summaryrefslogtreecommitdiff
path: root/spec/ruby/security/cve_2014_8080_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/ruby/security/cve_2014_8080_spec.rb')
-rw-r--r--spec/ruby/security/cve_2014_8080_spec.rb32
1 files changed, 32 insertions, 0 deletions
diff --git a/spec/ruby/security/cve_2014_8080_spec.rb b/spec/ruby/security/cve_2014_8080_spec.rb
new file mode 100644
index 0000000000..6453b0c317
--- /dev/null
+++ b/spec/ruby/security/cve_2014_8080_spec.rb
@@ -0,0 +1,32 @@
+require File.expand_path('../../spec_helper', __FILE__)
+
+require 'rexml/document'
+
+describe "REXML::Document.new" do
+
+ it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do
+ xml = <<XML
+ <?xml version="1.0" encoding="UTF-8" ?>
+ <!DOCTYPE x [
+ <!ENTITY % x0 "xxxxxxxxxx">
+ <!ENTITY % x1 "%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;%x0;">
+ <!ENTITY % x2 "%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;%x1;">
+ <!ENTITY % x3 "%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;%x2;">
+ <!ENTITY % x4 "%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;%x3;">
+ <!ENTITY % x5 "%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;%x4;">
+ <!ENTITY % x6 "%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;%x5;">
+ <!ENTITY % x7 "%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;%x6;">
+ <!ENTITY % x8 "%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;%x7;">
+ <!ENTITY % x9 "%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;%x8;">
+ ]>
+ <x>
+ %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;
+ </x>
+XML
+
+ lambda { REXML::Document.new(xml).doctype.entities['x9'].value }.should raise_error(REXML::ParseException) { |e|
+ e.message.should =~ /entity expansion has grown too large/
+ }
+ end
+
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 09:38:39 +0000