--- /dev/null
+package org.simantics.databoard.tests;\r
+\r
+import java.io.IOException;\r
+import java.util.List;\r
+import java.util.Map;\r
+\r
+import junit.framework.Assert;\r
+\r
+import org.junit.Test;\r
+import org.simantics.databoard.Bindings;\r
+import org.simantics.databoard.binding.Binding;\r
+import org.simantics.databoard.serialization.Serializer;\r
+\r
+/**\r
+ *\r
+ * @author Toni Kalajainen <toni.kalajainen@iki.fi>\r
+ */\r
+public class TestMaliciousData {\r
+\r
+ public @Test void testArray() throws Exception {\r
+ \r
+ \r
+ Binding b = Bindings.getBinding(List.class, Integer.class);\r
+ Serializer s = Bindings.getSerializer(b);\r
+\r
+ // negative array length\r
+ try {\r
+ byte[] data = new byte[] {-1, -1, -1, -1, 0, 1, 2, 3, 4};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on negative length array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // too big array\r
+ try {\r
+ byte[] data = new byte[] {10, 10, 10, 10, 0, 1, 2, 3, 4};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on too long array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // OK Data\r
+ try {\r
+ byte[] data = new byte[] {0, 0, 0, 1, 0, 1, 2, 3};\r
+ s.deserialize(data);\r
+ } catch (IOException e) {\r
+ Assert.fail("Deserialization did not work");\r
+ }\r
+ \r
+ }\r
+ \r
+ public @Test void testBooleanArray() throws Exception {\r
+ \r
+ \r
+ Binding b = Bindings.BOOLEAN_ARRAY;\r
+ Serializer s = Bindings.getSerializer(b);\r
+\r
+ // negative array length\r
+ try {\r
+ byte[] data = new byte[] {-1, -1, -1, -1, 0, 1, 2, 3, 4};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on negative length array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // too big array\r
+ try {\r
+ byte[] data = new byte[] {10, 10, 10, 10, 0, 1, 2, 3, 4};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on too long array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // OK Data\r
+ try {\r
+ byte[] data = new byte[] {0, 0, 0, 1, 1};\r
+ s.deserialize(data);\r
+ } catch (IOException e) {\r
+ Assert.fail("Deserialization did not work");\r
+ }\r
+ \r
+ }\r
+\r
+ public @Test void testMap() throws Exception {\r
+ \r
+ \r
+ Binding b = Bindings.getBinding(Map.class, Integer.class, Integer.class);\r
+ Serializer s = Bindings.getSerializer(b);\r
+\r
+ // negative array length\r
+ try {\r
+ byte[] data = new byte[] {-1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on negative length array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // too big array\r
+ try {\r
+ byte[] data = new byte[] {10, 10, 10, 10, 0, 1, 2, 3, 4};\r
+ s.deserialize(data);\r
+ Assert.fail("Deserialization did not fail expectedly on too long array");\r
+ } catch (IOException e) {\r
+ // Expected exception\r
+ }\r
+\r
+ // OK Data\r
+ try {\r
+ byte[] data = new byte[] {0, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0};\r
+ s.deserialize(data);\r
+ } catch (IOException e) {\r
+ Assert.fail("Deserialization did not work");\r
+ }\r
+ \r
+ }\r
+ \r
+ \r
+}\r