Commit f05af4e2 authored by Evan Ward's avatar Evan Ward
Browse files

Add text for XML entities in NDMs

No modifications to the main code, just adding tests in an attempt to
prevent future modifications from inadvertently adding a security risk.
parent 75179769
Pipeline #2280 passed with stages
in 14 minutes and 52 seconds
......@@ -16,12 +16,17 @@
*/
package org.orekit.files.ccsds.utils.lexical;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Assert;
import org.junit.Test;
import org.orekit.data.DataSource;
import org.orekit.errors.OrekitException;
import org.orekit.errors.OrekitMessages;
import org.orekit.files.ccsds.ndm.ParserBuilder;
import org.orekit.files.ccsds.ndm.odm.ocm.OcmParser;
import java.net.MalformedURLException;
public class XmlLexicalAnalyzerTest {
......@@ -49,4 +54,29 @@ public class XmlLexicalAnalyzerTest {
}
}
/**
* Check the XML parser is configured to ignore XML entities to avoid
* security risks.
*/
@Test
public void testExternalResourcesAreIgnored() {
// setup
XmlLexicalAnalyzer la = new XmlLexicalAnalyzer(new DataSource(
"entity",
() -> this.getClass().getResourceAsStream("/ccsds/ndm/NDM-opm-entity.xml")));
OcmParser parser = new ParserBuilder().buildOcmParser();
// action
try {
la.accept(parser);
// verify
Assert.fail("Expected Exception");
} catch (OrekitException e) {
// Malformed URL exception indicates external resource was disabled
// file not found exception indicates parser tried to load the resource
MatcherAssert.assertThat(e.getCause(),
CoreMatchers.instanceOf(MalformedURLException.class));
}
}
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ndm SYSTEM "file:./not-a-real-file.xml">
<ndm>
<COMMENT>NDM with only one constituent: an OPM</COMMENT>
<opm id="CCSDS_OPM_VERS" version="3.0">
<header>
<COMMENT>THIS IS AN XML VERSION OF THE OPM</COMMENT>
<CREATION_DATE>2001-11-06T09:23:57</CREATION_DATE>
<ORIGINATOR>JAXA</ORIGINATOR>
<MESSAGE_ID>OPM 201113719185</MESSAGE_ID>
</header>
<body>
<segment>
<metadata>
<COMMENT>GEOCENTRIC, CARTESIAN, EARTH FIXED</COMMENT>
<OBJECT_NAME>OSPREY 5</OBJECT_NAME>
<OBJECT_ID>1998-999A</OBJECT_ID>
<CENTER_NAME>EARTH</CENTER_NAME>
<REF_FRAME>TOD</REF_FRAME>
<REF_FRAME_EPOCH>1998-12-18T14:28:15.1172</REF_FRAME_EPOCH>
<TIME_SYSTEM>UTC</TIME_SYSTEM>
</metadata>
<data>
<stateVector>
<EPOCH>1996-12-18T14:28:15.1172</EPOCH>
<X>6503.514000</X>
<Y>1239.647000</Y>
<Z>-717.490000</Z>
<X_DOT>-0.873160</X_DOT>
<Y_DOT>8.740420</Y_DOT>
<Z_DOT>-4.191076</Z_DOT>
</stateVector>
<spacecraftParameters>
<MASS>3000.000000</MASS>
<SOLAR_RAD_AREA>18.770000</SOLAR_RAD_AREA>
<SOLAR_RAD_COEFF>1.000000</SOLAR_RAD_COEFF>
<DRAG_AREA>18.770000</DRAG_AREA>
<DRAG_COEFF>2.500000</DRAG_COEFF>
</spacecraftParameters>
<covarianceMatrix>
<COV_REF_FRAME>ITRF1997</COV_REF_FRAME>
<CX_X>0.316</CX_X>
<CY_X>0.722</CY_X>
<CY_Y>0.518</CY_Y>
<CZ_X>0.202</CZ_X>
<CZ_Y>0.715</CZ_Y>
<CZ_Z>0.002</CZ_Z>
<CX_DOT_X>0.912</CX_DOT_X>
<CX_DOT_Y>0.306</CX_DOT_Y>
<CX_DOT_Z>0.276</CX_DOT_Z>
<CX_DOT_X_DOT>0.797</CX_DOT_X_DOT>
<CY_DOT_X>0.562</CY_DOT_X>
<CY_DOT_Y>0.899</CY_DOT_Y>
<CY_DOT_Z>0.022</CY_DOT_Z>
<CY_DOT_X_DOT>0.079</CY_DOT_X_DOT>
<CY_DOT_Y_DOT>0.415</CY_DOT_Y_DOT>
<CZ_DOT_X>0.245</CZ_DOT_X>
<CZ_DOT_Y>0.965</CZ_DOT_Y>
<CZ_DOT_Z>0.950</CZ_DOT_Z>
<CZ_DOT_X_DOT>0.435</CZ_DOT_X_DOT>
<CZ_DOT_Y_DOT>0.621</CZ_DOT_Y_DOT>
<CZ_DOT_Z_DOT>0.991</CZ_DOT_Z_DOT>
</covarianceMatrix>
</data>
</segment>
</body>
</opm>
</ndm>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment