mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unoxml: port checkCVE_2012_0037 from java to CppUnittest

Browse Source 
so CI will be able to catch the problem reported in
https://gerrit.libreoffice.org/c/core/+/169327

Change-Id: Id00e5f50fbf43f63f4bad5af13a62e4db88f82d9
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/169932
Tested-by: Jenkins
Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org>
This commit is contained in:
Xisco Fauli 2024-07-03 12:42:07 +02:00
parent cc256da45a
commit cdda6533b4
5 changed files with 106 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
unoxml/CppunitTest_unoxml_rdftest.mk Normal file
View File

@ -0,0 +1,38 @@
# -*- Mode: makefile-gmake; tab-width: 4; indent-tabs-mode: t -*-
#
# This file is part of the LibreOffice project.
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
$(eval $(call gb_CppunitTest_CppunitTest,unoxml_rdftest))
$(eval $(call gb_CppunitTest_add_exception_objects,unoxml_rdftest, \
unoxml/qa/unit/rdftest \
))
$(eval $(call gb_CppunitTest_use_sdk_api,unoxml_rdftest))
$(eval $(call gb_CppunitTest_use_rdb,unoxml_rdftest,services))
$(eval $(call gb_CppunitTest_use_externals,unoxml_rdftest, \
boost_headers \
))
$(eval $(call gb_CppunitTest_use_libraries,unoxml_rdftest, \
comphelper \
cppu \
cppuhelper \
sal \
sax \
test \
unotest \
))
$(eval $(call gb_CppunitTest_use_configuration,unoxml_rdftest))
$(eval $(call gb_CppunitTest_use_ure,unoxml_rdftest))
$(eval $(call gb_CppunitTest_use_vcl,unoxml_rdftest))
# vim: set noet sw=4 ts=4:

1
unoxml/Module_unoxml.mk
View File

@ -31,6 +31,7 @@ endif
$(eval $(call gb_Module_add_slowcheck_targets,unoxml,\ $(eval $(call gb_Module_add_slowcheck_targets,unoxml,\
CppunitTest_unoxml_domtest \ CppunitTest_unoxml_domtest \
CppunitTest_unoxml_rdftest \
)) ))
$(eval $(call gb_Module_add_subsequentcheck_targets,unoxml,\ $(eval $(call gb_Module_add_subsequentcheck_targets,unoxml,\

14
unoxml/qa/complex/unoxml/RDFRepositoryTest.java
View File

@ -531,20 +531,6 @@ public class RDFRepositoryTest
} }
} }
@Test public void checkCVE_2012_0037() throws Exception
{
XInputStream xIn = new StreamSimulator(
TestDocument.getUrl("cve_2012_0037.rdf"), true, param);
xRep.importGraph(FileFormat.RDF_XML, xIn, manifest, base);
XNamedGraph xGraph = xRep.getGraph(manifest);
assertNotNull("no graph", xGraph);
XEnumeration xEnum = xGraph.getStatements(foo, bar, null);
// there must not be anything more than "EVIL" in the literal
XLiteral evil = Literal.create(xContext, "EVIL");
Statement FooBarEvil = new Statement(foo, bar, evil, manifest);
assertTrue("EVIL", eq(xEnum, new Statement [] { FooBarEvil }));
}
// utilities ------------------------------------------------------------- // utilities -------------------------------------------------------------
public void report(Exception e) { public void report(Exception e) {

0
unoxml/qa/complex/unoxml/testdocuments/cve_2012_0037.rdf → unoxml/qa/unit/data/cve_2012_0037.rdf
View File

67
unoxml/qa/unit/rdftest.cxx Normal file
View File

@ -0,0 +1,67 @@
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
#include <test/bootstrapfixture.hxx>
#include <comphelper/processfactory.hxx>
#include <com/sun/star/rdf/Statement.hpp>
#include <com/sun/star/rdf/XDocumentMetadataAccess.hpp>
#include <com/sun/star/rdf/XDocumentRepository.hpp>
#include <com/sun/star/rdf/XRepository.hpp>
#include <com/sun/star/rdf/FileFormat.hpp>
#include <com/sun/star/rdf/Repository.hpp>
#include <com/sun/star/rdf/URI.hpp>
#include <com/sun/star/text/XTextDocument.hpp>
#include <com/sun/star/ucb/XSimpleFileAccess.hpp>
using namespace com::sun::star;
namespace
{
class RDFStreamTest : public test::BootstrapFixture
{
};
CPPUNIT_TEST_FIXTURE(RDFStreamTest, testCVE_2012_0037)
{
const uno::Reference<uno::XComponentContext> xContext(comphelper::getProcessComponentContext(),
css::uno::UNO_SET_THROW);
const uno::Reference<com::sun::star::ucb::XSimpleFileAccess> xFileAccess(
xContext->getServiceManager()->createInstanceWithContext(
u"com.sun.star.ucb.SimpleFileAccess"_ustr, xContext),
uno::UNO_QUERY_THROW);
const uno::Reference<io::XInputStream> xInputStream(
xFileAccess->openFileRead(
m_directories.getURLFromSrc(u"/unoxml/qa/unit/data/cve_2012_0037.rdf")),
uno::UNO_SET_THROW);
uno::Reference<rdf::XRepository> xRepo = rdf::Repository::create(xContext);
uno::Reference<rdf::XDocumentRepository> xDocRepo(xRepo, uno::UNO_QUERY);
CPPUNIT_ASSERT(xDocRepo);
uno::Reference<css::rdf::XURI> xManifest = rdf::URI::create(xContext, "manifest:manifest");
uno::Reference<css::rdf::XURI> xBase = rdf::URI::create(xContext, "base-uri:");
uno::Reference<css::rdf::XURI> xFoo = rdf::URI::create(xContext, "uri:foo");
uno::Reference<css::rdf::XURI> xBar = rdf::URI::create(xContext, "uri:bar");
xDocRepo->importGraph(rdf::FileFormat::RDF_XML, xInputStream, xManifest, xBase);
uno::Reference<rdf::XNamedGraph> xGraph = xDocRepo->getGraph(xManifest);
CPPUNIT_ASSERT(xGraph);
uno::Reference<container::XEnumeration> xEnum = xGraph->getStatements(xFoo, xBar, nullptr);
rdf::Statement aStatement = xEnum->nextElement().get<rdf::Statement>();
CPPUNIT_ASSERT_EQUAL(OUString("uri:foo"), aStatement.Subject->getStringValue());
CPPUNIT_ASSERT_EQUAL(OUString("uri:bar"), aStatement.Predicate->getStringValue());
CPPUNIT_ASSERT_EQUAL(OUString("EVIL"), aStatement.Object->getStringValue());
}
}
CPPUNIT_PLUGIN_IMPLEMENT();
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */