice project.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+
+$(eval $(call gb_CppunitTest_CppunitTest,unoxml_rdftest))
+
+$(eval $(call gb_CppunitTest_add_exception_objects,unoxml_rdftest, \
+    unoxml/qa/unit/rdftest \
+))
+
+$(eval $(call gb_CppunitTest_use_sdk_api,unoxml_rdftest))
+
+$(eval $(call gb_CppunitTest_use_rdb,unoxml_rdftest,services))
+
+$(eval $(call gb_CppunitTest_use_externals,unoxml_rdftest, \
+    boost_headers \
+))
+
+$(eval $(call gb_CppunitTest_use_libraries,unoxml_rdftest, \
+    comphelper \
+    cppu \
+    cppuhelper \
+    sal \
+    sax \
+    test \
+    unotest \
+))
+
+$(eval $(call gb_CppunitTest_use_configuration,unoxml_rdftest))
+$(eval $(call gb_CppunitTest_use_ure,unoxml_rdftest))
+$(eval $(call gb_CppunitTest_use_vcl,unoxml_rdftest))
+
+# vim: set noet sw=4 ts=4:
--- a/unoxml/Module_unoxml.mk
+++ b/unoxml/Module_unoxml.mk
@ -31,6 +31,7 @@ endif

 $(eval $(call gb_Module_add_slowcheck_targets,unoxml,\
    CppunitTest_unoxml_domtest \
+    CppunitTest_unoxml_rdftest \
 ))

 $(eval $(call gb_Module_add_subsequentcheck_targets,unoxml,\
--- a/unoxml/qa/complex/unoxml/RDFRepositoryTest.java
+++ b/unoxml/qa/complex/unoxml/RDFRepositoryTest.java
@ -531,20 +531,6 @@ public class RDFRepositoryTest
        }
    }

-    @Test public void checkCVE_2012_0037() throws Exception
-    {
-        XInputStream xIn = new StreamSimulator(
-                TestDocument.getUrl("cve_2012_0037.rdf"), true, param);
-        xRep.importGraph(FileFormat.RDF_XML, xIn, manifest, base);
-        XNamedGraph xGraph = xRep.getGraph(manifest);
-        assertNotNull("no graph", xGraph);
-        XEnumeration xEnum = xGraph.getStatements(foo, bar, null);
-        // there must not be anything more than "EVIL" in the literal
-        XLiteral evil = Literal.create(xContext, "EVIL");
-        Statement FooBarEvil = new Statement(foo, bar, evil, manifest);
-        assertTrue("EVIL", eq(xEnum, new Statement [] { FooBarEvil }));
-    }
-
 // utilities -------------------------------------------------------------

    public void report(Exception e) {
--- a/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf
+++ b/unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf
--- a/unoxml/qa/unit/rdftest.cxx
+++ b/unoxml/qa/unit/rdftest.cxx
@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#include <test/bootstrapfixture.hxx>
+
+#include <comphelper/processfactory.hxx>
+
+#include <com/sun/star/rdf/Statement.hpp>
+#include <com/sun/star/rdf/XDocumentMetadataAccess.hpp>
+#include <com/sun/star/rdf/XDocumentRepository.hpp>
+#include <com/sun/star/rdf/XRepository.hpp>
+#include <com/sun/star/rdf/FileFormat.hpp>
+#include <com/sun/star/rdf/Repository.hpp>
+#include <com/sun/star/rdf/URI.hpp>
+#include <com/sun/star/text/XTextDocument.hpp>
+#include <com/sun/star/ucb/XSimpleFileAccess.hpp>
+
+using namespace com::sun::star;
+
+namespace
+{
+class RDFStreamTest : public test::BootstrapFixture
+{
+};
+
+CPPUNIT_TEST_FIXTURE(RDFStreamTest, testCVE_2012_0037)
+{
+    const uno::Reference<uno::XComponentContext> xContext(comphelper::getProcessComponentContext(),
+                                                          css::uno::UNO_SET_THROW);
+    const uno::Reference<com::sun::star::ucb::XSimpleFileAccess> xFileAccess(
+        xContext->getServiceManager()->createInstanceWithContext(
+            u"com.sun.star.ucb.SimpleFileAccess"_ustr, xContext),
+        uno::UNO_QUERY_THROW);
+    const uno::Reference<io::XInputStream> xInputStream(
+        xFileAccess->openFileRead(
+            m_directories.getURLFromSrc(u"/unoxml/qa/unit/data/cve_2012_0037.rdf")),
+        uno::UNO_SET_THROW);
+    uno::Reference<rdf::XRepository> xRepo = rdf::Repository::create(xContext);
+    uno::Reference<rdf::XDocumentRepository> xDocRepo(xRepo, uno::UNO_QUERY);
+    CPPUNIT_ASSERT(xDocRepo);
+
+    uno::Reference<css::rdf::XURI> xManifest = rdf::URI::create(xContext, "manifest:manifest");
+    uno::Reference<css::rdf::XURI> xBase = rdf::URI::create(xContext, "base-uri:");
+    uno::Reference<css::rdf::XURI> xFoo = rdf::URI::create(xContext, "uri:foo");
+    uno::Reference<css::rdf::XURI> xBar = rdf::URI::create(xContext, "uri:bar");
+
+    xDocRepo->importGraph(rdf::FileFormat::RDF_XML, xInputStream, xManifest, xBase);
+    uno::Reference<rdf::XNamedGraph> xGraph = xDocRepo->getGraph(xManifest);
+    CPPUNIT_ASSERT(xGraph);
+    uno::Reference<container::XEnumeration> xEnum = xGraph->getStatements(xFoo, xBar, nullptr);
+
+    rdf::Statement aStatement = xEnum->nextElement().get<rdf::Statement>();
+    CPPUNIT_ASSERT_EQUAL(OUString("uri:foo"), aStatement.Subject->getStringValue());
+    CPPUNIT_ASSERT_EQUAL(OUString("uri:bar"), aStatement.Predicate->getStringValue());
+    CPPUNIT_ASSERT_EQUAL(OUString("EVIL"), aStatement.Object->getStringValue());
+}
+}
+
+CPPUNIT_PLUGIN_IMPLEMENT();
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */