import org.apache.poi.extractor.ExtractorFactory;
import org.apache.poi.extractor.POITextExtractor;
import org.apache.poi.ooxml.POIXMLException;
+import org.apache.poi.ooxml.POIXMLTypeLoader;
import org.apache.poi.ooxml.util.DocumentHelper;
import org.apache.poi.openxml4j.exceptions.InvalidFormatException;
import org.apache.poi.openxml4j.exceptions.InvalidOperationException;
@Test
void testZipEntityExpansionExceedsMemory() {
- IOException ex = assertThrows(
- IOException.class,
- () -> openXmlBombFile("poc-xmlbomb.xlsx")
- );
- assertTrue(ex.getMessage().contains("unable to parse shared strings table"));
- assertTrue(matchSAXEx(ex));
+ boolean originalFlag = POIXMLTypeLoader.DEFAULT_XML_OPTIONS.disallowDocTypeDeclaration();
+ try {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(false);
+ IOException ex = assertThrows(
+ IOException.class,
+ () -> openXmlBombFile("poc-xmlbomb.xlsx")
+ );
+ assertTrue(ex.getMessage().contains("unable to parse shared strings table"));
+ assertTrue(matchSAXEx(ex));
+ } finally {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(originalFlag);
+ }
}
@Test
void testZipEntityExpansionExceedsMemory2() {
- IOException ex = assertThrows(
- IOException.class,
- () -> openXmlBombFile("poc-xmlbomb-empty.xlsx")
- );
- assertTrue(ex.getMessage().contains("unable to parse shared strings table"));
- assertTrue(matchSAXEx(ex));
+ boolean originalFlag = POIXMLTypeLoader.DEFAULT_XML_OPTIONS.disallowDocTypeDeclaration();
+ try {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(false);
+ IOException ex = assertThrows(
+ IOException.class,
+ () -> openXmlBombFile("poc-xmlbomb-empty.xlsx")
+ );
+ assertTrue(ex.getMessage().contains("unable to parse shared strings table"));
+ assertTrue(matchSAXEx(ex));
+ } finally {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(originalFlag);
+ }
}
private static boolean matchSAXEx(Exception root) {
import java.util.Date;
import java.util.Iterator;
import java.util.List;
-import java.util.function.Consumer;
import java.util.zip.CRC32;
import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream;
import org.apache.poi.xddf.usermodel.chart.XDDFBarChartData;
import org.apache.poi.xddf.usermodel.chart.XDDFChartData;
import org.apache.poi.xssf.XSSFITestDataProvider;
-import org.apache.poi.xssf.XSSFTestDataSamples;
import org.apache.poi.xssf.model.StylesTable;
import org.junit.jupiter.api.Test;
import org.openxmlformats.schemas.spreadsheetml.x2006.main.CTCalcPr;
import java.io.IOException;
+import org.apache.poi.ooxml.POIXMLTypeLoader;
import org.apache.poi.xwpf.XWPFTestDataSamples;
import org.apache.poi.xwpf.usermodel.XWPFDocument;
import org.junit.jupiter.api.Test;
*/
@Test
void testFile() throws IOException {
- try (XWPFDocument doc = XWPFTestDataSamples.openSampleDocument("ExternalEntityInText.docx");
- XWPFWordExtractor extractor = new XWPFWordExtractor(doc)) {
+ boolean originalFlag = POIXMLTypeLoader.DEFAULT_XML_OPTIONS.disallowDocTypeDeclaration();
+ try {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(false);
+ try (XWPFDocument doc = XWPFTestDataSamples.openSampleDocument("ExternalEntityInText.docx");
+ XWPFWordExtractor extractor = new XWPFWordExtractor(doc)) {
- String text = extractor.getText();
+ String text = extractor.getText();
- assertTrue(text.length() > 0);
+ assertTrue(text.length() > 0);
- // Check contents, they should not contain the text from POI web site after colon!
- assertEquals("Here should not be the POI web site: \"\"", text.trim());
+ // Check contents, they should not contain the text from POI web site after colon!
+ assertEquals("Here should not be the POI web site: \"\"", text.trim());
+ }
+ } finally {
+ POIXMLTypeLoader.DEFAULT_XML_OPTIONS.setDisallowDocTypeDeclaration(originalFlag);
}
}