From 7a06d71e1c5e96b7f2fcb7c34e955bbb985b6845 Mon Sep 17 00:00:00 2001 From: MarkBaker Date: Mon, 19 Nov 2018 23:22:59 +0100 Subject: [PATCH] Add UTF-7 XXE Unit test data --- tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php | 5 +++-- tests/data/Reader/Xml/XEETestInvalidUTF-7.xml | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 tests/data/Reader/Xml/XEETestInvalidUTF-7.xml diff --git a/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php b/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php index 8819b35d..4936bc56 100644 --- a/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php +++ b/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php @@ -3,6 +3,7 @@ namespace PhpOffice\PhpSpreadsheetTests\Reader\Security; use PHPUnit\Framework\TestCase; +use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner; class XmlScannerTest extends TestCase { @@ -22,7 +23,7 @@ class XmlScannerTest extends TestCase public function providerValidXML() { $tests = []; - foreach (glob(__DIR__ . '/../../data/Reader/Xml/XEETestValid*.xml') as $file) { + foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestValid*.xml') as $file) { $tests[basename($file)] = [realpath($file), file_get_contents($file)]; } @@ -48,7 +49,7 @@ class XmlScannerTest extends TestCase public function providerInvalidXML() { $tests = []; - foreach (glob(__DIR__ . '/../../data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) { + foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) { $tests[basename($file)] = [realpath($file)]; } diff --git a/tests/data/Reader/Xml/XEETestInvalidUTF-7.xml b/tests/data/Reader/Xml/XEETestInvalidUTF-7.xml new file mode 100644 index 00000000..0b791d42 --- /dev/null +++ b/tests/data/Reader/Xml/XEETestInvalidUTF-7.xml @@ -0,0 +1,2 @@ + ++ADwAIQ-DOCTYPE xmlrootname +AFsAPAAh-ENTITY +ACU aaa SYSTEM +ACI-http://127.0.0.1:8080/ext.dtd+ACIAPgAl-aaa+ADsAJQ-ccc+ADsAJQ-ddd+ADsAXQA+ \ No newline at end of file