From b634796ad03d009ec9ef593f6a881a964e7f0d31 Mon Sep 17 00:00:00 2001
From: Thanos Doukoudakis <thanos.doukoudakis@isode.com>
Date: Tue, 13 Jun 2017 15:41:00 +0100
Subject: Handle badly-formed labels catalogue

Updated the code to ignore labels that belong to a catalog item that is
malformed and not added as a valid item.

Test-Information:

Added unit tests for badly formed catalog items and labels.
Tested on Windows 10 (Qt 5.7.1) and Ubuntu 16.04 (Qt 5.5.1)

Change-Id: I11fbd3b54faa3ee225a08a87ad8ed59977b7ff20

diff --git a/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp b/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp
index 1897080..58b0af0 100644
--- a/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp
+++ b/Swiften/Parser/PayloadParsers/SecurityLabelsCatalogParser.cpp
@@ -34,7 +34,7 @@ void SecurityLabelsCatalogParser::handleStartElement(const std::string& element,
         currentItem_->setSelector(attributes.getAttribute("selector"));
         currentItem_->setIsDefault(attributes.getBoolAttribute("default", false));
     }
-    else if (level_ == LabelLevel) {
+    else if (level_ == LabelLevel && currentItem_) {
         assert(!labelParser_);
         if (labelParserFactory_->canParse(element, ns, attributes)) {
             labelParser_ = dynamic_cast<SecurityLabelParser*>(labelParserFactory_->createPayloadParser());
diff --git a/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp b/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp
index 2b992b1..ee7668c 100644
--- a/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp
+++ b/Swiften/Parser/PayloadParsers/UnitTest/SecurityLabelsCatalogParserTest.cpp
@@ -16,6 +16,7 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture
 {
         CPPUNIT_TEST_SUITE(SecurityLabelsCatalogParserTest);
         CPPUNIT_TEST(testParse);
+        CPPUNIT_TEST(testParseInvalidInput);
         CPPUNIT_TEST_SUITE_END();
 
     public:
@@ -46,6 +47,7 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture
             CPPUNIT_ASSERT_EQUAL(std::string("an example set of labels"), payload->getDescription());
             CPPUNIT_ASSERT_EQUAL(JID("example.com"), payload->getTo());
             CPPUNIT_ASSERT_EQUAL(3, static_cast<int>(payload->getItems().size()));
+
             CPPUNIT_ASSERT_EQUAL(std::string("SECRET"), payload->getItems()[0].getLabel()->getDisplayMarking());
             CPPUNIT_ASSERT_EQUAL(std::string("<esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel>"), payload->getItems()[0].getLabel()->getLabel());
             CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[0].getIsDefault());
@@ -58,6 +60,61 @@ class SecurityLabelsCatalogParserTest : public CppUnit::TestFixture
             CPPUNIT_ASSERT_EQUAL(std::string("Unclassified|UNCLASSIFIED"), payload->getItems()[2].getSelector());
             CPPUNIT_ASSERT(!payload->getItems()[2].getLabel());
         }
+
+        void testParseInvalidInput() {
+            PayloadsParserTester parser;
+
+            CPPUNIT_ASSERT(parser.parse(
+                "<catalog desc=\"an example set of labels\" name=\"Default\" to=\"example.com\" xmlns=\"urn:xmpp:sec-label:catalog:2\">"
+                 "<item selector='Classified|INVALID-SECRET' xmlns=\"\">"
+                     "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">"
+                         "<displaymarking bgcolor=\"red\" fgcolor=\"black\">INVALID-SECRET</displaymarking>"
+                         "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>"
+                     "</securitylabel>"
+                 "</item>"
+                 "<item selector='Classified|INVALID-TOPSECRET' xmlns=\"urn:xmpp:sec-label:catalog:invalid:2\">"
+                    "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">"
+                        "<displaymarking bgcolor=\"red\" fgcolor=\"black\">INVALID-TOPSECRET</displaymarking>"
+                        "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>"
+                    "</securitylabel>"
+                 "</item>"
+                 "<item selector='Classified|CONFIDENTIAL' default='true' xmlns=\"urn:xmpp:sec-label:catalog:2\">"
+                     "<securitylabel xmlns=\"urn:xmpp:sec-label:0\">"
+                         "<displaymarking bgcolor=\"navy\" fgcolor=\"black\">CONFIDENTIAL</displaymarking>"
+                         "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQMGASk=</esssecuritylabel></label>"
+                     "</securitylabel>"
+                 "</item>"
+                 "<item selector='Classified|INVALID-LABEL'>"
+                     "<securitylabel xmlns=\"\">"
+                         "<displaymarking bgcolor=\"yellow\" fgcolor=\"black\">INVALID</displaymarking>"
+                         "<label><esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQYCAQQGASk=</esssecuritylabel></label>"
+                     "</securitylabel>"
+                 "</item>"
+                 "<item selector='Unclassified|UNCLASSIFIED'/>"
+                "</catalog>"));
+
+            SecurityLabelsCatalog* payload = dynamic_cast<SecurityLabelsCatalog*>(parser.getPayload().get());
+            CPPUNIT_ASSERT_EQUAL(std::string("Default"), payload->getName());
+            CPPUNIT_ASSERT_EQUAL(std::string("an example set of labels"), payload->getDescription());
+            CPPUNIT_ASSERT_EQUAL(JID("example.com"), payload->getTo());
+            CPPUNIT_ASSERT_EQUAL(3, static_cast<int>(payload->getItems().size()));
+
+            CPPUNIT_ASSERT(payload->getItems()[0].getLabel());
+            if (payload->getItems()[0].getLabel()) {
+                CPPUNIT_ASSERT_EQUAL(std::string("CONFIDENTIAL"), payload->getItems()[0].getLabel()->getDisplayMarking());
+                CPPUNIT_ASSERT_EQUAL(std::string("<esssecuritylabel xmlns=\"urn:xmpp:sec-label:ess:0\">MQMGASk=</esssecuritylabel>"), payload->getItems()[0].getLabel()->getLabel());
+                CPPUNIT_ASSERT_EQUAL(true, payload->getItems()[0].getIsDefault());
+                CPPUNIT_ASSERT_EQUAL(std::string("Classified|CONFIDENTIAL"), payload->getItems()[0].getSelector());
+            }
+            //The label is invalid, but the rest of the item entry should be there.
+            CPPUNIT_ASSERT(!payload->getItems()[1].getLabel());
+            CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[1].getIsDefault());
+            CPPUNIT_ASSERT_EQUAL(std::string("Classified|INVALID-LABEL"), payload->getItems()[1].getSelector());
+            CPPUNIT_ASSERT_EQUAL(false, payload->getItems()[2].getIsDefault());
+            CPPUNIT_ASSERT_EQUAL(std::string("Unclassified|UNCLASSIFIED"), payload->getItems()[2].getSelector());
+            CPPUNIT_ASSERT(!payload->getItems()[2].getLabel());
+        }
+
 };
 
 CPPUNIT_TEST_SUITE_REGISTRATION(SecurityLabelsCatalogParserTest);
-- 
cgit v0.10.2-6-g49f6