packages/resteasy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
resteasy/CVE-2016-9606.patch
wangxiao65 dcd01b0295 fix CVE-2016-9606
2021-01-29 15:54:08 +08:00

60 lines
3.3 KiB
Diff
Raw Blame History

From 7ae52d2322169295a18570892d7596af69d41545 Mon Sep 17 00:00:00 2001
From: Petr Jurak <pjurak@redhat.com>
Date: Tue, 28 Feb 2017 15:45:58 +0100
Subject: [PATCH] [RESTEASY-1618] Yaml unmarshalling vulnerable to RCE
---
.../org/jboss/resteasy/resteasy1223/TestResteasy1223.java | 3 ++-
.../resources/META-INF/services/javax.ws.rs.ext.Providers | 1 +
.../jboss/resteasy/test/providers/yaml/TestYamlProvider.java | 4 ++--
3 files changed, 5 insertions(+), 3 deletions(-)
rename jaxrs/{providers/yaml/src/main => arquillian/RESTEASY-1223-WF8/src/test}/resources/META-INF/services/javax.ws.rs.ext.Providers (98%)
diff --git a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
index 301ddd6535..b6805d30bf 100644
--- a/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/java/org/jboss/resteasy/resteasy1223/TestResteasy1223.java
@@ -31,7 +31,8 @@
public static Archive<?> createTestArchive() {
WebArchive war = ShrinkWrap.create(WebArchive.class, "resteasy1223.war")
.addClasses(TestApplication.class, YamlResource.class, MyNestedObject.class, MyObject.class)
- .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF");
+ .addAsWebInfResource("web.xml").addAsManifestResource("MANIFEST.MF")
+ .addAsResource("META-INF/services/javax.ws.rs.ext.Providers");
return war;
}
diff --git a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
similarity index 98%
rename from jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
rename to jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
index 9a6782a638..c854fd6d9a 100644
--- a/jaxrs/providers/yaml/src/main/resources/META-INF/services/javax.ws.rs.ext.Providers
+++ b/jaxrs/arquillian/RESTEASY-1223-WF8/src/test/resources/META-INF/services/javax.ws.rs.ext.Providers
@@ -1 +1,2 @@
org.jboss.resteasy.plugins.providers.YamlProvider
+
diff --git a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
index 05be1b26c6..5cf75aacf8 100644
--- a/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
+++ b/jaxrs/providers/yaml/src/test/java/org/jboss/resteasy/test/providers/yaml/TestYamlProvider.java
@@ -3,6 +3,7 @@
import junit.framework.Assert;
import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
+import org.jboss.resteasy.plugins.providers.YamlProvider;
import org.jboss.resteasy.test.BaseResourceTest;
import org.junit.Before;
import org.junit.Test;
@@ -19,9 +20,8 @@
@Before
public void setUp() {
-
addPerRequestResource(YamlResource.class);
-
+ getProviderFactory().registerProvider(YamlProvider.class);
}
@Test
Reference in New Issue View Git Blame Copy Permalink