[JENKINS-71139] Fail fast when serializing invalid XML 1.1 data (#7875)

* [JENKINS-71139] Reproducing `XStream2` problem with NUL * Arguably better to switch from “quirks” to XML 1.1 mode, failing during write not just read
jenkinsci · Apr 26, 2023 · 458c686 · 458c686
1 parent d8cc0bf
commit 458c686
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/core/src/main/java/hudson/util/XStream2.java b/core/src/main/java/hudson/util/XStream2.java
@@ -138,7 +138,7 @@ private static class StaxDriver extends StandardStaxDriver {
 
         @Override
         public HierarchicalStreamWriter createWriter(Writer out) {
-            return new PrettyPrintWriter(out, getNameCoder());
+            return new PrettyPrintWriter(out, PrettyPrintWriter.XML_1_1, getNameCoder());
         }
 
         @Override

diff --git a/core/src/test/java/hudson/util/XStream2Test.java b/core/src/test/java/hudson/util/XStream2Test.java
@@ -26,7 +26,9 @@
 
 import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.instanceOf;
+import static org.hamcrest.Matchers.not;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertSame;
@@ -38,10 +40,15 @@
 import com.thoughtworks.xstream.XStreamException;
 import com.thoughtworks.xstream.annotations.XStreamAlias;
 import com.thoughtworks.xstream.mapper.CannotResolveClassException;
+import hudson.Functions;
 import hudson.model.Result;
 import hudson.model.Run;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.StringReader;
+import java.io.StringWriter;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -590,4 +597,47 @@ public void testEmojiEscaped() throws Exception {
         }
         assertEquals("Fox 🦊", bar.s);
     }
+
+    @Issue("JENKINS-71139")
+    @Test
+    public void nullsWithoutEncodingDeclaration() throws Exception {
+        Bar b = new Bar();
+        String text = "x\u0000y";
+        b.s = text;
+        StringWriter w = new StringWriter();
+        XStream2 xs = new XStream2();
+        try {
+            xs.toXML(b, w);
+        } catch (RuntimeException x) {
+            assertThat("cause is com.thoughtworks.xstream.io.StreamException: Invalid character 0x0 in XML stream", Functions.printThrowable(x), containsString("0x0"));
+            return; // not supported to read either
+        }
+        String xml = w.toString();
+        assertThat(xml, not(containsString("version=\"1.1\"")));
+        System.out.println(xml);
+        b = (Bar) xs.fromXML(xml);
+        assertEquals(text, b.s);
+    }
+
+    @Issue("JENKINS-71139")
+    @Test
+    public void nullsWithEncodingDeclaration() throws Exception {
+        Bar b = new Bar();
+        String text = "x\u0000y";
+        b.s = text;
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        XStream2 xs = new XStream2();
+        try {
+            xs.toXMLUTF8(b, baos);
+        } catch (RuntimeException x) {
+            assertThat("cause is com.thoughtworks.xstream.io.StreamException: Invalid character 0x0 in XML stream", Functions.printThrowable(x), containsString("0x0"));
+            return; // not supported to read either
+        }
+        String xml = baos.toString(StandardCharsets.UTF_8);
+        System.out.println(xml);
+        assertThat(xml, containsString("version=\"1.1\""));
+        b = (Bar) xs.fromXML(new ByteArrayInputStream(baos.toByteArray()));
+        assertEquals(text, b.s);
+    }
+
 }