From d53447f7e6b3277f3249d9a70e56ec01a90c3a60 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Thu, 11 Jul 2013 13:24:01 -0400
Subject: Disable loading external entities during XML parsing

---
 engine/tests/test_files/xxe/external_entity.txt | 1 +
 engine/tests/test_files/xxe/request.xml         | 8 ++++++++
 2 files changed, 9 insertions(+)
 create mode 100644 engine/tests/test_files/xxe/external_entity.txt
 create mode 100644 engine/tests/test_files/xxe/request.xml

(limited to 'engine/tests/test_files/xxe')

diff --git a/engine/tests/test_files/xxe/external_entity.txt b/engine/tests/test_files/xxe/external_entity.txt
new file mode 100644
index 000000000..536aca34d
--- /dev/null
+++ b/engine/tests/test_files/xxe/external_entity.txt
@@ -0,0 +1 @@
+secret
\ No newline at end of file
diff --git a/engine/tests/test_files/xxe/request.xml b/engine/tests/test_files/xxe/request.xml
new file mode 100644
index 000000000..4390f9db2
--- /dev/null
+++ b/engine/tests/test_files/xxe/request.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ELEMENT methodName ANY >
+<!ENTITY xxe SYSTEM "%s" >
+]>
+<methodCall>
+    <methodName>test&xxe;test</methodName>
+</methodCall>
-- 
cgit v1.2.3