diff options
author | Andrey Somov <public.somov@gmail.com> | 2022-09-10 14:54:13 +0300 |
---|---|---|
committer | Andrey Somov <public.somov@gmail.com> | 2022-09-10 14:54:13 +0300 |
commit | 5ee00863a816f2a023d35a7512b5f742c9a36b5a (patch) | |
tree | 2c115912642387091ec3ae8a136e7e1e6799121c | |
parent | 481078991274c1c8a0a550634164a230b4c23334 (diff) | |
download | snakeyaml-5ee00863a816f2a023d35a7512b5f742c9a36b5a.tar.gz |
Show configuration for issue 543
-rw-r--r-- | src/changes/changes.xml | 3 | ||||
-rw-r--r-- | src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java | 42 | ||||
-rw-r--r-- | src/test/resources/fuzzer/YamlFuzzer-5167495132086272 | 1 |
3 files changed, 46 insertions, 0 deletions
diff --git a/src/changes/changes.xml b/src/changes/changes.xml index 406c4c4f..64cf99f5 100644 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -6,6 +6,9 @@ </properties> <body> <release version="1.32-SNAPSHOT" date="in GIT" description="Maintenance"> + <action dev="asomov" type="fix" issue="543"> + Add a test for issue 543 (thanks to Henry Lin) + </action> <action dev="asomov" type="fix" issue="547"> Set the limit for incoming data to prevent a CVE report in NIST </action> diff --git a/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java b/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java new file mode 100644 index 00000000..a919d08b --- /dev/null +++ b/src/test/java/org/yaml/snakeyaml/issues/issue543/Fuzzer50355Test.java @@ -0,0 +1,42 @@ +/** + * Copyright (c) 2008, SnakeYAML + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.yaml.snakeyaml.issues.issue543; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + +import org.junit.Test; +import org.yaml.snakeyaml.LoaderOptions; +import org.yaml.snakeyaml.Util; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.error.YAMLException; + +// Stackoverflow [OSS-Fuzz - 50355] +public class Fuzzer50355Test { + + @Test + public void parse_50355() { + LoaderOptions options = new LoaderOptions(); + options.setAllowRecursiveKeys(false); + Yaml yaml = new Yaml(options); + String strYaml = Util.getLocalResource("fuzzer/YamlFuzzer-5167495132086272"); + try { + yaml.load(strYaml); + fail("Recursive keys should not be accepted"); + } catch (YAMLException e) { + assertEquals("Recursive key for mapping is detected but it is not configured to be allowed.", + e.getMessage()); + } + } +} diff --git a/src/test/resources/fuzzer/YamlFuzzer-5167495132086272 b/src/test/resources/fuzzer/YamlFuzzer-5167495132086272 new file mode 100644 index 00000000..bf67e971 --- /dev/null +++ b/src/test/resources/fuzzer/YamlFuzzer-5167495132086272 @@ -0,0 +1 @@ +E::!!float-1B: &ž??
!!set
?
*ž??
E::
*ž??
E::--1B: &ž??
!!set
?
*ž??
?
!!set
?
*ž??
E::--8586470366B: &ž??
!!set
?
- *ž??
?
!!set
?
*ž??
false: &ž??
!!set
?
*ž??
?
!!set
?
*ž??
0B: &ž??
!!set
? *ž??
?
!!set
?
*ž??
0B: &ž??
!!set
?
*ž??
?
*ž??
?
!!set
?
*ž??
E::--0B: &ž??
!!set
?
*ž??
0b2B: &ž??
!!set
?
*ž??
\ No newline at end of file |