Context Navigation

Modify ↓

#22250 closed defect (fixed)

[PATCH][RFC] Abort on XML parse errors

Reported by:	SimonPoole	Owned by:	team
Priority:	major	Milestone:	22.08
Component:	Core	Version:
Keywords:		Cc:

Description

I haven't checked the source yet, but it seems that an unknown element in OSM XML input from the API will not cause the parser to abort, see

https://lists.openstreetmap.org/pipermail/talk/2022-July/087672.html

and

https://github.com/zerebubuth/openstreetmap-cgimap/issues/276

While there is a place for being lenient with what you accept, the XML parser probably isn't it.

Attachments (2)

22250.patch (1.4 KB ) - added by taylor.smock 3 years ago.: Parse error from OSM API
22250.2.patch (17.3 KB ) - added by taylor.smock 3 years ago.: Add unit tests for <error> tags

Download all attachments as: .zip

Change History (7)

comment:1 by SimonPoole, 3 years ago

See source:trunk/src/org/openstreetmap/josm/io/OsmReader.java@18512:391-406#L391 IMHO either what we are parsing is known, can be enumerated and if we don't want to process it can be ignored, or it is really unknown and should generate a parse exception.

Last edited 3 years ago by taylor.smock (previous) (diff)

comment:2 by anonymous, 3 years ago

As far as user visibly is concerned - then #11652 is related.

comment:3 by taylor.smock, 3 years ago

Please note that we do create the xml reader using the factory from source:trunk/src/org/openstreetmap/josm/tools/XmlUtils.java@18512:131-138#L131 .

Looking at the OWASP XML XXE and XML Security cheatsheets, we do the following:

Disable external entities
Disable validation
Disable DTD

From the XML XXE, we aren't doing the following:

xmlInputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); -- this should be covered by the SUPPORT_DTD and IS_SUPPORTING_EXTERNAL_ENTITIES flags.

From XML Security:

Invalid XML Documents:
- There is no official OSM XML schema (see osmwiki:OSM_XML/XSD ), so we should not throw an error on unknown elements. Especially since the XML schema can be extended by third parties (e.g. overpass), and plugins may reuse the code for other purposes (i.e., some server may return an extended osm xml file), so we probably cannot throw an exception on an unknown element. I'll have to go through the code and see how plugins have extended it.

See #6742 and r4645 for when the parseUnknown code was introduced.

With that said, we should probably parse the <error> element, and throw an exception with the error body as the message.

by taylor.smock, 3 years ago

Attachment:	22250.patch added

Parse error from OSM API

by taylor.smock, 3 years ago

Attachment:	22250.2.patch added

Add unit tests for <error> tags

comment:4 by taylor.smock, 3 years ago

Milestone:	→ 22.08
Summary:	Abort on XML parse errors → [PATCH][RFC] Abort on XML parse errors

comment:5 by taylor.smock, 3 years ago

Resolution:	→ fixed
Status:	new → closed

In 18541/josm:

Fix #22250: Abort on XML error elements

Modify Ticket

Change Properties

Summary:
Type:		Priority:
Milestone:		Component:
Version:		Keywords:
Cc:	Set your email in Preferences

Action

leave as closed The owner will remain team.

change resolution as The resolution will be set.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: