view libpurple/tests/test_xmlnode.c @ 32795:a359399cc0ce

merge of '22d544ffc6215f22b81d1dc34931bad4c82775c2' and '886d323c01f7c8cdf2a5e4ff42eefbab045b1f1f'
author Mark Doliner <mark@kingant.net>
date Sun, 06 May 2012 17:52:46 +0000
parents c8f91310bfbf
children 114a98da1a5f 3828a61c44da
line wrap: on
line source

#include <string.h>

#include "tests.h"
#include "../xmlnode.h"

/*
 * If we really wanted to test the billion laughs attack we would
 * need to have more than just 4 ha's.  But as long as this shorter
 * document fails to parse, the longer one should also fail to parse.
 */
START_TEST(test_xmlnode_billion_laughs_attack)
{
	const char *malicious_xml_doc = "<!DOCTYPE root [ <!ENTITY ha \"Ha !\"><!ENTITY ha2 \"&ha; &ha;\"><!ENTITY ha3 \"&ha2; &ha2;\"> ]><root>&ha3;</root>";

	/* Uncomment this line if you want to see the error message given by
	   the parser for the above XML document */
	/* purple_debug_set_enabled(TRUE); */

	fail_if(xmlnode_from_str(malicious_xml_doc, -1),
			"xmlnode_from_str() returned an XML tree, but we didn't want it to");
}
END_TEST

Suite *
xmlnode_suite(void)
{
	Suite *s = suite_create("Utility Functions");

	TCase *tc = tcase_create("xmlnode");
	tcase_add_test(tc, test_xmlnode_billion_laughs_attack);
	suite_add_tcase(s, tc);

	return s;
}