aboutsummaryrefslogtreecommitdiff
path: root/engine/tests
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2013-07-31 13:34:55 -0400
committerPaweł Sroka <srokap@gmail.com>2013-11-04 03:34:21 +0100
commit7cacdc8bc26c98a58dc8986acfd911d6542608af (patch)
tree81aded80c087b3ffb937d62d005b3d8a39b6910c /engine/tests
parent6eec301f33ff3e618d591d429de7edf30277e972 (diff)
downloadelgg-7cacdc8bc26c98a58dc8986acfd911d6542608af.tar.gz
elgg-7cacdc8bc26c98a58dc8986acfd911d6542608af.tar.bz2
Emit notice if XXE can't be tested and skip test
Diffstat (limited to 'engine/tests')
-rw-r--r--engine/tests/regression/trac_bugs.php21
1 files changed, 13 insertions, 8 deletions
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
index ea39253df..689275661 100644
--- a/engine/tests/regression/trac_bugs.php
+++ b/engine/tests/regression/trac_bugs.php
@@ -377,6 +377,7 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
public function test_ElggXMLElement_does_not_load_external_entities() {
$elLast = libxml_disable_entity_loader(false);
+ // build payload that should trigger loading of external entity
$payload = file_get_contents(dirname(dirname(__FILE__)) . '/test_files/xxe/request.xml');
$path = realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt');
$path = str_replace('\\', '/', $path);
@@ -384,16 +385,20 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
$path = '/' . $path;
}
$path = 'file://' . $path;
- $payload = sprintf($payload, $path);
+ $payload = sprintf($payload, $path);
- $el = new ElggXMLElement($payload);
- $chidren = $el->getChildren();
- $content = $chidren[0]->getContent();
- $this->assertNoPattern('/secret/', $content);
-
- //make sure the test is valid
+ // make sure we can actually this in this environment
$element = new SimpleXMLElement($payload);
- $this->assertPattern('/secret/', (string)$element->methodName);
+ $can_load_entity = preg_match('/secret/', (string)$element->methodName);
+
+ $this->skipUnless($can_load_entity, "XXE vulnerability cannot be tested on this system");
+
+ if ($can_load_entity) {
+ $el = new ElggXMLElement($payload);
+ $chidren = $el->getChildren();
+ $content = $chidren[0]->getContent();
+ $this->assertNoPattern('/secret/', $content);
+ }
libxml_disable_entity_loader($elLast);
}