Project

General

Profile

Actions

Architecture #3972

open

Scala XML library accepts invalid XML characters

Added by Vincent MEMBRÉ about 11 years ago. Updated about 4 years ago.

Status:
New
Priority:
N/A
Category:
Architecture - Code maintenance
Target version:
-
Effort required:
Name check:
Fix check:
Regression:

Description

Following #3967, We found out that Scala XML library has some issue with some particular character:

  • it correctly refuse invalid characters, throwing an error both when serializing and loading it
val s = <xml>{\u000B}</xml>
<console>:1: error: illegal character '\u000b'
val s = <xml>{\u000B}</xml>
                   ^
scala> val s = <xml>{"a \rb"}</xml>
b</xml>a.xml.Elem = <xml>a 
scala> val is = new ByteArrayInputStream(s.toString.getBytes)
is: java.io.ByteArrayInputStream = java.io.ByteArrayInputStream@f608fcd

scala> XML.load(is)
res13: scala.xml.Elem = 
<xml>a 
b</xml>
  • causing a difference between the initial xml and the one read
scala> res13 == s
res14: Boolean = false

This is causing some issue to us: datas missing in xml, non valid change requests, various security issues...

There is three places in Rudder that serialize dtas into xml:
- Change request (various bug detected, due to comparison between postgres and LDAP datas)
- Events logs
- archive/rollback/datas stored in configuration repository


Related issues 1 (0 open1 closed)

Related to Rudder - Bug #3967: Change request cannot be accepted: multiline text cause merge incompatibilityReleasedFrançois ARMAND2013-09-26Actions
Actions

Also available in: Atom PDF