Description
I have been using Xerces security manager in order to add DDos limits to the XML Parser. I am unable to test this property MaxOccurNodeLimit. I don't know whether this maxOccurs is related to the maxOccurs attribute present in the XSD. I have made up a following test by having the simple schema as
<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="foo">
<xs:complexType>
<xs:choice>
<xs:element name="child1" type="xs:int" maxoccurs="250000"/>
<xs:element name="child2" type="xs:string" maxoccurs="250000"/>
</xs:choice>
</xs:complexType>
</xs:element>
</xs:schema>
And then i have created an XML file following this schema
<?xml version="1.0"?>
<foo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="maxOccurs.xsd">
<child2>value</child2>
.
. 5000 child2 tags
.
<child2>value</child2>
</foo>
I have specified the maxOccurLimit as 4000 and i have given a node which was repeated for 5000 times and i expected an exception. But the xml parsing is getting successful. Is there any wrong with my understanding about this limit. If anybody has a clue please provide me an example of how to test it as well
Thanks