1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 09:08:49 -05:00

server/getpart: make the "XML-parser" stricter

When extracting a <section> <part> and there's no </part> before
</section>, this now outputs an error and returns a wrong string to
make users spot the mistake.

Ref: #5070
Closes #5071
This commit is contained in:
Daniel Stenberg 2020-03-10 17:47:44 +01:00
parent a7e24c7362
commit fe8ba51209
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 21 additions and 12 deletions

View File

@ -1,12 +1,12 @@
#!/usr/bin/env python #!/usr/bin/env python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# # _ _ ____ _
# Project ___| | | | _ \| | # Project ___| | | | _ \| |
# / __| | | | |_) | | # / __| | | | |_) | |
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 2017, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 2017 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@ -30,7 +30,7 @@ import logging
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
REPLY_DATA = re.compile("<reply>\s*<data>(.*?)</data>", re.MULTILINE | re.DOTALL) REPLY_DATA = re.compile("<reply>[ \t\n\r]*<data[^<]*>(.*?)</data>", re.MULTILINE | re.DOTALL)
class TestData(object): class TestData(object):

View File

@ -8,7 +8,9 @@ SMB
# #
# Server-side # Server-side
<reply> <reply>
<data>Basic SMB test complete</data> <data nocheck="yes">
Basic SMB test complete
</data>
</reply> </reply>
# #
@ -20,10 +22,10 @@ smb
<features> <features>
smb smb
</features> </features>
<name> <name>
Basic SMB request Basic SMB request
</name> </name>
<command> <command>
-u 'curltest:curltest' smb://%HOSTIP:%SMBPORT/TESTS/1451 -u 'curltest:curltest' smb://%HOSTIP:%SMBPORT/TESTS/1451
</command> </command>
</client> </client>
@ -31,6 +33,8 @@ Basic SMB request
# #
# Verify data after the test has been "shot" # Verify data after the test has been "shot"
<verify> <verify>
<stdout>Basic SMB test complete</stdout> <stdout>
Basic SMB test complete
</stdout>
</verify> </verify>
</testcase> </testcase>

View File

@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@ -23,6 +23,7 @@
#use strict; #use strict;
my @xml; my @xml;
my $xmlfile;
my $warning=0; my $warning=0;
my $trace=0; my $trace=0;
@ -80,11 +81,10 @@ sub getpart {
my @this; my @this;
my $inside=0; my $inside=0;
my $base64=0; my $base64=0;
my $line;
# print "Section: $section, part: $part\n";
for(@xml) { for(@xml) {
# print "$inside: $_"; $line++;
if(!$inside && ($_ =~ /^ *\<$section/)) { if(!$inside && ($_ =~ /^ *\<$section/)) {
$inside++; $inside++;
} }
@ -105,6 +105,10 @@ sub getpart {
$inside--; $inside--;
} }
elsif(($inside >= 1) && ($_ =~ /^ *\<\/$section/)) { elsif(($inside >= 1) && ($_ =~ /^ *\<\/$section/)) {
if($inside > 1) {
print STDERR "$xmlfile:$line:1: error: missing </$part> tag before </$section>\n";
@this = ("format error in $xmlfile");
}
if($trace && @this) { if($trace && @this) {
print STDERR "*** getpart.pm: $section/$part returned data!\n"; print STDERR "*** getpart.pm: $section/$part returned data!\n";
} }
@ -165,6 +169,7 @@ sub loadtest {
my ($file)=@_; my ($file)=@_;
undef @xml; undef @xml;
$xmlfile = $file;
if(open(XML, "<$file")) { if(open(XML, "<$file")) {
binmode XML; # for crapage systems, use binary binmode XML; # for crapage systems, use binary