diff options
Diffstat (limited to 'xsd-examples/cxx/tree/secure')
-rw-r--r-- | xsd-examples/cxx/tree/secure/.gitignore | 1 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/README | 41 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/buildfile | 27 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/driver.cxx | 141 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/library.xml | 59 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/library.xsd | 72 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/secure-dom-parser.cxx | 24 | ||||
-rw-r--r-- | xsd-examples/cxx/tree/secure/secure-dom-parser.hxx | 25 |
8 files changed, 390 insertions, 0 deletions
diff --git a/xsd-examples/cxx/tree/secure/.gitignore b/xsd-examples/cxx/tree/secure/.gitignore new file mode 100644 index 0000000..c116ec1 --- /dev/null +++ b/xsd-examples/cxx/tree/secure/.gitignore @@ -0,0 +1 @@ +library.?xx diff --git a/xsd-examples/cxx/tree/secure/README b/xsd-examples/cxx/tree/secure/README new file mode 100644 index 0000000..649f0a3 --- /dev/null +++ b/xsd-examples/cxx/tree/secure/README @@ -0,0 +1,41 @@ +This example shows how to perform more secure XML parsing by disabling +the XML External Entity (XXE) Processing. If XML Schema validation is +used, then it would also make sense to pre-load the known schemas and +to disable loading of any external schemas, for example, via the +schemaLocation attribute found in the XML documents. See the comment +in driver.cxx for more information on how to achieve this. + +The example consists of the following files: + +library.xsd + XML Schema which describes a library of books. + +library.xml + Sample XML instance document. It includes (commented out) DOCTYPE + declarations with internal and external subsets that the parser + will refuse to process. + +library.hxx +library.cxx + C++ types that represent the given vocabulary and a set of parsing + functions that convert XML instance documents to a tree-like in-memory + object model. These are generated by the XSD compiler from library.xsd. + +secure-dom-parser.hxx +secure-dom-parser.cxx + A secure Xerces-C++ DOM parser implementation that disables processing + of internal/external DTD subsets. + +driver.cxx + Driver for the example. It first sets up the secure DOM parser. It then + parses the input file to a DOM document using the secure DOM parser and + calls one of the parsing functions that constructs the object model from + this DOM document. Finally, the driver prints a number of books in the + object model to STDERR. + +To run the example on the sample XML instance document simply execute: + +$ ./driver library.xml + +To verify that DTD processing is disabled, uncomment a different DOCTYPE +version in the sample document. diff --git a/xsd-examples/cxx/tree/secure/buildfile b/xsd-examples/cxx/tree/secure/buildfile new file mode 100644 index 0000000..b1ca71f --- /dev/null +++ b/xsd-examples/cxx/tree/secure/buildfile @@ -0,0 +1,27 @@ +# file : cxx/tree/secure/buildfile +# license : not copyrighted - public domain + +import libs = libxsd%lib{xsd} +import libs += libxerces-c%lib{xerces-c} + +./: exe{driver} doc{README} + +exe{driver}: {hxx cxx}{* -library} {hxx ixx cxx}{library} $libs + +exe{driver}: xml{library}: test.input = true + +<{hxx ixx cxx}{library}>: xsd{library} $xsd +{{ + diag xsd ($<[0]) # @@ TMP + + $xsd cxx-tree --std c++11 \ + --generate-inline \ + --output-dir $out_base \ + $path($<[0]) +}} + +cxx.poptions =+ "-I$out_base" "-I$src_base" + +# Define XSD_CXX11 since we include libxsd headers directly. +# +cxx.poptions += -DXSD_CXX11 diff --git a/xsd-examples/cxx/tree/secure/driver.cxx b/xsd-examples/cxx/tree/secure/driver.cxx new file mode 100644 index 0000000..7b6886f --- /dev/null +++ b/xsd-examples/cxx/tree/secure/driver.cxx @@ -0,0 +1,141 @@ +// file : cxx/tree/secure/driver.cxx +// copyright : not copyrighted - public domain + +#include <memory> // std::unique_ptr +#include <fstream> +#include <iostream> + +#include <xercesc/dom/DOM.hpp> +#include <xercesc/util/PlatformUtils.hpp> +#include <xercesc/framework/Wrapper4InputSource.hpp> + +#include <xsd/cxx/xml/string.hxx> +#include <xsd/cxx/xml/dom/auto-ptr.hxx> +#include <xsd/cxx/xml/dom/bits/error-handler-proxy.hxx> +#include <xsd/cxx/xml/sax/std-input-source.hxx> + +#include <xsd/cxx/tree/error-handler.hxx> + +#include "library.hxx" +#include "secure-dom-parser.hxx" + +using namespace std; + +int +main (int argc, char* argv[]) +{ + if (argc != 2) + { + cerr << "usage: " << argv[0] << " library.xml" << endl; + return 1; + } + + int r (0); + + // We need to initialize the Xerces-C++ runtime because we + // are doing the XML-to-DOM parsing ourselves. + // + xercesc::XMLPlatformUtils::Initialize (); + + try + { + using namespace xercesc; + namespace xml = xsd::cxx::xml; + namespace tree = xsd::cxx::tree; + + xml::dom::unique_ptr<DOMLSParser> parser (new SecureDOMParser ()); + + DOMConfiguration* conf (parser->getDomConfig ()); + + // Discard comment nodes in the document. + // + conf->setParameter (XMLUni::fgDOMComments, false); + + // Enable datatype normalization. + // + conf->setParameter (XMLUni::fgDOMDatatypeNormalization, true); + + // Do not create EntityReference nodes in the DOM tree. No + // EntityReference nodes will be created, only the nodes + // corresponding to their fully expanded substitution text + // will be created. + // + conf->setParameter (XMLUni::fgDOMEntities, false); + + // Perform namespace processing. + // + conf->setParameter (XMLUni::fgDOMNamespaces, true); + + // Do not include ignorable whitespace in the DOM tree. + // + conf->setParameter (XMLUni::fgDOMElementContentWhitespace, false); + + // Enable validation. + // + conf->setParameter (XMLUni::fgDOMValidate, true); + conf->setParameter (XMLUni::fgXercesSchema, true); + conf->setParameter (XMLUni::fgXercesSchemaFullChecking, false); + + // Xerces-C++ 3.1.0 is the first version with working multi import + // support. + // +#if _XERCES_VERSION >= 30100 + conf->setParameter (XMLUni::fgXercesHandleMultipleImports, true); +#endif + + // Disable loading schemas via other means (e.g., schemaLocation). + // + // Note: this might be a good idea though if you need validation, + // you will need to pre-load the schema via other means. See the + // 'caching' and 'embedded' examples for different approaches. + // Both of them can be used with SecureDOMParser. + // + // conf->setParameter (XMLUni::fgXercesLoadSchema, false); + + // We will release the DOM document ourselves. + // + conf->setParameter (XMLUni::fgXercesUserAdoptsDOMDocument, true); + + // Set error handler. + // + tree::error_handler<char> eh; + xml::dom::bits::error_handler_proxy<char> ehp (eh); + conf->setParameter (XMLUni::fgDOMErrorHandler, &ehp); + + // Parse the XML document. + // + ifstream ifs; + ifs.exceptions (ifstream::badbit | ifstream::failbit); + ifs.open (argv[1]); + + // Wrap the standard input stream. + // + xml::sax::std_input_source isrc (ifs, argv[1]); + Wrapper4InputSource wrap (&isrc, false); + + // Parse XML to DOM. + // + xml_schema::dom::unique_ptr<DOMDocument> doc (parser->parse (&wrap)); + + eh.throw_if_failed<xml_schema::parsing> (); + + // Parse DOM to the object model. + // + unique_ptr<library::catalog> c (library::catalog_ (*doc)); + + cerr << "catalog with " << c->book ().size () << " books" << endl; + } + catch (const xml_schema::exception& e) + { + cerr << e << endl; + r = 1; + } + catch (const std::ios_base::failure&) + { + cerr << argv[1] << ": unable to open or read failure" << endl; + r = 1; + } + + xercesc::XMLPlatformUtils::Terminate (); + return r; +} diff --git a/xsd-examples/cxx/tree/secure/library.xml b/xsd-examples/cxx/tree/secure/library.xml new file mode 100644 index 0000000..fa5f044 --- /dev/null +++ b/xsd-examples/cxx/tree/secure/library.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<!DOCTYPE lib:catalog> +<!-- +<!DOCTYPE lib:catalog [<!ENTITY xxe SYSTEM "file:///dev/random" >]> +--> +<!-- +<!DOCTYPE lib:catalog PUBLIC "public id" "http://example.org"> +--> + +<!-- + +file : cxx/tree/secure/library.xml +copyright : not copyrighted - public domain + +--> + +<lib:catalog xmlns:lib="http://www.codesynthesis.com/library" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.codesynthesis.com/library library.xsd"> + + <book id="MM" available="false"> + <isbn>0679760806</isbn> + <title>The Master and Margarita</title> + <genre>fiction</genre> + + <author recommends="WP"> + <name>Mikhail Bulgakov</name> + <born>1891-05-15</born> + <died>1940-03-10</died> + </author> + </book> + + + <book id="WP"> + <isbn>0679600841</isbn> + <title>War and Peace</title> + <genre>history</genre> + + <author recommends="CP"> + <name>Leo Tolstoy</name> + <born>1828-09-09</born> + <died>1910-11-20</died> + </author> + </book> + + + <book id="CP" available="false"> + <isbn>0679420290</isbn> + <title>Crime and Punishment</title> + <genre>philosophy</genre> + + <author> + <name>Fyodor Dostoevsky</name> + <born>1821-11-11</born> + <died>1881-02-09</died> + </author> + </book> + +</lib:catalog> diff --git a/xsd-examples/cxx/tree/secure/library.xsd b/xsd-examples/cxx/tree/secure/library.xsd new file mode 100644 index 0000000..f80da3c --- /dev/null +++ b/xsd-examples/cxx/tree/secure/library.xsd @@ -0,0 +1,72 @@ +<?xml version="1.0"?> + +<!-- + +file : cxx/tree/secure/library.xsd +copyright : not copyrighted - public domain + +--> + +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:xse="http://www.codesynthesis.com/xmlns/xml-schema-extension" + xmlns:lib="http://www.codesynthesis.com/library" + targetNamespace="http://www.codesynthesis.com/library"> + + <xsd:simpleType name="isbn"> + <xsd:restriction base="xsd:unsignedInt"/> + </xsd:simpleType> + + <xsd:complexType name="title"> + <xsd:simpleContent> + <xsd:extension base="xsd:string"> + <xsd:attribute name="lang" type="xsd:language"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + + <xsd:simpleType name="genre"> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="romance"/> + <xsd:enumeration value="fiction"/> + <xsd:enumeration value="horror"/> + <xsd:enumeration value="history"/> + <xsd:enumeration value="philosophy"/> + </xsd:restriction> + </xsd:simpleType> + + <xsd:complexType name="person"> + <xsd:sequence> + <xsd:element name="name" type="xsd:string"/> + <xsd:element name="born" type="xsd:date"/> + <xsd:element name="died" type="xsd:date" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + + <xsd:complexType name="author"> + <xsd:complexContent> + <xsd:extension base="lib:person"> + <xsd:attribute name="recommends" type="xsd:IDREF" xse:refType="lib:book"/> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + + <xsd:complexType name="book"> + <xsd:sequence> + <xsd:element name="isbn" type="lib:isbn"/> + <xsd:element name="title" type="lib:title"/> + <xsd:element name="genre" type="lib:genre"/> + <xsd:element name="author" type="lib:author" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="available" type="xsd:boolean" default="true"/> + <xsd:attribute name="id" type="xsd:ID" use="required"/> + </xsd:complexType> + + <xsd:complexType name="catalog"> + <xsd:sequence> + <xsd:element name="book" type="lib:book" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + + <xsd:element name="catalog" type="lib:catalog"/> + +</xsd:schema> diff --git a/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx b/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx new file mode 100644 index 0000000..8eb7a28 --- /dev/null +++ b/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx @@ -0,0 +1,24 @@ +// file : cxx/tree/secure/secure-dom-parser.cxx +// copyright : not copyrighted - public domain + +#include "secure-dom-parser.hxx" + +#include <xercesc/util/XMLException.hpp> +#include <xercesc/util/XMLExceptMsgs.hpp> + +using namespace xercesc; + +void SecureDOMParser:: +doctypeDecl (const DTDElementDecl& e, + const XMLCh* const pub_id, + const XMLCh* const sys_id, + const bool hasi, + const bool hase) +{ + if (hasi || hase) + ThrowXMLwithMemMgr(RuntimeException, + XMLExcepts::Gen_NoDTDValidator, + fMemoryManager); + + DOMLSParserImpl::doctypeDecl (e, pub_id, sys_id, hasi, hase); +} diff --git a/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx b/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx new file mode 100644 index 0000000..d70dff0 --- /dev/null +++ b/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx @@ -0,0 +1,25 @@ +// file : cxx/tree/secure/secure-dom-parser.hxx +// copyright : not copyrighted - public domain + +#ifndef SECURE_DOM_PARSER_HXX +#define SECURE_DOM_PARSER_HXX + +#include <xercesc/parsers/DOMLSParserImpl.hpp> + +class SecureDOMParser: public xercesc::DOMLSParserImpl +{ +public: + SecureDOMParser (xercesc::MemoryManager* mm = + xercesc::XMLPlatformUtils::fgMemoryManager, + xercesc::XMLGrammarPool* gp = 0) + : DOMLSParserImpl (0, mm, gp) {} + + virtual void + doctypeDecl (const xercesc::DTDElementDecl& root, + const XMLCh* const public_id, + const XMLCh* const system_id, + const bool has_internal, + const bool has_external); +}; + +#endif // SECURE_DOM_PARSER_HXX |