secure-software-engineering/Exercise/Writeup/lab04.md

# Lab 4

## Task 2

The test that reveals the vulnerability is.

```bash
# Run the newly created PoV
$ mvn test -e -Dtest=SupportDTDDefaultsTest#testDTDAttempt
SupportDTDDefaultsTest.testDTDAttempt:20 Should not try to resolve external DTD subset: java.io.IOException: java.net.ConnectException: Connection refused (Connection refused)
```

After introducing the patch the PoV disappeared.

## Task 3

For this vulnerability we added additonal test that acts as a PoV to the docker image.

```bash
# Run all tests
$ mvn test

# Run only the newly created PoV
$ mvn test -e -Dtest=RCountLoopBug#rCountLoopPoVTest
RCountLoopTest.rCountLoopPoVTest:21 » TestTimedOut test timed out after 5000 m...
```

```bash
# Re-apply patch (revert patch is staged)
$ git restore --staged src/
$ git restore src/
```
Added lab 4 writeup (WIP) 2022-06-15 19:58:23 +02:00			`# Lab 4`

			`## Task 2`

			`The test that reveals the vulnerability is.`

			```bash
			`# Run the newly created PoV`
			`$ mvn test -e -Dtest=SupportDTDDefaultsTest#testDTDAttempt`
			`SupportDTDDefaultsTest.testDTDAttempt:20 Should not try to resolve external DTD subset: java.io.IOException: java.net.ConnectException: Connection refused (Connection refused)`
			```

			`After introducing the patch the PoV disappeared.`

			`## Task 3`

			`For this vulnerability we added additonal test that acts as a PoV to the docker image.`

			```bash
			`# Run all tests`
			`$ mvn test`

			`# Run only the newly created PoV`
			`$ mvn test -e -Dtest=RCountLoopBug#rCountLoopPoVTest`
			`RCountLoopTest.rCountLoopPoVTest:21 » TestTimedOut test timed out after 5000 m...`
			```

			```bash
			`# Re-apply patch (revert patch is staged)`
			`$ git restore --staged src/`
			`$ git restore src/`
			```