CVE-2014-1202

@@ -12,19 +12,21 @@
 

 package com.eviware.soapui.impl.rest.support;

 

-import java.io.IOException;

-import java.io.UnsupportedEncodingException;

-import java.net.URI;

-import java.net.URISyntaxException;

-import java.net.URL;

-import java.net.URLDecoder;

-import java.util.ArrayList;

-import java.util.HashMap;

-import java.util.List;

-import java.util.Map;

-

-import javax.xml.namespace.QName;

-

+import com.eviware.soapui.impl.rest.RestMethod;

+import com.eviware.soapui.impl.rest.RestRepresentation;

+import com.eviware.soapui.impl.rest.RestRequestInterface;

+import com.eviware.soapui.impl.rest.RestResource;

+import com.eviware.soapui.impl.rest.RestService;

+import com.eviware.soapui.impl.rest.support.RestParamsPropertyHolder.ParameterStyle;

+import com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException;

+import com.eviware.soapui.impl.wsdl.support.Constants;

+import com.eviware.soapui.impl.wsdl.support.UrlSchemaLoader;

+import com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils;

+import com.eviware.soapui.support.StringUtils;

+import com.eviware.soapui.support.Tools;

+import com.eviware.soapui.support.UISupport;

+import com.eviware.soapui.support.xml.XmlUtils;

+import com.eviware.soapui.tools.PropertyExpansionRemover;

 import net.java.dev.wadl.x2009.x02.ApplicationDocument;

 import net.java.dev.wadl.x2009.x02.ApplicationDocument.Application;

 import net.java.dev.wadl.x2009.x02.DocDocument.Doc;

@@ -37,7 +39,6 @@
 import net.java.dev.wadl.x2009.x02.ResourceTypeDocument;

 import net.java.dev.wadl.x2009.x02.ResourcesDocument.Resources;

 import net.java.dev.wadl.x2009.x02.ResponseDocument.Response;

-

 import org.apache.xmlbeans.XmlCursor;

 import org.apache.xmlbeans.XmlException;

 import org.apache.xmlbeans.XmlObject;

@@ -47,20 +48,17 @@
 import org.w3c.dom.Node;

 import org.w3c.dom.NodeList;

 

-import com.eviware.soapui.impl.rest.RestMethod;

-import com.eviware.soapui.impl.rest.RestRepresentation;

-import com.eviware.soapui.impl.rest.RestRequestInterface;

-import com.eviware.soapui.impl.rest.RestResource;

-import com.eviware.soapui.impl.rest.RestService;

-import com.eviware.soapui.impl.rest.support.RestParamsPropertyHolder.ParameterStyle;

-import com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException;

-import com.eviware.soapui.impl.wsdl.support.Constants;

-import com.eviware.soapui.impl.wsdl.support.UrlSchemaLoader;

-import com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils;

-import com.eviware.soapui.support.StringUtils;

-import com.eviware.soapui.support.Tools;

-import com.eviware.soapui.support.UISupport;

-import com.eviware.soapui.support.xml.XmlUtils;

+import javax.xml.namespace.QName;

+import java.io.IOException;

+import java.io.UnsupportedEncodingException;

+import java.net.URI;

+import java.net.URISyntaxException;

+import java.net.URL;

+import java.net.URLDecoder;

+import java.util.ArrayList;

+import java.util.HashMap;

+import java.util.List;

+import java.util.Map;

 

 public class WadlImporter

 {

@@ -82,25 +80,23 @@ public void initFromWadl( String wadlUrl )
 			// XmlObject xmlObject = XmlObject.Factory.parse( new URL( wadlUrl ) );

 			XmlObject xmlObject = XmlUtils.createXmlObject( new URL( wadlUrl ) );

 

+			String content = xmlObject.xmlText();

 			Element element = ( ( Document )xmlObject.getDomNode() ).getDocumentElement();

 

 			// try to allow older namespaces

 			if( element.getLocalName().equals( "application" )

 					&& element.getNamespaceURI().startsWith( "http://research.sun.com/wadl" ) )

 			{

 				isWADL11 = false;

-				String content = xmlObject.xmlText();

 				content = content.replaceAll( "\"" + element.getNamespaceURI() + "\"", "\"" + Constants.WADL11_NS + "\"" );

-				xmlObject = ApplicationDocument.Factory.parse( content );

 			}

 			else if( !element.getLocalName().equals( "application" )

 					|| !element.getNamespaceURI().equals( Constants.WADL11_NS ) )

 			{

 				throw new Exception( "Document is not a WADL application with " + Constants.WADL11_NS + " namespace" );

 			}

-

-			ApplicationDocument applicationDocument = ( ApplicationDocument )xmlObject

-					.changeType( ApplicationDocument.type );

+			content = PropertyExpansionRemover.removeExpansions( content );

+			ApplicationDocument applicationDocument = ApplicationDocument.Factory.parse( content );

 			application = applicationDocument.getApplication();

 

 			resourcesList = application.getResourcesList();

@@ -12,10 +12,6 @@
 

 package com.eviware.soapui.impl;

 

-import javax.xml.namespace.QName;

-

-import org.apache.log4j.Logger;

-

 import com.eviware.soapui.SoapUI;

 import com.eviware.soapui.config.InterfaceConfig;

 import com.eviware.soapui.config.WsdlInterfaceConfig;

@@ -31,6 +27,12 @@
 import com.eviware.soapui.model.propertyexpansion.PropertyExpansionContext;

 import com.eviware.soapui.settings.WsdlSettings;

 import com.eviware.soapui.support.SoapUIException;

+import org.apache.log4j.Logger;

+

+import javax.xml.namespace.QName;

+import java.io.IOException;

+import java.net.URI;

+import java.net.URISyntaxException;

 

 public class WsdlInterfaceFactory implements InterfaceFactory<WsdlInterface>

 {

@@ -117,4 +119,9 @@ public static WsdlInterface[] importWsdl( WsdlProject project, String url, boole
 

 		return result;

 	}

+

+	public static void main( String[] args ) throws URISyntaxException, IOException

+	{

+		java.awt.Desktop.getDesktop().browse(new URI("http://www.sunet.se"));

+	}

 }

@@ -12,17 +12,6 @@
 

 package com.eviware.soapui.impl.wsdl.support.wsdl;

 

-import java.io.ByteArrayInputStream;

-import java.io.InputStream;

-import java.net.URL;

-

-import org.apache.log4j.Logger;

-import org.apache.xmlbeans.XmlError;

-import org.apache.xmlbeans.XmlException;

-import org.apache.xmlbeans.XmlObject;

-import org.apache.xmlbeans.XmlOptions;

-import org.xml.sax.InputSource;

-

 import com.eviware.soapui.SoapUI;

 import com.eviware.soapui.impl.support.definition.support.AbstractDefinitionLoader;

 import com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException;

@@ -31,10 +20,21 @@
 import com.eviware.soapui.support.StringUtils;

 import com.eviware.soapui.support.Tools;

 import com.eviware.soapui.support.xml.XmlUtils;

+import com.eviware.soapui.tools.PropertyExpansionRemover;

+import org.apache.log4j.Logger;

+import org.apache.xmlbeans.XmlError;

+import org.apache.xmlbeans.XmlException;

+import org.apache.xmlbeans.XmlObject;

+import org.apache.xmlbeans.XmlOptions;

+import org.xml.sax.InputSource;

+

+import java.io.ByteArrayInputStream;

+import java.io.InputStream;

+import java.net.URL;

 

 /**

  * Abstract WSDLLocator for loading definitions from either URL or cache..

- * 

+ *

  * @author ole.matzura

  */

 

@@ -110,16 +110,8 @@ public XmlObject loadXmlObject( String url, XmlOptions options ) throws Exceptio
 				monitor.setProgress( progressIndex, "Loading [" + url + "]" );

 

 			options.setLoadLineNumbers();

-

-			if( Boolean.TRUE.equals( ( ( Boolean )SoapUI.getSettings().getBoolean( WsdlSettings.TRIM_WSDL ) ) ) )

-			{

-				String content = Tools.readAll( load( url ), 0 ).toString().trim();

-				return XmlUtils.createXmlObject( new ByteArrayInputStream( content.getBytes() ), options );

-			}

-			else

-			{

-				return XmlUtils.createXmlObject( load( url ), options );

-			}

+			String content = readCleanWsdlFrom( url );

+			return XmlUtils.createXmlObject( new ByteArrayInputStream( content.getBytes() ), options );

 		}

 		catch( Exception e )

 		{

@@ -139,6 +131,17 @@ public XmlObject loadXmlObject( String url, XmlOptions options ) throws Exceptio
 		}

 	}

 

+	private String readCleanWsdlFrom( String url ) throws Exception

+	{

+		String content = Tools.readAll( load( url ), 0 ).toString();

+

+		if( SoapUI.getSettings().getBoolean( WsdlSettings.TRIM_WSDL )  )

+		{

+			content = content.trim();

+		}

+		return PropertyExpansionRemover.removeExpansions( content );

+	}

+

 	public String getBaseURI()

 	{

 		// log.debug( "Returning baseURI [" + url + "]" );

@@ -0,0 +1,48 @@
+package com.eviware.soapui.tools;
+
+/**
+ * Removes property expansions from an input string.
+ */
+public class PropertyExpansionRemover
+{
+
+	public static final String EXPANSION_START = "${";
+
+	public static String removeExpansions( String input )
+	{
+		String output = input;
+		while (containsPropertyExpansion(output))
+		{
+			output = removeExpansionAt( output, output.indexOf( EXPANSION_START ) );
+		}
+		return output;
+	}
+
+	private static String removeExpansionAt( String input, int startIndex )
+	{
+		String output = input;
+		while (containsNestedExpansion(output, startIndex))
+		{
+			output = removeExpansionAt( output, output.indexOf( EXPANSION_START, startIndex + 1 ) );
+		}
+		int endIndex = output.indexOf('}', startIndex);
+		return output.substring(0, startIndex) + output.substring(endIndex + 1);
+	}
+
+	private static boolean containsNestedExpansion( String output, int startIndex )
+	{
+		String textToProcess = output.substring(startIndex + EXPANSION_START.length());
+		return textToProcess.contains( EXPANSION_START ) &&
+				textToProcess.indexOf( EXPANSION_START ) < textToProcess.indexOf( '}' );
+	}
+
+	private static boolean containsPropertyExpansion( String input )
+	{
+		if (!input.contains( EXPANSION_START ))
+		{
+			return false;
+		}
+		int startIndex = input.indexOf( EXPANSION_START );
+		return input.indexOf('}', startIndex) != -1;
+	}
+}

@@ -12,19 +12,21 @@
 

 package com.eviware.soapui.impl.rest.support;

 

-import static org.junit.Assert.assertEquals;

-import static org.junit.Assert.assertNotNull;

-

+import com.eviware.soapui.impl.rest.RestMethod;

 import com.eviware.soapui.impl.rest.RestRequest;

 import com.eviware.soapui.impl.rest.RestRequestInterface;

 import com.eviware.soapui.impl.rest.RestResource;

-import junit.framework.JUnit4TestAdapter;

-

-import org.junit.Test;

-

 import com.eviware.soapui.impl.rest.RestService;

 import com.eviware.soapui.impl.rest.RestServiceFactory;

 import com.eviware.soapui.impl.wsdl.WsdlProject;

+import junit.framework.JUnit4TestAdapter;

+import org.junit.Test;

+

+import static com.eviware.soapui.utils.CommonMatchers.anEmptyString;

+import static org.hamcrest.CoreMatchers.is;

+import static org.junit.Assert.assertEquals;

+import static org.junit.Assert.assertNotNull;

+import static org.junit.Assert.assertThat;

 

 public class WadlImporterTestCase

 {

@@ -68,4 +70,18 @@ public void importsWadl() throws Exception
 		assertEquals( RestRequestInterface.RequestMethod.GET, request.getMethod() );

 		assertEquals( 9, request.getPropertyCount() );

 	}

+

+	@Test

+	public void removesPropertyExpansions() throws Exception

+	{

+		WsdlProject project = new WsdlProject();

+		RestService service = ( RestService )project.addNewInterface( "Test", RestServiceFactory.REST_TYPE );

+

+		new WadlImporter( service ).initFromWadl( RestUtilsTestCase.class.getResource(

+				"/wadl/YahooSearchWithExpansions.wadl" ).toURI().toString());

+		RestResource operation = ( RestResource )service.getAllOperations()[0];

+		RestMethod restMethod = operation.getRestMethodAt( 0 );

+		RestRequest request = restMethod.getRequestAt( 0 );

+		assertThat( request.getParams().getProperty( "language" ).getDefaultValue(), is( anEmptyString() ) );

+	}

 }

@@ -0,0 +1,54 @@
+package com.eviware.soapui.tools;
+
+import org.junit.Test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+/**
+ * Unit tests for PropertyExpansionRemover.
+ */
+public class PropertyExpansionRemoverTest
+{
+
+	@Test
+	public void removesPropertyExpansion() throws Exception
+	{
+		String stringWithPropertyExpansion = "<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"${#Project#MyValue }\"/>";
+		assertThat( PropertyExpansionRemover.removeExpansions(stringWithPropertyExpansion ),
+				is("<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"\"/>"));
+	}
+
+	@Test
+	public void removesDynamicPropertyExpansion() throws Exception
+	{
+		String stringWithDynamicPropertyExpansion = "<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"${= new java.util.Date() }\"/>";
+		assertThat( PropertyExpansionRemover.removeExpansions(stringWithDynamicPropertyExpansion ),
+				is("<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"\"/>"));
+	}
+
+	@Test
+	public void removesNestedPropertyExpansion() throws Exception
+	{
+		String stringWithDynamicPropertyExpansion = "<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"${#testxml#${testxpath}}\"/>";
+		assertThat( PropertyExpansionRemover.removeExpansions(stringWithDynamicPropertyExpansion ),
+				is("<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"\"/>"));
+	}
+
+	@Test
+	public void removesMultiplePropertyExpansions() throws Exception
+	{
+		String stringWithMultiplePropertyExpansions =
+				"<!-- ${= 5- + 2}--><xsd:attribute name=\"name\" type=\"xsd:string\" default=\"${#testxml#${testxpath}}\"/>";
+		assertThat( PropertyExpansionRemover.removeExpansions(stringWithMultiplePropertyExpansions ),
+				is("<!-- --><xsd:attribute name=\"name\" type=\"xsd:string\" default=\"\"/>"));
+	}
+
+	@Test
+	public void doesNotRemoveSpecialCharactersWhenNotPropertyExpansion() throws Exception
+	{
+		String stringWithSpecialCharacters = "<xsd:attribute name=\"name\" type=\"xsd:string\" default=\"$ { #testxml#$ {testxpath} } ${\"/>";
+		assertThat( PropertyExpansionRemover.removeExpansions(stringWithSpecialCharacters ),
+				is(stringWithSpecialCharacters));
+	}
+}

@@ -55,6 +55,24 @@ public void describeTo( Description description )
 		};
 	}
 
+	public static Matcher<String> anEmptyString()
+	{
+		return new TypeSafeMatcher<String>()
+		{
+			@Override
+			public boolean matchesSafely( String s )
+			{
+				return s.isEmpty();
+			}
+
+			@Override
+			public void describeTo( Description description )
+			{
+				description.appendText( "an empty string" );
+			}
+		};
+	}
+
 	public static Matcher<Object[]> anEmptyArray()
 	{
 		return new TypeSafeMatcher<Object[]>()
@@ -104,7 +122,7 @@ public boolean matchesSafely( Node node )
 					throw new IllegalArgumentException( "No schema found at " + schemaPath );
 				}
 				SchemaFactory sf = SchemaFactory.newInstance( XMLConstants.W3C_XML_SCHEMA_NS_URI );
-				Schema schema = null;
+				Schema schema;
 				try
 				{
 					schema = sf.newSchema( schemaURL );

@@ -0,0 +1,92 @@
+<?xml version="1.0"?>
+<!--
+The contents of this file are subject to the terms
+of the Common Development and Distribution License
+(the "License").  You may not use this file except
+in compliance with the License.
+
+You can obtain a copy of the license at
+http://www.opensource.org/licenses/cddl1.php
+See the License for the specific language governing
+permissions and limitations under the License.
+-->
+<application xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+             xmlns:yn="urn:yahoo:yn"
+             xmlns:ya="urn:yahoo:api"
+             xmlns:html="http://www.w3.org/1999/xhtml"
+             xmlns="http://research.sun.com/wadl/2006/10">
+
+  <grammars>
+    <include href="NewsSearchResponse.xsd"/>
+    <include href="NewsSearchError.xsd"/>
+  </grammars>
+  
+  <resources base="http://api.search.yahoo.com/NewsSearchService/V1/">
+    <resource path="newsSearch">
+      <doc xml:lang="en" title="Yahoo News Search Service">
+        The <html:i>Yahoo News Search</html:i> service provides online searching of news
+        stories from around the world.
+      </doc>
+      <param name="appid" type="xsd:string" required="true" style="query">
+        <doc>The application ID. See <html:a href="http://developer.yahoo.com/faq/index.html#appid">Application IDs</html:a> for more information.</doc>
+      </param>
+      <method href="#search"/>
+    </resource>
+  </resources>
+  
+  <method name="GET" id="search">
+    <doc xml:lang="en" title="Search news stories by keyword"/>
+    <request>
+      <param name="query" type="xsd:string" required="true" style="query">
+        <doc xml:lang="en" title="Space separated keywords to search for"/>
+      </param>
+      <param name="type" type="xsd:string" default="all" style="query">
+        <doc xml:lang="en" title="Keyword matching"/>
+        <option value="all">
+          <doc>All query terms.</doc>
+        </option>
+        <option value="any">
+          <doc>Any query terms.</doc>
+        </option>
+        <option value="phrase">
+          <doc>Query terms as a phrase.</doc>
+        </option>
+      </param>
+      <param name="results" type="xsd:int" default="10" style="query">
+        <doc xml:lang="en" title="Number of results"/>
+      </param>
+      <param name="start" type="xsd:int" default="1" style="query">
+        <doc xml:lang="en" title="Index of first result"/>
+      </param>
+      <param name="sort" type="xsd:string" default="rank" style="query">
+        <doc xml:lang="en" title="Sort by date or rank"/>
+        <option value="rank"/>
+        <option value="date"/>
+      </param>
+      <param name="language" type="xsd:string" style="query" default="${= new java.util.Date() }">
+        <doc xml:lang="en" title="Language filter, omit for any language"/>
+      </param>
+      <param name="output" type="xsd:string" default="xml" style="query">
+        <doc>The format for the output. If <html:em>json</html:em> is requested, the results will be returned in <html:a href="http://developer.yahoo.com/common/json.html">JSON</html:a> format. If <html:em>php</html:em> is requested, the results will be returned in <html:a href="http://developer.yahoo.com/common/phpserial.html">Serialized PHP</html:a> format.</doc>
+        <option value="xml"/>
+        <option value="json"/>
+        <option value="php"/>
+      </param>
+      <param name="callback" type="xsd:string" style="query">
+        <doc>The name of the callback function to wrap around the JSON data. The following characters are allowed: A-Z a-z 0-9 . [] and _. If output=json has not been requested, this parameter has no effect. More information on the callback can be found in the <html:a href="http://developer.yahoo.com/common/json.html#callbackparam">Yahoo! Developer Network JSON Documentation</html:a>.</doc>
+      </param>
+
+       <representation mediaType="application/xml" element="yn:ResultSet">
+        <doc xml:lang="en" title="A list of news items matching the query"/>
+      </representation>
+    </request>
+    <response>
+      <representation mediaType="application/xml" element="yn:ResultSet">
+        <doc xml:lang="en" title="A list of news items matching the query"/>
+      </representation>
+      <fault id="SearchError" status="400" mediaType="application/xml"
+             element="ya:Error"/>
+    </response>
+  </method>
+  
+</application>

@@ -0,0 +1,70 @@
+<definitions name="ForexWSDL" targetNamespace="http://localhost:5723/Forex.wsdl"
+				xmlns="http://schemas.xmlsoap.org/wsdl/"
+				xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+				xmlns:tns="http://localhost:5723/Forex.wsdl"
+				xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <types>
+        <xsd:schema targetNamespace="http://localhost:5723/Forex.wsdl"
+                    xmlns:tns="http://localhost:5723/Forex.wsdl"
+                >
+            <xsd:import namespace="http://schemas.xmlsoap.org/soap/encoding/"
+                        schemaLocation="http://schemas.xmlsoap.org/soap/encoding/"/>
+            <xsd:element name="tradeList" type="tns:ArrayOfTrades"/>
+            <xsd:element name="trade" type="tns:tradeType"/>
+            <xsd:complexType name="tradeType">
+                <xsd:sequence/>
+                <xsd:attribute name="time" type="xsd:integer"/>
+                <xsd:attribute name="poll" type="xsd:string" default="${= new java.util.Date() }"/>
+                <xsd:attribute name="name" type="xsd:string" default="${#Project#MyValue }"/>
+            </xsd:complexType><!--
+            <xsd:complexType name="ArrayOfTrades">
+                 <xsd:complexContent>
+                    <xsd:restriction base="soapenc:Array">
+                        <xsd:attribute ref="soapenc:arrayType" soapenc:arrayType="tns:tradeType[]"/>
+                    </xsd:restriction>
+                </xsd:complexContent>
+            </xsd:complexType>-->
+            <xsd:complexType name="ArrayOfTrades">
+                 <xsd:sequence>
+                      <xsd:element name="trade" type="tns:tradeType" nillable="true" minOccurs="0" maxOccurs="unbounded" />
+                 </xsd:sequence>
+            </xsd:complexType>
+            <xsd:element name="last_time" type="xsd:integer"/>
+            <xsd:element name="max_count" type="xsd:integer"/>
+            <xsd:element name="item_count" type="xsd:integer"/>
+        </xsd:schema>
+    </types>
+    <message name="requestTrades">
+        <part element="tns:last_time" name="last_time"/>
+        <part element="tns:max_count" name="max_count"/>
+		<part element="tns:tradeList" name="tradeList"/>
+    </message>
+    <message name="tradesResponse">
+        <part element="tns:item_count" name="count"/>
+        <part element="tns:trade" name="tradeList"/>
+    </message>
+    <portType name="Forex">
+        <operation name="requestTrades">
+            <input message="tns:requestTrades"/>
+            <output message="tns:tradesResponse"/>
+        </operation>
+    </portType>
+    <binding name="Forex" type="tns:Forex">
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <operation name="requestTrades">
+            <soap:operation soapAction="?"/>
+            <input>
+                <soap:body use="literal"/>
+            </input>
+            <output>
+                <soap:body use="literal"/>
+            </output>
+        </operation>
+    </binding>
+    <service name="Forex">
+        <documentation>Forex Trader</documentation>
+        <port binding="tns:Forex" name="Forex">
+            <soap:address location="http://localhost:5723/Forex_Service.php"/>
+        </port>
+    </service>
+</definitions>