package org.mule.module.apikit.validation.body.schema;

import com.jayway.restassured.RestAssured;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.mule.functional.junit4.MuleArtifactFunctionalTestCase;
import org.mule.tck.junit4.rule.DynamicPort;
import org.mule.test.runner.ArtifactClassLoaderRunnerConfig;

@ArtifactClassLoaderRunnerConfig
/* loaded from: input_file:org/mule/module/apikit/validation/body/schema/XxeAttackTestCase.class */
public class XxeAttackTestCase extends MuleArtifactFunctionalTestCase {

    @Rule
    public DynamicPort serverPort = new DynamicPort("serverPort");

    @Rule
    public DynamicPort serverPort2 = new DynamicPort("serverPort2");

    public int getTestTimeoutSecs() {
        return 6000;
    }

    protected void doSetUp() throws Exception {
        RestAssured.port = this.serverPort.getNumber();
        super.doSetUp();
    }

    protected String getConfigFile() {
        return "org/mule/module/apikit/validation/body/schema/xxe-attack-config.xml";
    }

    @Test
    public void xxeAttack() throws Exception {
        Assert.assertThat(RestAssured.given().log().all().body("<?xml version=\"1.0\" encoding=\"UTF-8\" ?><!DOCTYPE foo [<!ENTITY xxead812 SYSTEM \"src/test/resources/org/mule/module/apikit/validation/body/schema/twin-cam.yaml\"> ]><a>&xxead812;</a>").contentType("application/xml").expect().statusCode(400).when().post("/api/test", new Object[0]).getBody().asString(), CoreMatchers.not(CoreMatchers.containsString("League Schema")));
    }

    @Test
    public void xxeAttack2() throws Exception {
        RestAssured.given().log().all().body("<?xml version=\"1.0\" encoding=\"UTF-8\" ?><!DOCTYPE xxeattack PUBLIC \"foo\" \"http://localhost:" + this.serverPort2.getValue() + "/\"><a>1</a>").contentType("application/xml").expect().statusCode(400).when().post("/api/test", new Object[0]);
    }
}
