XML is used for a few formats within Apertis, although not as many as JSON. It is more commonly used internally by various GLib systems and tools, such as GSettings and D-Bus. In situations where it is parsed by Apertis code, the XML being parsed typically comes from untrusted sources (untrusted web APIs or user input), so must be validated extremely carefully to prevent exploits.
- Use a standard library to parse XML, such as libxml2. (#Parsing XML)
- Write an XML schema for each XML format in use. (#Schema validation)
- Use xmllint to validate XML documents. (#Schema validation)
XML should be parsed using a standard library, such as libxml2. That will take care of checking the XML for well-formedness and safely parsing the values it contains. The output from libxml2 is a hierarchy of parsed XML elements — the Apertis code must extract the data it requires from this hierarchy. The navigation of this hierarchy is still security critical, as the parsed XML document may not conform to the expected format (the schema for that document). Strings should be checked to see if they’re empty or invalid UTF-8; integer parsing should check for failure or unparsable characters; the parser should error if required elements aren’t encountered or expected attributes are missing; etc.
Ideally, all XML formats will have an accompanying XML schema which describes the expected structure of the XML files. If a schema exists for an XML document which is stored in git (such as a
GtkBuilder UI definition), that document can be validated at compile time, which can help catch problems without the need for runtime testing.
One tool for this is xmllint, which allows validation of XML documents against schemas. Given a schema called
schema.xsd and an XML document called
example.xml, the following
Makefile.am snippet will validate them at compile time:
check-local: check-xml check-xml: schema.xsd $(xml_files) xmllint --noout --schema schema.xsd $(xml_files) .PHONY: check-xml
Various existing autotools macros for systems which use XML, such as GSettings, already automatically validate the relevant XML files.