8 files changed, 390 insertions, 0 deletions
diff --git a/xsd-examples/cxx/tree/secure/.gitignore b/xsd-examples/cxx/tree/secure/.gitignore
new file mode 100644
index 0000000..c116ec1
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/.gitignore
@@ -0,0 +1 @@
+library.?xx
diff --git a/xsd-examples/cxx/tree/secure/README b/xsd-examples/cxx/tree/secure/README
new file mode 100644
index 0000000..649f0a3
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/README
@@ -0,0 +1,41 @@
+This example shows how to perform more secure XML parsing by disabling
+the XML External Entity (XXE) Processing. If XML Schema validation is
+used, then it would also make sense to pre-load the known schemas and
+to disable loading of any external schemas, for example, via the
+schemaLocation attribute found in the XML documents. See the comment
+in driver.cxx for more information on how to achieve this.
+
+The example consists of the following files:
+
+library.xsd
+  XML Schema which describes a library of books.
+
+library.xml
+  Sample XML instance document. It includes (commented out) DOCTYPE
+  declarations with internal and external subsets that the parser
+  will refuse to process.
+
+library.hxx
+library.cxx
+  C++ types that represent the given vocabulary and a set of parsing
+  functions that convert XML instance documents to a tree-like in-memory
+  object model. These are generated by the XSD compiler from library.xsd.
+
+secure-dom-parser.hxx
+secure-dom-parser.cxx
+  A secure Xerces-C++ DOM parser implementation that disables processing
+  of internal/external DTD subsets.
+
+driver.cxx
+  Driver for the example. It first sets up the secure DOM parser. It then
+  parses the input file to a DOM document using the secure DOM parser and
+  calls one of the parsing functions that constructs the object model from
+  this DOM document. Finally, the driver prints a number of books in the
+  object model to STDERR.
+
+To run the example on the sample XML instance document simply execute:
+
+$ ./driver library.xml
+
+To verify that DTD processing is disabled, uncomment a different DOCTYPE
+version in the sample document.
diff --git a/xsd-examples/cxx/tree/secure/buildfile b/xsd-examples/cxx/tree/secure/buildfile
new file mode 100644
index 0000000..b1ca71f
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/buildfile
@@ -0,0 +1,27 @@
+# file      : cxx/tree/secure/buildfile
+# license   : not copyrighted - public domain
+
+import libs = libxsd%lib{xsd}
+import libs += libxerces-c%lib{xerces-c}
+
+./: exe{driver} doc{README}
+
+exe{driver}: {hxx cxx}{* -library} {hxx ixx cxx}{library} $libs
+
+exe{driver}: xml{library}: test.input = true
+
+<{hxx ixx cxx}{library}>: xsd{library} $xsd
+{{
+  diag xsd ($<[0]) # @@ TMP
+
+  $xsd cxx-tree --std c++11   \
+       --generate-inline      \
+       --output-dir $out_base \
+       $path($<[0])
+}}
+
+cxx.poptions =+ "-I$out_base" "-I$src_base"
+
+# Define XSD_CXX11 since we include libxsd headers directly.
+#
+cxx.poptions += -DXSD_CXX11
diff --git a/xsd-examples/cxx/tree/secure/driver.cxx b/xsd-examples/cxx/tree/secure/driver.cxx
new file mode 100644
index 0000000..7b6886f
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/driver.cxx
@@ -0,0 +1,141 @@
+// file      : cxx/tree/secure/driver.cxx
+// copyright : not copyrighted - public domain
+
+#include <memory>   // std::unique_ptr
+#include <fstream>
+#include <iostream>
+
+#include <xercesc/dom/DOM.hpp>
+#include <xercesc/util/PlatformUtils.hpp>
+#include <xercesc/framework/Wrapper4InputSource.hpp>
+
+#include <xsd/cxx/xml/string.hxx>
+#include <xsd/cxx/xml/dom/auto-ptr.hxx>
+#include <xsd/cxx/xml/dom/bits/error-handler-proxy.hxx>
+#include <xsd/cxx/xml/sax/std-input-source.hxx>
+
+#include <xsd/cxx/tree/error-handler.hxx>
+
+#include "library.hxx"
+#include "secure-dom-parser.hxx"
+
+using namespace std;
+
+int
+main (int argc, char* argv[])
+{
+  if (argc != 2)
+  {
+    cerr << "usage: " << argv[0] << " library.xml" << endl;
+    return 1;
+  }
+
+  int r (0);
+
+  // We need to initialize the Xerces-C++ runtime because we
+  // are doing the XML-to-DOM parsing ourselves.
+  //
+  xercesc::XMLPlatformUtils::Initialize ();
+
+  try
+  {
+    using namespace xercesc;
+    namespace xml = xsd::cxx::xml;
+    namespace tree = xsd::cxx::tree;
+
+    xml::dom::unique_ptr<DOMLSParser> parser (new SecureDOMParser ());
+
+    DOMConfiguration* conf (parser->getDomConfig ());
+
+    // Discard comment nodes in the document.
+    //
+    conf->setParameter (XMLUni::fgDOMComments, false);
+
+    // Enable datatype normalization.
+    //
+    conf->setParameter (XMLUni::fgDOMDatatypeNormalization, true);
+
+    // Do not create EntityReference nodes in the DOM tree. No
+    // EntityReference nodes will be created, only the nodes
+    // corresponding to their fully expanded substitution text
+    // will be created.
+    //
+    conf->setParameter (XMLUni::fgDOMEntities, false);
+
+    // Perform namespace processing.
+    //
+    conf->setParameter (XMLUni::fgDOMNamespaces, true);
+
+    // Do not include ignorable whitespace in the DOM tree.
+    //
+    conf->setParameter (XMLUni::fgDOMElementContentWhitespace, false);
+
+    // Enable validation.
+    //
+    conf->setParameter (XMLUni::fgDOMValidate, true);
+    conf->setParameter (XMLUni::fgXercesSchema, true);
+    conf->setParameter (XMLUni::fgXercesSchemaFullChecking, false);
+
+    // Xerces-C++ 3.1.0 is the first version with working multi import
+    // support.
+    //
+#if _XERCES_VERSION >= 30100
+    conf->setParameter (XMLUni::fgXercesHandleMultipleImports, true);
+#endif
+
+    // Disable loading schemas via other means (e.g., schemaLocation).
+    //
+    // Note: this might be a good idea though if you need validation,
+    // you will need to pre-load the schema via other means. See the
+    // 'caching' and 'embedded' examples for different approaches.
+    // Both of them can be used with SecureDOMParser.
+    //
+    // conf->setParameter (XMLUni::fgXercesLoadSchema, false);
+
+    // We will release the DOM document ourselves.
+    //
+    conf->setParameter (XMLUni::fgXercesUserAdoptsDOMDocument, true);
+
+    // Set error handler.
+    //
+    tree::error_handler<char> eh;
+    xml::dom::bits::error_handler_proxy<char> ehp (eh);
+    conf->setParameter (XMLUni::fgDOMErrorHandler, &ehp);
+
+    // Parse the XML document.
+    //
+    ifstream ifs;
+    ifs.exceptions (ifstream::badbit | ifstream::failbit);
+    ifs.open (argv[1]);
+
+    // Wrap the standard input stream.
+    //
+    xml::sax::std_input_source isrc (ifs, argv[1]);
+    Wrapper4InputSource wrap (&isrc, false);
+
+    // Parse XML to DOM.
+    //
+    xml_schema::dom::unique_ptr<DOMDocument> doc (parser->parse (&wrap));
+
+    eh.throw_if_failed<xml_schema::parsing> ();
+
+    // Parse DOM to the object model.
+    //
+    unique_ptr<library::catalog> c (library::catalog_ (*doc));
+
+    cerr << "catalog with " << c->book ().size () << " books" << endl;
+  }
+  catch (const xml_schema::exception& e)
+  {
+    cerr << e << endl;
+    r = 1;
+  }
+  catch (const std::ios_base::failure&)
+  {
+    cerr << argv[1] << ": unable to open or read failure" << endl;
+    r = 1;
+  }
+
+  xercesc::XMLPlatformUtils::Terminate ();
+  return r;
+}
diff --git a/xsd-examples/cxx/tree/secure/library.xml b/xsd-examples/cxx/tree/secure/library.xml
new file mode 100644
index 0000000..fa5f044
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/library.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0"?>
+<!DOCTYPE lib:catalog>
+<!--
+<!DOCTYPE lib:catalog [<!ENTITY xxe SYSTEM "file:///dev/random" >]>
+-->
+<!--
+<!DOCTYPE lib:catalog PUBLIC "public id" "http://example.org">
+-->
+
+<!--
+
+file      : cxx/tree/secure/library.xml
+copyright : not copyrighted - public domain
+
+-->
+
+<lib:catalog xmlns:lib="http://www.codesynthesis.com/library"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	     xsi:schemaLocation="http://www.codesynthesis.com/library library.xsd">
+
+  <book id="MM" available="false">
+    <isbn>0679760806</isbn>
+    <title>The Master and Margarita</title>
+    <genre>fiction</genre>
+
+    <author recommends="WP">
+      <name>Mikhail Bulgakov</name>
+      <born>1891-05-15</born>
+      <died>1940-03-10</died>
+    </author>
+  </book>
+
+
+  <book id="WP">
+    <isbn>0679600841</isbn>
+    <title>War and Peace</title>
+    <genre>history</genre>
+
+    <author recommends="CP">
+      <name>Leo Tolstoy</name>
+      <born>1828-09-09</born>
+      <died>1910-11-20</died>
+    </author>
+  </book>
+
+
+  <book id="CP" available="false">
+    <isbn>0679420290</isbn>
+    <title>Crime and Punishment</title>
+    <genre>philosophy</genre>
+
+    <author>
+      <name>Fyodor Dostoevsky</name>
+      <born>1821-11-11</born>
+      <died>1881-02-09</died>
+    </author>
+  </book>
+
+</lib:catalog>
diff --git a/xsd-examples/cxx/tree/secure/library.xsd b/xsd-examples/cxx/tree/secure/library.xsd
new file mode 100644
index 0000000..f80da3c
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/library.xsd
@@ -0,0 +1,72 @@
+<?xml version="1.0"?>
+
+<!--
+
+file      : cxx/tree/secure/library.xsd
+copyright : not copyrighted - public domain
+
+-->
+
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+            xmlns:xse="http://www.codesynthesis.com/xmlns/xml-schema-extension"
+            xmlns:lib="http://www.codesynthesis.com/library"
+            targetNamespace="http://www.codesynthesis.com/library">
+
+  <xsd:simpleType name="isbn">
+    <xsd:restriction base="xsd:unsignedInt"/>
+  </xsd:simpleType>
+
+  <xsd:complexType name="title">
+    <xsd:simpleContent>
+      <xsd:extension base="xsd:string">
+        <xsd:attribute name="lang" type="xsd:language"/>
+      </xsd:extension>
+    </xsd:simpleContent>
+  </xsd:complexType>
+
+  <xsd:simpleType name="genre">
+    <xsd:restriction base="xsd:string">
+      <xsd:enumeration value="romance"/>
+      <xsd:enumeration value="fiction"/>
+      <xsd:enumeration value="horror"/>
+      <xsd:enumeration value="history"/>
+      <xsd:enumeration value="philosophy"/>
+    </xsd:restriction>
+  </xsd:simpleType>
+
+  <xsd:complexType name="person">
+    <xsd:sequence>
+      <xsd:element name="name" type="xsd:string"/>
+      <xsd:element name="born" type="xsd:date"/>
+      <xsd:element name="died" type="xsd:date" minOccurs="0"/>
+    </xsd:sequence>
+  </xsd:complexType>
+
+  <xsd:complexType name="author">
+    <xsd:complexContent>
+      <xsd:extension base="lib:person">
+	<xsd:attribute name="recommends" type="xsd:IDREF" xse:refType="lib:book"/>
+      </xsd:extension>
+    </xsd:complexContent>
+  </xsd:complexType>
+
+  <xsd:complexType name="book">
+    <xsd:sequence>
+      <xsd:element name="isbn" type="lib:isbn"/>
+      <xsd:element name="title" type="lib:title"/>
+      <xsd:element name="genre" type="lib:genre"/>
+      <xsd:element name="author" type="lib:author" maxOccurs="unbounded"/>
+    </xsd:sequence>
+    <xsd:attribute name="available" type="xsd:boolean" default="true"/>
+    <xsd:attribute name="id" type="xsd:ID" use="required"/>
+  </xsd:complexType>
+
+  <xsd:complexType name="catalog">
+    <xsd:sequence>
+      <xsd:element name="book" type="lib:book" maxOccurs="unbounded"/>
+    </xsd:sequence>
+  </xsd:complexType>
+
+  <xsd:element name="catalog" type="lib:catalog"/>
+
+</xsd:schema>
diff --git a/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx b/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx
new file mode 100644
index 0000000..8eb7a28
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/secure-dom-parser.cxx
@@ -0,0 +1,24 @@
+// file      : cxx/tree/secure/secure-dom-parser.cxx
+// copyright : not copyrighted - public domain
+
+#include "secure-dom-parser.hxx"
+
+#include <xercesc/util/XMLException.hpp>
+#include <xercesc/util/XMLExceptMsgs.hpp>
+
+using namespace xercesc;
+
+void SecureDOMParser::
+doctypeDecl (const DTDElementDecl& e,
+             const XMLCh* const    pub_id,
+             const XMLCh* const    sys_id,
+             const bool            hasi,
+             const bool            hase)
+{
+  if (hasi || hase)
+    ThrowXMLwithMemMgr(RuntimeException,
+                       XMLExcepts::Gen_NoDTDValidator,
+                       fMemoryManager);
+
+  DOMLSParserImpl::doctypeDecl (e, pub_id, sys_id, hasi, hase);
+}
diff --git a/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx b/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx
new file mode 100644
index 0000000..d70dff0
--- /dev/null
+++ b/xsd-examples/cxx/tree/secure/secure-dom-parser.hxx
@@ -0,0 +1,25 @@
+// file      : cxx/tree/secure/secure-dom-parser.hxx
+// copyright : not copyrighted - public domain
+
+#ifndef SECURE_DOM_PARSER_HXX
+#define SECURE_DOM_PARSER_HXX
+
+#include <xercesc/parsers/DOMLSParserImpl.hpp>
+
+class SecureDOMParser: public xercesc::DOMLSParserImpl
+{
+public:
+  SecureDOMParser (xercesc::MemoryManager* mm =
+                     xercesc::XMLPlatformUtils::fgMemoryManager,
+                   xercesc::XMLGrammarPool* gp = 0)
+      : DOMLSParserImpl (0, mm, gp) {}
+
+  virtual void
+  doctypeDecl (const xercesc::DTDElementDecl& root,
+               const XMLCh* const             public_id,
+               const XMLCh* const             system_id,
+               const bool                     has_internal,
+               const bool                     has_external);
+};
+
+#endif // SECURE_DOM_PARSER_HXX