public function getRequest($path)
{
$content = file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'testdata' . DIRECTORY_SEPARATOR . 'requests' . DIRECTORY_SEPARATOR . str_replace('/', DIRECTORY_SEPARATOR, $path . '.xml'));
$decoder = new \fpoirotte\XRL\Decoder(new \DateTimeZone("Europe/Dublin"), true);
$request = $decoder->decodeRequest('data://;base64,' . base64_encode($content));
$this->assertInstanceOf('\\fpoirotte\\XRL\\Request', $request);
return $request;
}
/**
* Launch an XML bomb against the server.
* Such an attack can be used to cause a Denial of Service
* by consuming all available resources on the machine.
*
* In this case, we try to allocate a bit less than 30 GB
* of memory in the XML parser, which should be enough to
* consume all available memory in case the attack works.
* See https://en.wikipedia.org/wiki/Billion_laughs for more information.
*
* Technically, the document is still well-formed, but the decoder
* should reject internal entities to avoid this attack.
* Only the 5 default entities may be used.
*
* @expectedException \fpoirotte\XRL\Faults\NotWellFormedException
* @expectedExceptionMessage parse error. not well formed
*/
public function testServerXmlBomb()
{
$content = file_get_contents(__DIR__ . DIRECTORY_SEPARATOR . 'testdata' . DIRECTORY_SEPARATOR . 'attacks' . DIRECTORY_SEPARATOR . 'server' . DIRECTORY_SEPARATOR . 'bomb.xml');
$decoder = new \fpoirotte\XRL\Decoder();
$response = $decoder->decodeRequest('data://;base64,' . base64_encode($content));
}
