secure-software-engineering/Exercise/Writeup/lab04.md
2022-06-15 19:58:23 +02:00

32 lines
800 B
Markdown

# Lab 4
## Task 2
The test that reveals the vulnerability is.
```bash
# Run the newly created PoV
$ mvn test -e -Dtest=SupportDTDDefaultsTest#testDTDAttempt
SupportDTDDefaultsTest.testDTDAttempt:20 Should not try to resolve external DTD subset: java.io.IOException: java.net.ConnectException: Connection refused (Connection refused)
```
After introducing the patch the PoV disappeared.
## Task 3
For this vulnerability we added additonal test that acts as a PoV to the docker image.
```bash
# Run all tests
$ mvn test
# Run only the newly created PoV
$ mvn test -e -Dtest=RCountLoopBug#rCountLoopPoVTest
RCountLoopTest.rCountLoopPoVTest:21 » TestTimedOut test timed out after 5000 m...
```
```bash
# Re-apply patch (revert patch is staged)
$ git restore --staged src/
$ git restore src/
```