XML External Entity (XXE) injection in XmlConverter. Thanks to Stephan Siano for the patch.
Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/06db9e07 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/06db9e07 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/06db9e07 Branch: refs/heads/camel-2.14.x Commit: 06db9e0744f2bb9f6e3bf16c0dfe7099a3481558 Parents: b47b51a Author: Claus Ibsen <davscl...@apache.org> Authored: Sun Mar 1 11:52:57 2015 +0100 Committer: Claus Ibsen <davscl...@apache.org> Committed: Mon Mar 2 11:20:57 2015 +0100 ---------------------------------------------------------------------- .../apache/camel/converter/jaxp/XmlConverter.java | 6 ++++++ .../apache/camel/component/xslt/XsltDTDTest.java | 16 +++++++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/06db9e07/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java index 7a6d61d..b2ad022 100644 --- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java +++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java @@ -602,6 +602,12 @@ public class XmlConverter { } catch (Exception e) { LOG.warn("SAXParser doesn't support the feature {} with value {}, due to {}.", new Object[]{javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, "true", e}); } + try { + sfactory.setFeature("http://xml.org/sax/features/external-general-entities";, false); + } catch (SAXException e) { + LOG.warn("SAXParser doesn't support the feature {} with value {}, due to {}." + , new Object[]{"http://xml.org/sax/features/external-general-entities";, false, e}); + } } sfactory.setNamespaceAware(true); SAXParser parser = sfactory.newSAXParser(); http://git-wip-us.apache.org/repos/asf/camel/blob/06db9e07/camel-core/src/test/java/org/apache/camel/component/xslt/XsltDTDTest.java ---------------------------------------------------------------------- diff --git a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltDTDTest.java b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltDTDTest.java index db5d63c..c0d2723 100644 --- a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltDTDTest.java +++ b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltDTDTest.java @@ -57,19 +57,25 @@ public class XsltDTDTest extends ContextTestSupport { Exchange exchange = list.get(0); String xml = exchange.getIn().getBody(String.class); assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0); - - - + try { + endpoint.reset(); + endpoint.expectedMessageCount(1); + template.sendBody("direct:start2", message); - fail("Expect an exception here"); + + assertMockEndpointsSatisfied(); + + list = endpoint.getReceivedExchanges(); + exchange = list.get(0); + xml = exchange.getIn().getBody(String.class); + assertTrue("Get a wrong transformed message", xml.indexOf("<transformed subject=\"\">") > 0); } catch (Exception ex) { // expect an exception here assertTrue("Get a wrong exception", ex instanceof CamelExecutionException); // the file could not be found assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException); } - }
