From e65b71ec5cf4c848860dc0aa80fe4537849aec6c Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Fri, 22 Nov 2019 00:02:23 +0200 Subject: [PATCH 1/4] Add a fast memory-only XML parser --- util/CMakeLists.txt | 29 ++- util/xmlutils.c | 246 ++++++++++++++++++++++++++ util/xmlutils.h | 30 ++++ util/xmlutils_tests.c | 402 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 705 insertions(+), 2 deletions(-) create mode 100644 util/xmlutils_tests.c diff --git a/util/CMakeLists.txt b/util/CMakeLists.txt index af5e363e7..96815d76f 100644 --- a/util/CMakeLists.txt +++ b/util/CMakeLists.txt @@ -47,6 +47,9 @@ pkg_check_modules (LIBSSH REQUIRED libssh>=0.6.0) # for kb we need libhiredis pkg_check_modules (REDIS REQUIRED hiredis>=0.10.1) +# for fast XML we need libxml2 +pkg_check_modules (LIBXML2 REQUIRED libxml-2.0>=2.0) + # Set NVTICACHE name with the version set (NVTICACHE_STR "nvticache${PROJECT_VERSION}") add_definitions (-DNVTICACHE_STR="${NVTICACHE_STR}") @@ -131,7 +134,8 @@ if (BUILD_WITH_LDAP) endif (NOT LIBLDAP) endif (BUILD_WITH_LDAP) -include_directories (${GLIB_INCLUDE_DIRS} ${GPGME_INCLUDE_DIRS} ${GCRYPT_INCLUDE_DIRS}) +include_directories (${GLIB_INCLUDE_DIRS} ${GPGME_INCLUDE_DIRS} ${GCRYPT_INCLUDE_DIRS} + ${LIBXML2_INCLUDE_DIRS}) set (FILES authutils.c compressutils.c fileutils.c gpgmeutils.c kb.c ldaputils.c nvticache.c radiusutils.c serverutils.c sshutils.c uuidutils.c @@ -160,9 +164,30 @@ if (BUILD_SHARED) ${GIO_LDFLAGS} ${GPGME_LDFLAGS} ${ZLIB_LDFLAGS} ${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS} ${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS} - ${UUID_LDFLAGS} ${LINKER_HARDENING_FLAGS}) + ${LIBXML2_LDFLAGS} ${UUID_LDFLAGS} + ${LINKER_HARDENING_FLAGS}) endif (BUILD_SHARED) + +## Tests + +add_executable (xmlutils-test + EXCLUDE_FROM_ALL + xmlutils_tests.c) + +add_test (xmlutils-test xmlutils-test) + +target_link_libraries (xmlutils-test cgreen + ${GLIB_LDFLAGS} ${GIO_LDFLAGS} ${GPGME_LDFLAGS} ${ZLIB_LDFLAGS} + ${RADIUS_LDFLAGS} ${LIBSSH_LDFLAGS} ${GNUTLS_LDFLAGS} + ${GCRYPT_LDFLAGS} ${LDAP_LDFLAGS} ${REDIS_LDFLAGS} + ${LIBXML2_LDFLAGS} ${UUID_LDFLAGS} + ${LINKER_HARDENING_FLAGS}) + +add_custom_target (tests-xmlutils + DEPENDS xmlutils-test) + + ## Install configure_file (libgvm_util.pc.in ${CMAKE_BINARY_DIR}/libgvm_util.pc @ONLY) diff --git a/util/xmlutils.c b/util/xmlutils.c index 0fc4f6295..29bf0eccb 100644 --- a/util/xmlutils.c +++ b/util/xmlutils.c @@ -33,6 +33,8 @@ #include /* for fcntl, F_SETFL, O_NONBLOCK */ #include /* for g_free, GSList, g_markup_parse_context_free */ #include /* for GPOINTER_TO_INT, GINT_TO_POINTER, gsize */ +#include +#include #include /* for strcmp, strerror, strlen */ #include /* for time, time_t */ #include /* for ssize_t */ @@ -1566,3 +1568,247 @@ find_element_in_xml_file (gchar *file_path, gchar *find_element, return search_data.found; } #undef XML_FILE_BUFFER_SIZE + + +/* The new faster parser that uses libxml2. */ + +/** + * @brief Read an XML element tree from a string. + * + * Caller must not free string until caller is finished using element. + * + * @param[in] string Input string. + * @param[out] element Location for parsed element tree, or NULL if not + * required. If given, set to NULL on failure. + * Free with element_free. + * + * @return 0 success, -1 read error, -2 parse error, -3 XML ended prematurely, + * -4 setup error. + */ +int +parse_element (const gchar *string, element_t *element) +{ + xmlDocPtr doc; + + LIBXML_TEST_VERSION + + if (element) + *element = NULL; + + if (xmlMemSetup (g_free, g_malloc, g_realloc, g_strdup)) + return -4; + + doc = xmlReadMemory (string, strlen (string), "noname.xml", NULL, 0); + if (doc == NULL) + return -2; + + if (element) + *element = xmlDocGetRootElement (doc); + + return 0; +} + +/** + * @brief Free an entire element tree. + * + * Beware that this frees the entire tree that element is part of, including + * any ancestors. + * + * @param[in] element Element. + */ +void +element_free (element_t element) +{ + if (element) + { + assert (element->doc); + xmlFreeDoc (element->doc); + } +} + +/** + * @brief Get the name of an element. + * + * @param[in] element Element. + * + * @return Element name. + */ +const gchar * +element_name (element_t element) +{ + if (element + && (element->type == XML_ELEMENT_NODE)) + return (const gchar *) element->name; + + return ""; +} + +/** + * @brief Find child in an element. + * + * @param[in] element Element. + * @param[in] name Name of child. + * + * @return Child if found, else NULL. + */ +static element_t +find_child (element_t element, const gchar *name) +{ + for (xmlNode *node = element->children; node; node = node->next) + if (xmlStrcmp (node->name, (const xmlChar *) name) == 0) + return node; + return NULL; +} + +/** + * @brief Get a child of an element. + * + * @param[in] element Element. + * @param[in] name Name of the child. + * + * @return Element if found, else NULL. + */ +element_t +element_child (element_t element, const gchar *name) +{ + const gchar *stripped_name; + + if (!element) + return NULL; + + stripped_name = strchr (name, ':'); + if (stripped_name) + { + element_t child; + + /* There was a namespace in the name. + * + * First try without the namespace, because libxml2 doesn't consider the + * namespace in the name when the namespace is defined. */ + + stripped_name++; + + if (*stripped_name == '\0') + /* Don't search for child with empty stripped name, because we'll + * find text nodes. But search with just the namespace for glib + * compatibility. */ + return find_child (element, name); + + child = find_child (element, stripped_name); + if (child) + return child; + + /* Didn't find anything. */ + } + + /* There was no namespace, or we didn't find anything without the namespace. + * + * Try with the full name. */ + + return find_child (element, name); +} + +/** + * @brief Get text of an element. + * + * If element is not NULL then the return is guaranteed to be a string. + * So if the caller has NULL checked element then there is no need for + * the caller to NULL check the return. + * + * @param[in] element Element. + * + * @return NULL if element is NULL, else the text. Caller must g_free. + */ +gchar * +element_text (element_t element) +{ + gchar *string; + + if (!element) + return NULL; + + string = (gchar *) xmlNodeListGetString (element->doc, element->xmlChildrenNode, 1); + if (string) + return string; + string = xmlMalloc (1); + string[0] = '\0'; + return string; +} + +/** + * @brief Get an attribute of an element. + * + * @param[in] element Element. + * @param[in] name Name of the attribute. + * + * @return Attribute value if found, else NULL. Caller must g_free. + */ +gchar * +element_attribute (element_t element, const gchar *name) +{ + const gchar *stripped_name; + + if (!element) + return NULL; + + stripped_name = strchr (name, ':'); + if (stripped_name) + { + gchar *attribute; + + /* There was a namespace in the name. + * + * First try without the namespace, because libxml2 doesn't consider the + * namespace in the name when the namespace is defined. */ + + stripped_name++; + + if (*stripped_name == '\0') + /* Don't search for child with empty stripped name, because we'll + * find text nodes. But search with just the namespace for glib + * compatibility. */ + return (gchar *) xmlGetProp (element, (const xmlChar *) name); + + attribute = (gchar *) xmlGetProp (element, (const xmlChar *) stripped_name); + if (attribute) + return attribute; + + /* Didn't find anything. */ + } + + /* There was no namespace, or we didn't find anything without the namespace. + * + * Try with the full name. */ + + return (gchar *) xmlGetProp (element, (const xmlChar *) name); +} + +/** + * @brief Get the first child of an element. + * + * @param[in] element Element. + * + * @return Child if there is one, else NULL. + */ +element_t +element_first_child (element_t element) +{ + if (element) + return element->children; + return NULL; +} + +/** + * @brief Get the next sibling of an element + * + * @param[in] element Element. + * + * @return Next sibling element if there is one, else NULL. + */ +element_t +element_next (element_t element) +{ + if (element) + return element->next; + return NULL; +} diff --git a/util/xmlutils.h b/util/xmlutils.h index f468fafdc..8bc692d47 100644 --- a/util/xmlutils.h +++ b/util/xmlutils.h @@ -158,9 +158,39 @@ int xml_count_entities (entities_t); void xml_string_append (GString *, const char *, ...); + /* XML file utilities */ int find_element_in_xml_file (gchar *, gchar *, GHashTable *); + +/* The new faster parser that uses libxml2. */ + +typedef struct _xmlNode *element_t; + +int +parse_element (const gchar *, element_t *); + +void +element_free (element_t); + +const gchar * +element_name (element_t); + +gchar * +element_attribute (element_t, const gchar *); + +gchar * +element_text (element_t); + +element_t +element_child (element_t, const gchar *); + +element_t +element_first_child (element_t); + +element_t +element_next (element_t); + #endif /* not _GVM_XMLUTILS_H */ diff --git a/util/xmlutils_tests.c b/util/xmlutils_tests.c new file mode 100644 index 000000000..14d4a050b --- /dev/null +++ b/util/xmlutils_tests.c @@ -0,0 +1,402 @@ +/* Copyright (C) 2019 Greenbone Networks GmbH + * + * SPDX-License-Identifier: GPL-2.0-or-later + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "xmlutils.c" + +#include +#include + +Describe (xmlutils); +BeforeEach (xmlutils) +{ +} +AfterEach (xmlutils) +{ +} + +/* parse_entity */ + +Ensure (xmlutils, parse_entity_parses_simple_xml) +{ + entity_t entity, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + assert_that (entity_name (entity), is_equal_to_string ("a")); + + b = entity_child (entity, "b"); + assert_that (entity_name (b), is_equal_to_string ("b")); + + assert_that (entity_text (b), is_equal_to_string ("1")); +} + +Ensure (xmlutils, parse_entity_parses_xml_with_attributes) +{ + entity_t entity, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + b = entity_child (entity, "b"); + + assert_that (entity_attribute (b, "ba1"), is_equal_to_string ("test")); +} + +Ensure (xmlutils, parse_entity_handles_declaration) +{ + entity_t entity, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + assert_that (entity_name (entity), is_equal_to_string ("a")); + + b = entity_child (entity, "b"); + assert_that (entity_name (b), is_equal_to_string ("b")); + + assert_that (entity_text (b), is_equal_to_string ("1")); +} + +Ensure (xmlutils, parse_entity_handles_namespace) +{ + entity_t entity, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + assert_that (entity_name (entity), is_equal_to_string ("a")); + + b = entity_child (entity, "n:b"); + assert_that (entity_name (b), is_equal_to_string ("n:b")); + + assert_that (entity_text (b), is_equal_to_string ("1")); +} + +Ensure (xmlutils, parse_entity_oval_timestamp) +{ + gchar *generator_name; + entity_t generator, timestamp, entity; + const gchar *xml; + + xml = "" \ +"" \ +" " \ +" The OVAL Repository" \ +" 5.10" \ +" 2015-08-20T10:09:07.183-04:00" \ +" " \ +""; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + assert_that (entity_name (entity), is_equal_to_string ("oval_definitions")); + generator_name = g_strdup ("generator"); + generator = entity_child (entity, generator_name); + g_free (generator_name); + assert_that (generator, is_not_null); + timestamp = entity_child (generator, "oval:timestamp"); + assert_that (timestamp, is_not_null); + assert_that (entity_text (timestamp), is_equal_to_string ("2015-08-20T10:09:07.183-04:00")); +} + +/* next_entities. */ + +Ensure (xmlutils, next_entities_handles_multiple_children) +{ + entity_t entity, child; + entities_t children; + const gchar *xml; + + xml = "13"; + + assert_that (parse_entity (xml, &entity), is_equal_to (0)); + + assert_that (entity_name (entity), is_equal_to_string ("top")); + + children = entity->entities; + + child = first_entity (children); + assert_that (child, is_not_null); + assert_that (entity_name (child), is_equal_to_string ("a")); + assert_that (entity_text (child), is_equal_to_string ("1")); + children = next_entities (children); + + child = first_entity (children); + assert_that (child, is_not_null); + assert_that (entity_name (child), is_equal_to_string ("b")); + assert_that (entity_text (child), is_equal_to_string ("")); + children = next_entities (children); + + child = first_entity (children); + assert_that (child, is_not_null); + assert_that (entity_name (child), is_equal_to_string ("c")); + assert_that (entity_text (child), is_equal_to_string ("3")); + children = next_entities (children); +} + +/* parse_element */ + +Ensure (xmlutils, parse_element_parses_simple_xml) +{ + element_t element, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("a")); + + b = element_child (element, "b"); + assert_that (element_name (b), is_equal_to_string ("b")); + + assert_that (element_text (b), is_equal_to_string ("1")); +} + +Ensure (xmlutils, parse_element_parses_xml_with_attributes) +{ + element_t element, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + b = element_child (element, "b"); + + assert_that (element_attribute (b, "ba1"), is_equal_to_string ("test")); +} + +Ensure (xmlutils, parse_element_handles_declaration) +{ + element_t element, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("a")); + + b = element_child (element, "b"); + assert_that (element_name (b), is_equal_to_string ("b")); + + assert_that (element_text (b), is_equal_to_string ("1")); +} + +Ensure (xmlutils, parse_element_handles_namespace) +{ + element_t element, b; + const gchar *xml; + + xml = "1"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("a")); + + b = element_child (element, "n:b"); + assert_that (element_name (b), is_equal_to_string ("n:b")); + + assert_that (element_text (b), is_equal_to_string ("1")); + + assert_that (element_attribute (b, "n2:ba2"), is_equal_to_string ("test2")); +} + +Ensure (xmlutils, parse_element_oval_timestamp) +{ + gchar *generator_name; + element_t generator, timestamp, element; + const gchar *xml; + + xml = "" \ +"" \ +" " \ +" The OVAL Repository" \ +" 5.10" \ +" 2015-08-20T10:09:07.183-04:00" \ +" " \ +""; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("oval_definitions")); + generator_name = g_strdup ("generator"); + generator = element_child (element, generator_name); + g_free (generator_name); + assert_that (generator, is_not_null); + timestamp = element_child (generator, "oval:timestamp"); + assert_that (timestamp, is_not_null); + assert_that (element_text (timestamp), is_equal_to_string ("2015-08-20T10:09:07.183-04:00")); +} + +Ensure (xmlutils, parse_element_item_metadata) +{ + element_t element, item, meta; + const gchar *xml; + + xml = "" \ +" " \ +" $0.99 Kindle Books project $0.99 Kindle Books (aka com.kindle.books.for99) for android 6.0" \ +" " \ +" Product information" \ +" Government Advisory" \ +" " \ +" " \ +" " \ +""; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("cpe-list")); + item = element_child (element, "cpe-item"); + assert_that (item, is_not_null); + meta = element_child (item, "meta:item-metadata"); + assert_that (meta, is_not_null); + assert_that (element_name (meta), is_equal_to_string ("meta:item-metadata")); +} + +Ensure (xmlutils, parse_element_item_metadata_with_namespace) +{ + element_t element, item, meta; + const gchar *xml; + + xml = "" \ +" " \ +" $0.99 Kindle Books project $0.99 Kindle Books (aka com.kindle.books.for99) for android 6.0" \ +" " \ +" Product information" \ +" Government Advisory" \ +" " \ +" " \ +" " \ +""; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("cpe-list")); + item = element_child (element, "cpe-item"); + assert_that (item, is_not_null); + meta = element_child (item, "item-metadata"); + assert_that (meta, is_not_null); + // NB + assert_that (element_name (meta), is_equal_to_string ("item-metadata")); + //assert_that (element_name (meta), is_equal_to_string ("meta:item-metadata")); +} + +Ensure (xmlutils, parse_element_item_handles_cdata) +{ + element_t element; + const gchar *xml; + + xml = ""; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + assert_that (element_name (element), is_equal_to_string ("description")); + assert_that (element_text (element), is_equal_to_string ("Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. CVE-2011-1109 Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1113 Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service via unspecified vectors. CVE-2011-1114 Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." CVE-2011-1115 Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1121 Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element. CVE-2011-1122 The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service via unspecified vectors, aka Issue 71960. In addition, this upload fixes the following issues : Out-of-bounds read in text searching [69640] Memory corruption in SVG fonts. [72134] Memory corruption with counter nodes. [69628] Stale node in box layout. [70027] Cross-origin error message leak with workers. [70336] Stale pointer in table painting. [72028] Stale pointer with SVG cursors. [73746]")); +} + +/* next_element. */ + +Ensure (xmlutils, next_element_handles_multiple_children) +{ + element_t element, child; + const gchar *xml; + + xml = "123"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + + assert_that (element_name (element), is_equal_to_string ("top")); + + child = element_first_child (element); + assert_that (child, is_not_null); + assert_that (element_name (child), is_equal_to_string ("a")); + assert_that (element_text (child), is_equal_to_string ("1")); + + child = element_next (child); + assert_that (child, is_not_null); + assert_that (element_name (child), is_equal_to_string ("b")); + assert_that (element_text (child), is_equal_to_string ("2")); + + child = element_next (child); + assert_that (child, is_not_null); + assert_that (element_name (child), is_equal_to_string ("c")); + assert_that (element_text (child), is_equal_to_string ("3")); +} + +Ensure (xmlutils, parse_element_free_using_child) +{ + element_t element; + const gchar *xml; + + xml = "1"; + + assert_that (parse_element (xml, &element), is_equal_to (0)); + assert_that (element_name (element), is_equal_to_string ("a")); + element = element_child (element, "b"); + assert_that (element, is_not_null); + element = element_child (element, "c"); + assert_that (element, is_not_null); + element_free (element); +} + +/* Test suite. */ + +int +main (int argc, char **argv) +{ + TestSuite *suite; + + suite = create_test_suite (); + + add_test_with_context (suite, xmlutils, parse_entity_parses_simple_xml); + add_test_with_context (suite, xmlutils, parse_entity_parses_xml_with_attributes); + add_test_with_context (suite, xmlutils, parse_entity_handles_declaration); + add_test_with_context (suite, xmlutils, parse_entity_handles_namespace); + add_test_with_context (suite, xmlutils, parse_entity_oval_timestamp); + + add_test_with_context (suite, xmlutils, next_entities_handles_multiple_children); + + add_test_with_context (suite, xmlutils, parse_element_parses_simple_xml); + add_test_with_context (suite, xmlutils, parse_element_parses_xml_with_attributes); + add_test_with_context (suite, xmlutils, parse_element_handles_declaration); + add_test_with_context (suite, xmlutils, parse_element_handles_namespace); + add_test_with_context (suite, xmlutils, parse_element_oval_timestamp); + add_test_with_context (suite, xmlutils, parse_element_item_metadata); + add_test_with_context (suite, xmlutils, parse_element_item_metadata_with_namespace); + add_test_with_context (suite, xmlutils, parse_element_item_handles_cdata); + add_test_with_context (suite, xmlutils, parse_element_free_using_child); + + add_test_with_context (suite, xmlutils, next_element_handles_multiple_children); + + if (argc > 1) + return run_single_test (suite, argv[1], create_text_reporter ()); + + return run_test_suite (suite, create_text_reporter ()); +} From 9757286d2ba82d6cb89e908c04724eaffe5317ba Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Fri, 22 Nov 2019 00:04:18 +0200 Subject: [PATCH 2/4] Include all modules in cmake tests target --- CMakeLists.txt | 3 +++ base/CMakeLists.txt | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f0edad046..24c71b04a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -223,6 +223,9 @@ configure_file (VERSION.in ${CMAKE_BINARY_DIR}/VERSION @ONLY) enable_testing () +add_custom_target (tests + DEPENDS array-test xmlutils-test) + ## Program if (NOT SKIP_SRC) diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt index f57de5b0e..ae16e750b 100644 --- a/base/CMakeLists.txt +++ b/base/CMakeLists.txt @@ -80,9 +80,6 @@ add_test (array-test array-test) target_link_libraries (array-test cgreen ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS}) -add_custom_target (tests - DEPENDS array-test) - ## Install From 6ba8c18e2dc80a206403f65371b1f623bcef7890 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Fri, 22 Nov 2019 00:06:55 +0200 Subject: [PATCH 3/4] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52b45e1cf..1ca259ec7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ### Added - Add option to set finished hosts in OSP targets [#298](https://github.com/greenbone/gvm-libs/pull/298) +- Add a fast memory-only XML parser [#299](https://github.com/greenbone/gvm-libs/pull/299) ### Fixed - Fix sigsegv when no plugin_feed_info.inc file present. [#278](https://github.com/greenbone/gvm-libs/pull/278) From 0648f4046914c0176323c228d61bcd560b783fa3 Mon Sep 17 00:00:00 2001 From: Matt Mundell Date: Fri, 22 Nov 2019 11:08:25 +0200 Subject: [PATCH 4/4] Correct test name --- util/xmlutils_tests.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/util/xmlutils_tests.c b/util/xmlutils_tests.c index 14d4a050b..1296e8c4e 100644 --- a/util/xmlutils_tests.c +++ b/util/xmlutils_tests.c @@ -321,9 +321,9 @@ Ensure (xmlutils, parse_element_item_handles_cdata) assert_that (element_text (element), is_equal_to_string ("Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-1108 Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document. CVE-2011-1109 Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1113 Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not properly perform pickle deserialization, which allows remote attackers to cause a denial of service via unspecified vectors. CVE-2011-1114 Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." CVE-2011-1115 Google Chrome before 9.0.597.107 does not properly render tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." CVE-2011-1121 Integer overflow in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a TEXTAREA element. CVE-2011-1122 The WebGL implementation in Google Chrome before 9.0.597.107 allows remote attackers to cause a denial of service via unspecified vectors, aka Issue 71960. In addition, this upload fixes the following issues : Out-of-bounds read in text searching [69640] Memory corruption in SVG fonts. [72134] Memory corruption with counter nodes. [69628] Stale node in box layout. [70027] Cross-origin error message leak with workers. [70336] Stale pointer in table painting. [72028] Stale pointer with SVG cursors. [73746]")); } -/* next_element. */ +/* element_next. */ -Ensure (xmlutils, next_element_handles_multiple_children) +Ensure (xmlutils, element_next_handles_multiple_children) { element_t element, child; const gchar *xml; @@ -393,7 +393,7 @@ main (int argc, char **argv) add_test_with_context (suite, xmlutils, parse_element_item_handles_cdata); add_test_with_context (suite, xmlutils, parse_element_free_using_child); - add_test_with_context (suite, xmlutils, next_element_handles_multiple_children); + add_test_with_context (suite, xmlutils, element_next_handles_multiple_children); if (argc > 1) return run_single_test (suite, argv[1], create_text_reporter ());