db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6810) Add regression tests for XXE vulnerability
Date Thu, 18 Jun 2015 04:30:00 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591225#comment-14591225
] 

ASF subversion and git services commented on DERBY-6810:
--------------------------------------------------------

Commit 1686138 from [~bryanpendleton] in branch 'code/trunk'
[ https://svn.apache.org/r1686138 ]

DERBY-6810: Add regression tests for XXE vulnerability

This change adds XMLXXETest to the XMLSuite Junit suite, so that it will be
run as part of the suite of XML tests, and will also be included in those
tests (such as lang._Suite) which include XMLSuite.

> Add regression tests for XXE vulnerability
> ------------------------------------------
>
>                 Key: DERBY-6810
>                 URL: https://issues.apache.org/jira/browse/DERBY-6810
>             Project: Derby
>          Issue Type: Sub-task
>            Reporter: Bryan Pendleton
>            Assignee: Abhinav Gupta
>         Attachments: billionLaughs.diff, readPasswordFile.diff
>
>
> We should add some regression tests demonstrating that
> Derby is no longer vulnerable to an XXE assault.
> One possibility would be to have a example using a local
> file disclosure.
> Another possibility would be to have example based on the
> well-known "Billion Laughs" denial of service attack.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message