public void ParseResponseStream_DoNotParseExternalEntities()
{
#if netcore
Type xmlDocType = typeof(XmlDocument);
PropertyInfo xmlResolverProperty = xmlDocType.GetProperty("XmlResolver");
if (xmlResolverProperty == null)
{
Assert.Throws <System.Xml.XmlException>(() => service.StringToXmlNode("<!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file:///etc/passwd\" >]><foo>&xxe;</foo>"));
}
else if (xmlResolverProperty != null)
{
var tempFilePath = System.IO.Path.GetTempFileName();
System.IO.File.WriteAllText(tempFilePath, "Hello World!");
Assert.IsTrue(System.IO.File.Exists(tempFilePath));
Assert.IsTrue(new System.IO.FileInfo(tempFilePath).Length > 0);
var rootNode = service.StringToXmlNode("<!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file://" + tempFilePath.Replace("\\", "//") + "\" >]><foo>&xxe;</foo>");
Assert.IsEmpty(rootNode.InnerText);
}
#else
var tempFilePath = System.IO.Path.GetTempFileName();
System.IO.File.WriteAllText(tempFilePath, "Hello World!");
Assert.IsTrue(System.IO.File.Exists(tempFilePath));
Assert.IsTrue(new System.IO.FileInfo(tempFilePath).Length > 0);
var rootNode = service.StringToXmlNode("<!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM \"file://" + tempFilePath.Replace("\\", "//") + "\" >]><foo>&xxe;</foo>");
Assert.IsEmpty(rootNode.InnerText);
#endif
}