1   /**
2    * Logback: the reliable, generic, fast and flexible logging framework.
3    * Copyright (C) 1999-2015, QOS.ch. All rights reserved.
4    *
5    * This program and the accompanying materials are dual-licensed under
6    * either the terms of the Eclipse Public License v1.0 as published by
7    * the Eclipse Foundation
8    *
9    *   or (per the licensee's choosing)
10   *
11   * under the terms of the GNU Lesser General Public License version 2.1
12   * as published by the Free Software Foundation.
13   */
14  package ch.qos.logback.core.joran.event;
15  
16  import java.io.FileInputStream;
17  import java.util.List;
18  import java.util.concurrent.TimeUnit;
19  
20  import javax.xml.parsers.SAXParser;
21  import javax.xml.parsers.SAXParserFactory;
22  
23  import ch.qos.logback.core.util.StatusPrinter;
24  import ch.qos.logback.core.util.StatusPrinter2;
25  import org.junit.jupiter.api.Assertions;
26  import org.junit.jupiter.api.Test;
27  import org.junit.jupiter.api.Timeout;
28  import org.xml.sax.Attributes;
29  
30  import ch.qos.logback.core.Context;
31  import ch.qos.logback.core.ContextBase;
32  import ch.qos.logback.core.status.Status;
33  import ch.qos.logback.core.testUtil.CoreTestConstants;
34  import ch.qos.logback.core.status.testUtil.StatusChecker;
35  
36  /**
37   * Test whether SaxEventRecorder does a good job.
38   *
39   * @author Ceki Gulcu
40   */
41  public class SaxEventRecorderTest {
42  
43      Context context = new ContextBase();
44      StatusChecker statusChecker = new StatusChecker(context);
45  
46      SAXParser createParser() throws Exception {
47          SAXParserFactory spf = SAXParserFactory.newInstance();
48          return spf.newSAXParser();
49      }
50  
51      public List<SaxEvent> doTest(String filename) throws Exception {
52          SaxEventRecorder recorder = new SaxEventRecorder(context);
53          FileInputStream fis = new FileInputStream(CoreTestConstants.TEST_SRC_PREFIX + "input/joran/" + filename);
54          recorder.recordEvents(fis);
55          return recorder.getSaxEventList();
56  
57      }
58  
59      public void dump(List<SaxEvent> seList) {
60          for (SaxEvent se : seList) {
61              System.out.println(se);
62          }
63      }
64  
65      @Test
66      public void testEvent1() throws Exception {
67          System.out.println("test1");
68          List<SaxEvent> seList = doTest("event1.xml");
69          StatusPrinter.print(context);
70          Assertions.assertTrue(statusChecker.getHighestLevel(0) == Status.INFO);
71          // dump(seList);
72          Assertions.assertEquals(11, seList.size());
73      }
74  
75      @Test()
76      @Timeout(value = 500, unit = TimeUnit.MILLISECONDS)  // timeout in case attack is not prevented
77      public void testEventSSRF() throws Exception {
78          try {
79              List<SaxEvent> seList = doTest("event-ssrf.xml");
80              Assertions.assertTrue(statusChecker.getHighestLevel(0) == Status.WARN);
81              statusChecker.assertContainsMatch(Status.WARN, "Document Type Declaration");
82              Assertions.assertEquals(11, seList.size());
83          } finally {
84              StatusPrinter.print(context);
85          }
86      }
87  
88      @Test
89      public void testEventAmp() throws Exception {
90          List<SaxEvent> seList = doTest("ampEvent.xml");
91          Assertions.assertTrue(statusChecker.getHighestLevel(0) == Status.INFO);
92          // dump(seList);
93          Assertions.assertEquals(3, seList.size());
94  
95          BodyEvent be = (BodyEvent) seList.get(1);
96          Assertions.assertEquals("xxx & yyy", be.getText());
97      }
98  
99      @Test
100     public void testInc() throws Exception {
101         List<SaxEvent> seList = doTest("inc.xml");
102         Assertions.assertTrue(statusChecker.getHighestLevel(0) == Status.INFO);
103         // dump(seList);
104         Assertions.assertEquals(4, seList.size());
105 
106         StartEvent se = (StartEvent) seList.get(1);
107         Attributes attr = se.getAttributes();
108         Assertions.assertNotNull(attr);
109         Assertions.assertEquals("1", attr.getValue("increment"));
110     }
111 
112     @Test
113     public void bodyWithSpacesAndQuotes() throws Exception {
114         List<SaxEvent> seList = doTest("spacesAndQuotes.xml");
115         Assertions.assertEquals(3, seList.size());
116         BodyEvent be = (BodyEvent) seList.get(1);
117         Assertions.assertEquals("[x][x] \"xyz\"%n", be.getText());
118     }
119 
120 }