Security problem

[Bert Frees]

I just realized that p:load also resolves URIs from the Web, which means that we have a possible security issue. I use p:load to load a user supplied href:

https://github.com/daisy-consortium/pipeline-mod-braille/blob/master/xml-to-pef/src/main/resources/xml/xproc/xml-to-pef.load-translator.xpl

In normal conditions, this href points to an XProc or XSLT that is exposed by a catalog file somewhere in the Pipeline. It is of course unacceptable that files from the web are loaded, somebody might provide a link to a malicious XProc script.

How should I fix this? Validate the supplied URI against a list of accepted URI's? Is the option validation with XML Schema already possible? Or should we disable the resolving of URIs from the web altogether?

Bert

[Jostein Austvik Jacobsen]

Other scripts might need to resolve URIs from the web so I think the URI filtering should be done in your script.

something like...

if (matches($href,'^file:') or not(matches($href,'^\w+:')) then VALID else INVALID

?

Jostein

--
You received this message because you are subscribed to the Google Groups "DAISY Pipeline Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to daisy-pipeline-...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Bert Frees]

Thanks. I fixed it with validation. It was a bit more involved than your suggestion. Unknown http:// URIs are now rejected, file:/ URIs are only accepted if the file meets certain conditions. And the script is now clever enough to load translators based on a simple file name instead of the fully qualified URI.

2013/4/5 Jostein Austvik Jacobsen <jost...@gmail.com>

[Jostein Austvik Jacobsen]

Neat :)

Jostein