From b634796ad03d009ec9ef593f6a881a964e7f0d31 Mon Sep 17 00:00:00 2001 From: Thanos Doukoudakis <thanos.doukoudakis@isode.com> Date: Tue, 13 Jun 2017 15:41:00 +0100 Subject: Handle badly-formed labels catalogue Updated the code to ignore labels that belong to a catalog item that is malformed and not added as a valid item. Test-Information: Added unit tests for badly formed catalog items and labels. Tested on Windows 10 (Qt 5.7.1) and Ubuntu 16.04 (Qt 5.5.1) Change-Id: I11fbd3b54faa3ee225a08a87ad8ed59977b7ff20 diff --git a/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp b/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp index 1897080..58b0af0 100644 --- a/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp +++ b/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp @@ -34,7 +34,7 @@ void SecurityLabelsCatalogParser::handleStartElement(const std::string& element, currentItem_->setSelector(attributes.getAttribute("selector")); currentItem_->setIsDefault(attributes.getBoolAttribute("default", false)); } - else if (level_ == LabelLevel) { + else if (level_ == LabelLevel && currentItem_) { assert(!labelParser_); if (labelParserFactory_->canParse(element, ns, attributes)) { labelParser_ = dynamic_cast<SecurityLabelParser*>(labelParserFactory_->createPayloadParser()); diff --git a/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp b/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp index 2b992b1..ee7668c 100644 --- a/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp +++ b/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp @@ -16,6 +16,7 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(SecurityLabelsCatalogParserTest); CPPUNIT_TEST(testParse); + CPPUNIT_TEST(testParseInvalidInput); CPPUNIT_TEST_SUITE_END(); public: @@ -46,6 +47,7 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture CPPUNIT_ASSERT_EQUAL(std::string("an example set of labels"), payload->getDescription()); CPPUNIT_ASSERT_EQUAL(JID("example.com"), payload->getTo()); CPPUNIT_ASSERT_EQUAL(3, static_cast<int>(payload->getItems().size())); + CPPUNIT_ASSERT_EQUAL(std::string("SECRET"), payload->getItems()[0].getLabel()->getDisplayMarking()); CPPUNIT_ASSERT_EQUAL(std::string("<esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel>"), payload->getItems()[0].getLabel()->getLabel()); CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[0].getIsDefault()); @@ -58,6 +60,61 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture CPPUNIT_ASSERT_EQUAL(std::string("Unclassified|UNCLASSIFIED"), payload->getItems()[2].getSelector()); CPPUNIT_ASSERT(!payload->getItems()[2].getLabel()); } + + void testParseInvalidInput() { + PayloadsParserTester parser; + + CPPUNIT_ASSERT(parser.parse( + "<catalog desc=\"an example set of labels\" name=\"Default\" to=\"example.com\" xmlns=\"urn:xmpp:sec-label:catalog:2\">" + "<item selector='Classified|INVALID-SECRET' xmlns=\"\">" + "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">" + "<displaymarking bgcolor=\"red\" fgcolor=\"black\">INVALID-SECRET</displaymarking>" + "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>" + "</securitylabel>" + "</item>" + "<item selector='Classified|INVALID-TOPSECRET' xmlns=\"urn:xmpp:sec-label:catalog:invalid:2\">" + "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">" + "<displaymarking bgcolor=\"red\" fgcolor=\"black\">INVALID-TOPSECRET</displaymarking>" + "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>" + "</securitylabel>" + "</item>" + "<item selector='Classified|CONFIDENTIAL' default='true' xmlns=\"urn:xmpp:sec-label:catalog:2\">" + "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">" + "<displaymarking bgcolor=\"navy\" fgcolor=\"black\">CONFIDENTIAL</displaymarking>" + "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQMGASk=</esssecuritylabel></label>" + "</securitylabel>" + "</item>" + "<item selector='Classified|INVALID-LABEL'>" + "<securitylabel xmlns=\"\">" + "<displaymarking bgcolor=\"yellow\" fgcolor=\"black\">INVALID</displaymarking>" + "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>" + "</securitylabel>" + "</item>" + "<item selector='Unclassified|UNCLASSIFIED'/>" + "</catalog>")); + + SecurityLabelsCatalog* payload = dynamic_cast<SecurityLabelsCatalog*>(parser.getPayload().get()); + CPPUNIT_ASSERT_EQUAL(std::string("Default"), payload->getName()); + CPPUNIT_ASSERT_EQUAL(std::string("an example set of labels"), payload->getDescription()); + CPPUNIT_ASSERT_EQUAL(JID("example.com"), payload->getTo()); + CPPUNIT_ASSERT_EQUAL(3, static_cast<int>(payload->getItems().size())); + + CPPUNIT_ASSERT(payload->getItems()[0].getLabel()); + if (payload->getItems()[0].getLabel()) { + CPPUNIT_ASSERT_EQUAL(std::string("CONFIDENTIAL"), payload->getItems()[0].getLabel()->getDisplayMarking()); + CPPUNIT_ASSERT_EQUAL(std::string("<esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQMGASk=</esssecuritylabel>"), payload->getItems()[0].getLabel()->getLabel()); + CPPUNIT_ASSERT_EQUAL(true, payload->getItems()[0].getIsDefault()); + CPPUNIT_ASSERT_EQUAL(std::string("Classified|CONFIDENTIAL"), payload->getItems()[0].getSelector()); + } + //The label is invalid, but the rest of the item entry should be there. + CPPUNIT_ASSERT(!payload->getItems()[1].getLabel()); + CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[1].getIsDefault()); + CPPUNIT_ASSERT_EQUAL(std::string("Classified|INVALID-LABEL"), payload->getItems()[1].getSelector()); + CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[2].getIsDefault()); + CPPUNIT_ASSERT_EQUAL(std::string("Unclassified|UNCLASSIFIED"), payload->getItems()[2].getSelector()); + CPPUNIT_ASSERT(!payload->getItems()[2].getLabel()); + } + }; CPPUNIT_TEST_SUITE_REGISTRATION(SecurityLabelsCatalogParserTest); -- cgit v0.10.2-6-g49f6