32 lines
800 B
Markdown
32 lines
800 B
Markdown
# Lab 4
|
|
|
|
## Task 2
|
|
|
|
The test that reveals the vulnerability is.
|
|
|
|
```bash
|
|
# Run the newly created PoV
|
|
$ mvn test -e -Dtest=SupportDTDDefaultsTest#testDTDAttempt
|
|
SupportDTDDefaultsTest.testDTDAttempt:20 Should not try to resolve external DTD subset: java.io.IOException: java.net.ConnectException: Connection refused (Connection refused)
|
|
```
|
|
|
|
After introducing the patch the PoV disappeared.
|
|
|
|
## Task 3
|
|
|
|
For this vulnerability we added additonal test that acts as a PoV to the docker image.
|
|
|
|
```bash
|
|
# Run all tests
|
|
$ mvn test
|
|
|
|
# Run only the newly created PoV
|
|
$ mvn test -e -Dtest=RCountLoopBug#rCountLoopPoVTest
|
|
RCountLoopTest.rCountLoopPoVTest:21 » TestTimedOut test timed out after 5000 m...
|
|
```
|
|
|
|
```bash
|
|
# Re-apply patch (revert patch is staged)
|
|
$ git restore --staged src/
|
|
$ git restore src/
|
|
``` |