Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bug 580994 - BIRT 4.10.0-20221001 - CVE-2021-34427 fix bypass (#1112)
Fixes an exploit in the BIRT viewer by blocking file extensions with special characters.
- Loading branch information
1 parent
86d9750
commit e67d87f
Showing
2 changed files
with
58 additions
and
2 deletions.
There are no files selected for viewing
47 changes: 47 additions & 0 deletions
47
...irt.report.viewer.tests/test/org/eclipse/birt/report/context/ViewerAttributeBeanTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/************************************************************************************* | ||
* Copyright (c) 2022 Remain Software. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* https://www.eclipse.org/legal/epl-2.0/. | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
* | ||
* Contributors: | ||
* Remain Software - Initial implementation. | ||
************************************************************************************/ | ||
package org.eclipse.birt.report.context; | ||
|
||
import static org.junit.Assert.fail; | ||
|
||
import org.eclipse.birt.report.exception.ViewerException; | ||
import org.junit.Test; | ||
|
||
/** | ||
* | ||
* Test the VBA. | ||
* | ||
*/ | ||
public class ViewerAttributeBeanTest { | ||
|
||
|
||
/** | ||
* Extensions with invalid characters are not allowed. | ||
* | ||
* @throws ViewerException | ||
*/ | ||
@Test | ||
public void testCheckExtensionAllowedForRPTDocument() throws ViewerException { | ||
|
||
ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report"); | ||
ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report.pdf"); | ||
ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report."); | ||
try { | ||
ViewerAttributeBean.checkExtensionAllowedForRPTDocument("report.pdf/"); | ||
} catch (Exception e) { | ||
return; | ||
} | ||
|
||
fail("invalid extension accepted"); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters