require File.expand_path('../../spec_helper', __FILE__) require 'rexml/document' describe "REXML::Document.new" do it "resists CVE-2014-8080 by raising an exception when entity expansion has grown too large" do xml = < ]> %x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9;%x9; XML lambda { REXML::Document.new(xml).doctype.entities['x9'].value }.should raise_error(REXML::ParseException) { |e| e.message.should =~ /entity expansion has grown too large/ } end end