|
//------------------------------------------------------------------------------
// <copyright file="XmlUtils.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//------------------------------------------------------------------------------
namespace System.Web.Util {
using System.IO;
using System.Xml;
using System.Xml.XPath;
using System.Xml.Xsl;
using System.Diagnostics.CodeAnalysis;
internal static class XmlUtils
{
public static readonly long MaxEntityExpansion = 1024 * 1024;
[SuppressMessage("Microsoft.Security", "MSEC1208:DoNotUseLoadXml", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3057:DoNotUseLoadXml", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public static XmlDocument CreateXmlDocumentFromContent(string content)
{
XmlDocument doc = new XmlDocument();
if (AppSettings.RestrictXmlControls) {
// We can't use the simple XmlDocument.LoadXml(string) here because there is no way to control the
// resolver used in that process. The only way we can do that is if we pass in our own XmlReader.
using (StringReader sreader = new StringReader(content)) {
doc.Load(CreateXmlReader(sreader));
}
}
else {
doc.LoadXml(content);
}
return doc;
}
[SuppressMessage("Microsoft.Security", "MSEC1210:UseXmlReaderForXPathDocument", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3059:UseXmlReaderForXPathDocument", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public static XPathDocument CreateXPathDocumentFromContent(string content)
{
StringReader reader = new StringReader(content);
if (AppSettings.RestrictXmlControls) {
return new XPathDocument(CreateXmlReader(reader));
}
else {
return new XPathDocument(reader);
}
}
[SuppressMessage("Microsoft.Security", "MSEC1220:ReviewDtdProcessingAssignment", Justification = "Dtd processing is needed for back-compat, but is being done as safely as possible.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3069:ReviewDtdProcessingAssignment", Justification = "Dtd processing is needed for back-compat, but is being done as safely as possible.")]
public static XmlReaderSettings CreateXmlReaderSettings()
{
XmlReaderSettings settings = new XmlReaderSettings();
if (AppSettings.RestrictXmlControls)
{
settings.MaxCharactersFromEntities = XmlUtils.MaxEntityExpansion;
settings.XmlResolver = null;
// Prohibit is the default here. We don't need to prohibit DTD's, or even ignore them if we're using
// RestrictXmlControls, because we use a null resolver and limit/disable entity expansion.
settings.DtdProcessing = DtdProcessing.Parse;
}
return settings;
}
// Ideally, these XmlReader factories would use XmlReader.Create() in the non-RestrictXmlControls case,
// but the default settings on that method are different from the default settings generated by XmlTextReader
// constructors, which is the code we're replacing with these factories. Since we want to keep doing
// whatever it was that we did before in this case, we'll just new up an XmlTextReader rather than
// try to guess at how to set matching defaults with XmlReader.Create().
// (E.g. DtdProcessing is Parse by default using XmlTextReader directly. It's Prohibit in default XmlReaderSettings.)
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3054:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security", "MSEC1225:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3074:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
public static XmlReader CreateXmlReader(string filepath)
{
if (AppSettings.RestrictXmlControls)
{
NoEntitiesXmlTextReader nextr = new NoEntitiesXmlTextReader(filepath);
return XmlReader.Create(nextr, CreateXmlReaderSettings());
}
else
{
XmlTextReader xtr = new XmlTextReader(filepath);
return xtr;
}
}
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3054:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security", "MSEC1225:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3074:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
public static XmlReader CreateXmlReader(Stream datastream)
{
if (AppSettings.RestrictXmlControls)
{
NoEntitiesXmlTextReader nextr = new NoEntitiesXmlTextReader(datastream);
return XmlReader.Create(nextr, CreateXmlReaderSettings());
}
else
{
XmlTextReader xtr = new XmlTextReader(datastream);
return xtr;
}
}
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3054:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security", "MSEC1225:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3074:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
public static XmlReader CreateXmlReader(TextReader reader)
{
if (AppSettings.RestrictXmlControls)
{
NoEntitiesXmlTextReader nextr = new NoEntitiesXmlTextReader(reader);
return XmlReader.Create(nextr, CreateXmlReaderSettings());
}
else
{
XmlTextReader xtr = new XmlTextReader(reader);
return xtr;
}
}
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3054:DoNotAllowDtdOnXmlTextReader", Justification = "Handles trusted or developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security", "MSEC1225:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3074:ReviewClassesDerivedFromXmlTextReader", Justification = "NoEntitiesXmlReader is our internal mechanism for using XmlTextReaders in a reasonably safe manner.")]
public static XmlReader CreateXmlReader(Stream contentStream, string baseURI)
{
if (AppSettings.RestrictXmlControls)
{
NoEntitiesXmlTextReader nextr = new NoEntitiesXmlTextReader(baseURI, contentStream);
return XmlReader.Create(nextr, CreateXmlReaderSettings());
}
else
{
XmlTextReader xtr = new XmlTextReader(baseURI, contentStream);
return xtr;
}
}
// If you use any of these overloads that take in XmlReaderSettings, the suggestion is to get your base settings from
// CreateXmlReaderSettings(). That way you will have the correct defaults for RestrictXmlControls if applicable.
// Then you need to be smart about which settings you change before passing in here, because we will not
// re-enforce the correct settings, just in case you intentionally meant to change them.
public static XmlReader CreateXmlReader(TextReader reader, string baseURI, XmlReaderSettings settings)
{
if (settings == null) {
settings = CreateXmlReaderSettings();
}
// Note: If there is nothing materially changed in the settings, then Create() will just return your reader back
// to you and reader.Settings might still be null.
return XmlReader.Create(reader, settings, baseURI);
}
public static XslCompiledTransform CreateXslCompiledTransform(XmlReader xmlReader)
{
XmlReader readerToUse = xmlReader;
// XslCompiledTransform reconstructs its own XmlReader from scratch, so we can't rely entirely on the fancy
// protections we have in place on our readers. We need to bring out a bigger hammer and disable DTD's
// alltogether. We know how to work with XmlTextReader and which of its settings XslCompiledTransform will
// respect. For other reader types, just try to wrap it with new settings.
if (AppSettings.RestrictXmlControls) {
XmlTextReader xtr = xmlReader as XmlTextReader;
if (xtr != null) {
xtr.DtdProcessing = DtdProcessing.Ignore;
}
else {
XmlReaderSettings settings = xmlReader.Settings;
if (settings == null) {
settings = CreateXmlReaderSettings();
}
settings.DtdProcessing = DtdProcessing.Ignore;
readerToUse = XmlReader.Create(xmlReader, settings);
}
}
XslCompiledTransform compiledTransform = new XslCompiledTransform();
// The second parameter is XsltSettings. null results in the XsltSettings.Default being used, which disables the document function, and script
// The third parameter is an XmlResolver to be used
compiledTransform.Load(readerToUse, null, null);
return compiledTransform;
}
#pragma warning disable 0618 // To avoid deprecation warning
[SuppressMessage("Microsoft.Security", "MSEC1201:DoNotUseXslTransform", Justification = "Handles developer-controlled input xsl. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3050:DoNotUseXslTransform", Justification = "Handles developer-controlled input xsl. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public static XslTransform CreateXslTransform(XmlReader reader)
{
if (!AppSettings.RestrictXmlControls)
{
XslTransform xform = new XslTransform();
xform.Load(reader);
return xform;
}
return null;
}
[SuppressMessage("Microsoft.Security", "MSEC1201:DoNotUseXslTransform", Justification = "Handles developer-controlled input xsl. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
[SuppressMessage("Microsoft.Security.Xml", "CA3050:DoNotUseXslTransform", Justification = "Handles developer-controlled input xsl. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public static XslTransform CreateXslTransform(XmlReader reader, XmlResolver resolver)
{
if (!AppSettings.RestrictXmlControls)
{
XslTransform xform = new XslTransform();
xform.Load(reader, resolver, null);
return xform;
}
return null;
}
public static XslTransform GetXslTransform(XslTransform xform)
{
return (AppSettings.RestrictXmlControls ? null : xform);
}
#pragma warning restore 0618
// This class exists to override the ResolveEntity() method, which can be used to force resolution of custom/external
// entities in Xml files. When we use this class, we should have already set EntityHandling to EntityHandling.ExpandCharEntities,
// which will disable custom/external entity expansion by default. But this extra protection will keep people from unintentionally
// shooting themselves in the foot when they think they might have been safe.
private sealed class NoEntitiesXmlTextReader : XmlTextReader
{
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public NoEntitiesXmlTextReader() : base() { Restrict(); }
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public NoEntitiesXmlTextReader(string filepath) : base(filepath) { Restrict(); }
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public NoEntitiesXmlTextReader(TextReader reader) : base(reader) { Restrict(); }
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public NoEntitiesXmlTextReader(Stream datastream) : base(datastream) { Restrict(); }
[SuppressMessage("Microsoft.Security", "MSEC1205:DoNotAllowDtdOnXmlTextReader", Justification = "Handles developer-controlled input xml. Optional safer codepath available via appSettings/aspnet:RestrictXmlControls configuration.")]
public NoEntitiesXmlTextReader(string baseURI, Stream contentStream) : base(baseURI, contentStream) { Restrict(); }
public override void ResolveEntity()
{
// Do not ever do general entity expansion/replacement, even when asked
return;
}
private void Restrict() {
EntityHandling = EntityHandling.ExpandCharEntities;
XmlResolver = null;
}
}
}
}
|