From f509f546a3fbf6ef44ca5447ba9883fcd9c43dc0 Mon Sep 17 00:00:00 2001 From: Matthew Wild Date: Wed, 11 Jul 2018 11:58:25 +0100 Subject: util.xmppstream: Add tests for various XML features forbidden by the RFC --- spec/util_xmppstream_spec.lua | 134 ++++++++++++++++++++++++++++-------------- 1 file changed, 90 insertions(+), 44 deletions(-) (limited to 'spec/util_xmppstream_spec.lua') diff --git a/spec/util_xmppstream_spec.lua b/spec/util_xmppstream_spec.lua index f03a806e..38b3cbd2 100644 --- a/spec/util_xmppstream_spec.lua +++ b/spec/util_xmppstream_spec.lua @@ -2,59 +2,62 @@ local xmppstream = require "util.xmppstream"; describe("util.xmppstream", function() - describe("#new()", function() - it("should work", function() - local function test(xml, expect_success, ex) - local stanzas = {}; - local session = { notopen = true }; - local callbacks = { - stream_ns = "streamns"; - stream_tag = "stream"; - default_ns = "stanzans"; - streamopened = function (_session) - assert.are.equal(session, _session); - assert.are.equal(session.notopen, true); - _session.notopen = nil; - return true; - end; - handlestanza = function (_session, stanza) - assert.are.equal(session, _session); - assert.are.equal(_session.notopen, nil); - table.insert(stanzas, stanza); - end; - streamclosed = function (_session) - assert.are.equal(session, _session); - assert.are.equal(_session.notopen, nil); - _session.notopen = nil; - end; - } - if type(ex) == "table" then - for k, v in pairs(ex) do - if k ~= "_size_limit" then - callbacks[k] = v; - end - end - end - local stream = xmppstream.new(session, callbacks, size_limit); - local ok, err = pcall(function () - assert(stream:feed(xml)); - end); - - if ok and type(expect_success) == "function" then - expect_success(stanzas); + local function test(xml, expect_success, ex) + local stanzas = {}; + local session = { notopen = true }; + local callbacks = { + stream_ns = "streamns"; + stream_tag = "stream"; + default_ns = "stanzans"; + streamopened = function (_session) + assert.are.equal(session, _session); + assert.are.equal(session.notopen, true); + _session.notopen = nil; + return true; + end; + handlestanza = function (_session, stanza) + assert.are.equal(session, _session); + assert.are.equal(_session.notopen, nil); + table.insert(stanzas, stanza); + end; + streamclosed = function (_session) + assert.are.equal(session, _session); + assert.are.equal(_session.notopen, nil); + _session.notopen = nil; + end; + } + if type(ex) == "table" then + for k, v in pairs(ex) do + if k ~= "_size_limit" then + callbacks[k] = v; end - assert.are.equal(not not ok, not not expect_success, "Expected "..(expect_success and ("success ("..tostring(err)..")") or "failure")); end + end + local stream = xmppstream.new(session, callbacks, ex and ex._size_limit or nil); + local ok, err = pcall(function () + assert(stream:feed(xml)); + end); - local function test_stanza(stanza, expect_success, ex) - return test([[]]..stanza, expect_success, ex); - end + if ok and type(expect_success) == "function" then + expect_success(stanzas); + end + assert.are.equal(not not ok, not not expect_success, "Expected "..(expect_success and ("success ("..tostring(err)..")") or "failure")); + end + local function test_stanza(stanza, expect_success, ex) + return test([[]]..stanza, expect_success, ex); + end + + describe("#new()", function() + it("should work", function() test([[]], true); test([[]], true); + -- Incorrect stream tag name should be rejected test([[]], false); + -- Incorrect stream namespace should be rejected test([[]], false); + -- Invalid XML should be rejected test("<>", false); test_stanza("", function (stanzas) @@ -87,4 +90,47 @@ describe("util.xmppstream", function() end); end); end); + + it("should allow an XML declaration", function () + test([[]], true); + test([[]], true); + test([[]], true); + end); + + it("should not accept XML versions other than 1.0", function () + test([[]], false); + end); + + it("should not allow a misplaced XML declaration", function () + test([[]], false); + end); + + describe("should forbid restricted XML:", function () + it("comments", function () + test_stanza("", false); + end); + it("DOCTYPE", function () + test([[]], false); + end); + it("incorrect encoding specification", function () + -- This is actually caught by the underlying XML parser + test([[]], false); + end); + it("non-UTF8 encodings: ISO-8859-1", function () + test([[]], false); + end); + it("non-UTF8 encodings: UTF-16", function () + -- + -- encoded into UTF-16 + local hx = ([[fffe3c003f0078006d006c002000760065007200730069006f006e003d00 + 220031002e0030002200200065006e0063006f00640069006e0067003d00 + 22005500540046002d003100360022003f003e003c007300740072006500 + 61006d00200078006d006c006e0073003d00220073007400720065006100 + 6d006e00730022002f003e00]]):gsub("%x%x", function (c) return string.char(tonumber(c, 16)); end); + test(hx, false); + end); + it("processing instructions", function () + test([[]], false); + end); + end); end); -- cgit v1.2.3