Actions
Architecture #3972
openScala XML library accepts invalid XML characters
Status:
New
Priority:
N/A
Assignee:
Category:
Architecture - Code maintenance
Target version:
-
Pull Request:
Effort required:
Name check:
Fix check:
Regression:
Description
Following #3967, We found out that Scala XML library has some issue with some particular character:
- it correctly refuse invalid characters, throwing an error both when serializing and loading it
val s = <xml>{\u000B}</xml> <console>:1: error: illegal character '\u000b' val s = <xml>{\u000B}</xml> ^
- but there is issue with control characters (\r ...)
- it is some valid xml http://www.w3.org/TR/xml/#charsets
- correctly accepted withn scala xml
scala> val s = <xml>{"a \rb"}</xml> b</xml>a.xml.Elem = <xml>a
- replaced by \n when using loaded from a file (which is an accepted behavior :see first note here: www.w3.org/TR/xml/#sec-common-syn):
scala> val is = new ByteArrayInputStream(s.toString.getBytes) is: java.io.ByteArrayInputStream = java.io.ByteArrayInputStream@f608fcd scala> XML.load(is) res13: scala.xml.Elem = <xml>a b</xml>
- causing a difference between the initial xml and the one read
scala> res13 == s res14: Boolean = false
This is causing some issue to us: datas missing in xml, non valid change requests, various security issues...
There is three places in Rudder that serialize dtas into xml:
- Change request (various bug detected, due to comparison between postgres and LDAP datas)
- Events logs
- archive/rollback/datas stored in configuration repository
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.10 to 2.4.11
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.11 to 2.4.12
Updated by Nicolas PERRON about 11 years ago
- Target version changed from 2.4.12 to 2.4.13
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.4.13 to 2.6.11
Since version 2.4 is not maintained anymore, retargeting to branch 2.6
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.6.11 to 2.6.12
Updated by Vincent MEMBRÉ almost 11 years ago
- Target version changed from 2.6.12 to 2.6.13
Updated by Vincent MEMBRÉ over 10 years ago
- Target version changed from 2.6.13 to 2.6.14
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.14 to 2.6.16
Updated by Jonathan CLARKE over 10 years ago
- Target version changed from 2.6.16 to 2.6.17
Updated by Nicolas PERRON over 10 years ago
- Target version changed from 2.6.17 to 2.6.18
Updated by Matthieu CERDA about 10 years ago
- Target version changed from 2.6.18 to 2.6.19
Updated by Vincent MEMBRÉ about 10 years ago
- Target version changed from 2.6.19 to 2.6.20
Updated by François ARMAND almost 10 years ago
- Target version changed from 2.6.20 to 2.10.10
Still no good solution for that one :(
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.10 to 2.10.11
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.11 to 2.10.12
Updated by Vincent MEMBRÉ almost 10 years ago
- Target version changed from 2.10.12 to 2.10.13
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.13 to 2.10.14
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.14 to 2.10.15
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.15 to 2.10.16
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 2.10.16 to 2.10.17
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.17 to 2.10.18
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.18 to 2.10.19
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.19 to 2.10.20
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 2.10.20 to 2.11.18
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 2.11.18 to 2.11.19
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 2.11.19 to 2.11.20
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.20 to 2.11.21
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.21 to 2.11.22
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.22 to 2.11.23
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.23 to 2.11.24
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 2.11.24 to 308
Updated by Vincent MEMBRÉ over 8 years ago
- Target version changed from 308 to 3.1.14
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.14 to 3.1.15
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.15 to 3.1.16
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.16 to 3.1.17
Updated by Vincent MEMBRÉ about 8 years ago
- Target version changed from 3.1.17 to 3.1.18
Updated by Vincent MEMBRÉ almost 8 years ago
- Target version changed from 3.1.18 to 3.1.19
Updated by François ARMAND over 7 years ago
- Related to Bug #3967: Change request cannot be accepted: multiline text cause merge incompatibility added
Updated by François ARMAND over 7 years ago
- Tracker changed from Bug to Architecture
There is no direct bug for that one (the bug is #3967). So I'm changing that to "architecture", and we will open bug if (when) something impacting user is found.
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.19 to 3.1.20
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.20 to 3.1.21
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.21 to 3.1.22
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.22 to 3.1.23
Updated by Vincent MEMBRÉ over 7 years ago
- Target version changed from 3.1.23 to 3.1.24
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 3.1.24 to 3.1.25
Updated by Benoît PECCATTE about 7 years ago
- Target version changed from 3.1.25 to 4.1.9
Updated by Vincent MEMBRÉ about 7 years ago
- Target version changed from 4.1.9 to 4.1.10
Updated by Vincent MEMBRÉ almost 7 years ago
- Target version changed from 4.1.10 to 4.1.11
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.11 to 4.1.12
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.12 to 4.1.13
Updated by Vincent MEMBRÉ over 6 years ago
- Target version changed from 4.1.13 to 4.1.14
Updated by Benoît PECCATTE over 6 years ago
- Target version changed from 4.1.14 to 4.1.15
Updated by Rudder Quality Assistant over 6 years ago
- Assignee changed from François ARMAND to Benoît PECCATTE
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.15 to 4.1.16
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.16 to 4.1.17
Updated by Vincent MEMBRÉ about 6 years ago
- Target version changed from 4.1.17 to 4.1.18
Updated by Benoît PECCATTE about 6 years ago
- Assignee changed from Benoît PECCATTE to François ARMAND
Updated by Vincent MEMBRÉ almost 6 years ago
- Target version changed from 4.1.18 to 4.1.19
Updated by Alexis Mousset almost 6 years ago
- Target version changed from 4.1.19 to 4.1.20
Updated by Alexis Mousset over 5 years ago
- Target version changed from 4.1.20 to 588
Updated by Nicolas CHARLES over 5 years ago
- Target version changed from 588 to 5.0.13
certainly still true
Updated by Vincent MEMBRÉ over 5 years ago
- Target version changed from 5.0.13 to 5.0.14
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.14 to 5.0.15
Updated by Vincent MEMBRÉ about 5 years ago
- Target version changed from 5.0.15 to 5.0.16
Updated by Alexis Mousset almost 5 years ago
- Target version changed from 5.0.16 to 5.0.17
Updated by Vincent MEMBRÉ over 4 years ago
- Target version changed from 5.0.17 to 5.0.18
Updated by Benoît PECCATTE over 4 years ago
- Target version changed from 5.0.18 to 6.2.0~beta1
Updated by Vincent MEMBRÉ about 4 years ago
- Target version changed from 6.2.0~beta1 to 6.2.0~rc1
Updated by François ARMAND about 4 years ago
- Priority changed from 1 (highest) to N/A
- Target version deleted (
6.2.0~rc1)
Actions