db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bryan Pendleton (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DERBY-6810) Add regression tests for XXE vulnerability
Date Fri, 19 Jun 2015 02:40:00 GMT

    [ https://issues.apache.org/jira/browse/DERBY-6810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592904#comment-14592904

Bryan Pendleton commented on DERBY-6810:

It looks like the XMLXXETest test suite is reliable on Windows, but not on Unix,
as the Jenkins builds are seeing success on all the Windows platforms, but
failures on all the Unix platforms.

I'm not quite sure what's wrong; it will take me some time to get access to
a Unix platform to work on this issue. So for the time being I'll back out
revision 1686138 so that we can get back to clean Jenkins builds.

> Add regression tests for XXE vulnerability
> ------------------------------------------
>                 Key: DERBY-6810
>                 URL: https://issues.apache.org/jira/browse/DERBY-6810
>             Project: Derby
>          Issue Type: Sub-task
>            Reporter: Bryan Pendleton
>            Assignee: Abhinav Gupta
>         Attachments: billionLaughs.diff, readPasswordFile.diff
> We should add some regression tests demonstrating that
> Derby is no longer vulnerable to an XXE assault.
> One possibility would be to have a example using a local
> file disclosure.
> Another possibility would be to have example based on the
> well-known "Billion Laughs" denial of service attack.

This message was sent by Atlassian JIRA

View raw message