libpurple/tests/test_xmlnode.c

   1 /*
   2  * purple
   3  *
   4  * Purple is the legal property of its developers, whose names are too numerous
   5  * to list here.  Please refer to the COPYRIGHT file distributed with this
   6  * source distribution.
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
  21  *
  22  */
  23 #include <glib.h>
  24
  25 #include "../xmlnode.h"
  26
  27 /*
  28  * If we really wanted to test the billion laughs attack we would
  29  * need to have more than just 4 ha's.  But as long as this shorter
  30  * document fails to parse, the longer one should also fail to parse.
  31  */
  32 static void
  33 test_xmlnode_billion_laughs_attack(void) {
  34         const char *malicious_xml_doc = "<!DOCTYPE root [ <!ENTITY ha \"Ha !\"><!ENTITY ha2 \"&ha; &ha;\"><!ENTITY ha3 \"&ha2; &ha2;\"> ]><root>&ha3;</root>";
  35
  36         /* Uncomment this line if you want to see the error message given by
  37            the parser for the above XML document */
  38         /* purple_debug_set_enabled(TRUE); */
  39
  40         g_assert_null(purple_xmlnode_from_str(malicious_xml_doc, -1));
  41 }
  42
  43 #define check_doc_structure(x) { \
  44         PurpleXmlNode *ping, *child1, *child2; \
  45         g_assert_nonnull(x); \
  46         ping = purple_xmlnode_get_child(x, "ping"); \
  47         g_assert_nonnull(ping); \
  48         child1 = purple_xmlnode_get_child(ping, "child1"); \
  49         g_assert_nonnull(child1); \
  50         child2 = purple_xmlnode_get_child(child1, "child2"); \
  51         g_assert_nonnull(child2); \
  52         purple_xmlnode_new_child(child2, "a"); \
  53         \
  54         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_namespace(x)); \
  55         /* NOTE: purple_xmlnode_get_namespace() returns the namespace of the element, not the
  56          * current default namespace.  See http://www.w3.org/TR/xml-names/#defaulting and
  57          * http://www.w3.org/TR/xml-names/#dt-defaultNS.
  58          */ \
  59         g_assert_cmpstr("urn:xmpp:ping", ==, purple_xmlnode_get_namespace(ping)); \
  60         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_namespace(child1)); \
  61         g_assert_cmpstr("urn:xmpp:ping", ==, purple_xmlnode_get_namespace(child2)); \
  62         /*
  63          * This fails (well, actually crashes [the ns is NULL]) unless
  64          * purple_xmlnode_new_child() actually sets the element namespace.
  65         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_namespace(purple_xmlnode_get_child(child2, "a")));
  66          */ \
  67         \
  68         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_default_namespace(x)); \
  69         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_default_namespace(ping)); \
  70         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_default_namespace(child1)); \
  71         g_assert_cmpstr("jabber:client", ==, purple_xmlnode_get_default_namespace(child2)); \
  72 }
  73
  74 static void
  75 test_xmlnode_prefixes(void) {
  76         const char *xml_doc =
  77                 "<iq type='get' xmlns='jabber:client' xmlns:ping='urn:xmpp:ping'>"
  78                         "<ping:ping>"
  79                                 "<child1>"
  80                                         "<ping:child2></ping:child2>" /* xmlns='jabber:child' */
  81                                 "</child1>"
  82                         "</ping:ping>"
  83                 "</iq>";
  84         char *str;
  85         PurpleXmlNode *xml, *reparsed;
  86
  87         xml = purple_xmlnode_from_str(xml_doc, -1);
  88         check_doc_structure(xml);
  89
  90         /* Check that purple_xmlnode_from_str(purple_xmlnode_to_str(xml, NULL), -1) is idempotent. */
  91         str = purple_xmlnode_to_str(xml, NULL);
  92         g_assert_nonnull(str);
  93         reparsed = purple_xmlnode_from_str(str, -1);
  94         g_assert_nonnull(reparsed);
  95         check_doc_structure(reparsed);
  96
  97         g_free(str);
  98         purple_xmlnode_free(xml);
  99         purple_xmlnode_free(reparsed);
 100 }
 101
 102 static void
 103 test_strip_prefixes(void) {
 104         const char *xml_doc = "<message xmlns='jabber:client' from='user@gmail.com/resource' to='another_user@darkrain42.org' type='chat' id='purple'>"
 105                 "<cha:active xmlns:cha='http://jabber.org/protocol/chatstates'/>"
 106                 "<body>xvlc xvlc</body>"
 107                 "<im:html xmlns:im='http://jabber.org/protocol/xhtml-im'>"
 108                         "<xht:body xmlns:xht='http://www.w3.org/1999/xhtml'>"
 109                                 "<xht:p>xvlc <xht:span style='font-weight: bold;'>xvlc</xht:span></xht:p>"
 110                         "</xht:body>"
 111                 "</im:html>"
 112         "</message>";
 113         const char *out = "<message xmlns='jabber:client' from='user@gmail.com/resource' to='another_user@darkrain42.org' type='chat' id='purple'>"
 114                 "<active xmlns:cha='http://jabber.org/protocol/chatstates' xmlns='http://jabber.org/protocol/chatstates'/>"
 115                 "<body>xvlc xvlc</body>"
 116                 "<html xmlns:im='http://jabber.org/protocol/xhtml-im' xmlns='http://jabber.org/protocol/xhtml-im'>"
 117                         "<body xmlns:xht='http://www.w3.org/1999/xhtml' xmlns='http://www.w3.org/1999/xhtml'>"
 118                                 "<p>xvlc <span style='font-weight: bold;'>xvlc</span></p>"
 119                         "</body>"
 120                 "</html>"
 121         "</message>";
 122         char *str;
 123         PurpleXmlNode *xml;
 124
 125         xml = purple_xmlnode_from_str(xml_doc, -1);
 126         g_assert_nonnull(xml);
 127
 128         purple_xmlnode_strip_prefixes(xml);
 129         str = purple_xmlnode_to_str(xml, NULL);
 130         g_assert_cmpstr(out, ==, str);
 131         g_free(str);
 132
 133         purple_xmlnode_free(xml);
 134 }
 135
 136 gint
 137 main(gint argc, gchar **argv) {
 138         g_test_init(&argc, &argv, NULL);
 139
 140         g_test_add_func("/xmlnode/billion_laughs_attack",
 141                         test_xmlnode_billion_laughs_attack);
 142         g_test_add_func("/xmlnode/prefixes",
 143                         test_xmlnode_prefixes);
 144         g_test_add_func("/xmlnode/strip_prefixes",
 145                         test_strip_prefixes);
 146
 147         return g_test_run();
 148 }