File tree 1 file changed +8
-0
lines changed
1 file changed +8
-0
lines changed Original file line number Diff line number Diff line change @@ -52,6 +52,13 @@ gchar *tc_broken_tag[] = {
5252 NULL
5353};
5454
55+ // Injection via "|"" command must not result in command subscription
56+ gchar * tc_xml_rce [] = {
57+ "<html><head><link rel=\"alternate\" type=\"application/rss+xml\" href=\"|date >/tmp/bad-feed-discovery.txt\"></html>" ,
58+ NULL ,
59+ NULL
60+ };
61+
5562static void
5663tc_auto_discover_link (gconstpointer user_data )
5764{
@@ -72,6 +79,7 @@ main (int argc, char *argv[])
7279 g_test_add_data_func ("/html/auto_discover_link_rdf" , & tc_rdf , & tc_auto_discover_link );
7380 g_test_add_data_func ("/html/auto_discover_link_atom" , & tc_atom , & tc_auto_discover_link );
7481 g_test_add_data_func ("/html/auto_discover_link_broken_tag" , & tc_broken_tag , & tc_auto_discover_link );
82+ g_test_add_data_func ("/html/auto_discover_link_xml_rce" , & tc_xml_rce , & tc_auto_discover_link );
7583
7684 return g_test_run ();
7785}
You can’t perform that action at this time.
0 commit comments