From e9d8f115580c3a25a9579c213f096af623dd92ce Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Mon, 26 Apr 2021 14:52:45 +0200 Subject: [PATCH] tests: Cover billion laughs attack protection API --- expat/tests/runtests.c | 66 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/expat/tests/runtests.c b/expat/tests/runtests.c index 5234f49f..8c5ad72b 100644 --- a/expat/tests/runtests.c +++ b/expat/tests/runtests.c @@ -53,6 +53,7 @@ #include #include #include /* intptr_t uint64_t */ +#include /* NAN, INFINITY, isnan */ #if ! defined(__cplusplus) # include @@ -11513,6 +11514,70 @@ START_TEST(test_accounting_precision) { } } END_TEST + +START_TEST(test_billion_laughs_attack_protection_api) { + XML_Parser parserWithoutParent = XML_ParserCreate(NULL); + XML_Parser parserWithParent + = XML_ExternalEntityParserCreate(parserWithoutParent, NULL, NULL); + if (parserWithoutParent == NULL) + fail("parserWithoutParent is NULL"); + if (parserWithParent == NULL) + fail("parserWithParent is NULL"); + + // XML_SetBillionLaughsAttackProtectionMaximumAmplification, error cases + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification(NULL, 123.0f) + == XML_TRUE) + fail("Call with NULL parser is NOT supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification(parserWithParent, + 123.0f) + == XML_TRUE) + fail("Call with non-root parser is NOT supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, NAN) + == XML_TRUE) + fail("Call with NaN limit is NOT supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, -1.0f) + == XML_TRUE) + fail("Call with negative limit is NOT supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, 0.9f) + == XML_TRUE) + fail("Call with positive limit <1.0 is NOT supposed to succeed"); + + // XML_SetBillionLaughsAttackProtectionMaximumAmplification, success cases + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, 1.0f) + == XML_FALSE) + fail("Call with positive limit >=1.0 is supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, 123456.789f) + == XML_FALSE) + fail("Call with positive limit >=1.0 is supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionMaximumAmplification( + parserWithoutParent, INFINITY) + == XML_FALSE) + fail("Call with positive limit >=1.0 is supposed to succeed"); + + // XML_SetBillionLaughsAttackProtectionActivationThreshold, error cases + if (XML_SetBillionLaughsAttackProtectionActivationThreshold(NULL, 123) + == XML_TRUE) + fail("Call with NULL parser is NOT supposed to succeed"); + if (XML_SetBillionLaughsAttackProtectionActivationThreshold(parserWithParent, + 123) + == XML_TRUE) + fail("Call with non-root parser is NOT supposed to succeed"); + + // XML_SetBillionLaughsAttackProtectionActivationThreshold, success cases + if (XML_SetBillionLaughsAttackProtectionActivationThreshold( + parserWithoutParent, 123) + == XML_FALSE) + fail("Call with non-NULL parentless parser is supposed to succeed"); + + XML_ParserFree(parserWithParent); + XML_ParserFree(parserWithoutParent); +} +END_TEST #endif // defined(XML_DTD) static Suite * @@ -11889,6 +11954,7 @@ make_suite(void) { #if defined(XML_DTD) suite_add_tcase(s, tc_accounting); tcase_add_test(tc_accounting, test_accounting_precision); + tcase_add_test(tc_accounting, test_billion_laughs_attack_protection_api); #endif return s;