Reduce direct XML state coupling and formalize XML error model

Author: Easton97-Jens

build/libxml.m4

@@ -8,5 +8,69 @@ dnl  LIBXML2_DISPLAY
 dnl  LIBXML2_FOUND
 
 AC_DEFUN([CHECK_LIBXML2], [
-MSC_CHECK_LIB([LIBXML2], [libxml-2.0], [libxml/parser.h], [xml2], [-DWITH_LIBXML2], [2.6.29], [libxml])
+AC_ARG_WITH([libxml2-source],
+    [AS_HELP_STRING([--with-libxml2-source=SOURCE],
+        [Select libxml2 source: vendor (others/libxml2) or system [default=vendor]])],
+    [msc_libxml2_source="$withval"],
+    [msc_libxml2_source="vendor"])
+
+AS_CASE([$msc_libxml2_source],
+    [vendor|system], [],
+    [AC_MSG_ERROR([Unsupported --with-libxml2-source value '$msc_libxml2_source'. Use vendor or system.])])
+
+if test "x$with_libxml" = "xno"; then
+    AC_MSG_NOTICE([LIBXML2 support disabled via --without-libxml])
+    LIBXML2_FOUND=2
+    LIBXML2_CFLAGS=""
+    LIBXML2_LDADD=""
+    LIBXML2_LDFLAGS=""
+    LIBXML2_VERSION=""
+    LIBXML2_DISPLAY=""
+elif test "x$msc_libxml2_source" = "xvendor"; then
+    LIBXML2_VENDOR_DIR="${PWD}/others/libxml2"
+    LIBXML2_VENDOR_BUILD_DIR="${PWD}/others/libxml2-vendor-build"
+
+    if ! test -f "${LIBXML2_VENDOR_DIR}/CMakeLists.txt"; then
+        AC_MSG_ERROR([\
+
+
+  Vendored libxml2 was not found at ${LIBXML2_VENDOR_DIR}.
+  Initialize submodules first:
+
+     $ git submodule update --init --recursive
+
+        ])
+    fi
+
+    AC_MSG_NOTICE([Configuring vendored libxml2 from ${LIBXML2_VENDOR_DIR}])
+    AS_MKDIR_P(["${LIBXML2_VENDOR_BUILD_DIR}"])
+
+    LIBXML2_VENDOR_CONFIGURE_CMD="cmake -S \"${LIBXML2_VENDOR_DIR}\" -B \"${LIBXML2_VENDOR_BUILD_DIR}\" -DBUILD_SHARED_LIBS=OFF -DLIBXML2_WITH_PYTHON=OFF -DLIBXML2_WITH_PROGRAMS=OFF -DLIBXML2_WITH_TESTS=OFF -DLIBXML2_WITH_ZLIB=OFF -DLIBXML2_WITH_ICONV=OFF -DLIBXML2_WITH_ICU=OFF"
+    AC_MSG_NOTICE([${LIBXML2_VENDOR_CONFIGURE_CMD}])
+    if ! eval "${LIBXML2_VENDOR_CONFIGURE_CMD}"; then
+        AC_MSG_ERROR([Failed to configure vendored libxml2 with CMake.])
+    fi
+
+    LIBXML2_VENDOR_BUILD_CMD="cmake --build \"${LIBXML2_VENDOR_BUILD_DIR}\" --target LibXml2"
+    AC_MSG_NOTICE([${LIBXML2_VENDOR_BUILD_CMD}])
+    if ! eval "${LIBXML2_VENDOR_BUILD_CMD}"; then
+        AC_MSG_ERROR([Failed to build vendored libxml2.])
+    fi
+
+    LIBXML2_CFLAGS="-DWITH_LIBXML2 -I${LIBXML2_VENDOR_DIR}/include -I${LIBXML2_VENDOR_BUILD_DIR} -I${LIBXML2_VENDOR_BUILD_DIR}/libxml"
+    LIBXML2_LDADD="-lxml2"
+    LIBXML2_LDFLAGS="-L${LIBXML2_VENDOR_BUILD_DIR} -Wl,-rpath,${LIBXML2_VENDOR_BUILD_DIR}"
+    LIBXML2_VERSION=`cd "${LIBXML2_VENDOR_DIR}" && git describe --tags --always 2>/dev/null || echo unknown`
+    LIBXML2_DISPLAY="vendored source: ${LIBXML2_VENDOR_DIR}, build: ${LIBXML2_VENDOR_BUILD_DIR}"
+    LIBXML2_FOUND=1
+else
+    MSC_CHECK_LIB([LIBXML2], [libxml-2.0], [libxml/parser.h], [xml2], [-DWITH_LIBXML2], [2.6.29], [libxml])
+fi
+
+AC_SUBST([LIBXML2_CFLAGS])
+AC_SUBST([LIBXML2_LDADD])
+AC_SUBST([LIBXML2_LDFLAGS])
+AC_SUBST([LIBXML2_VERSION])
+AC_SUBST([LIBXML2_DISPLAY])
+AC_SUBST([LIBXML2_FOUND])
 ]) # AC_DEFUN [CHECK_LIBXML2]

src/operators/validate_dtd.cc

@@ -38,22 +38,13 @@ bool ValidateDTD::init(const std::string &file, std::string *error) {
 
 
 bool ValidateDTD::evaluate(Transaction *transaction, const std::string &str) {
-
-    XmlDtdPtrManager dtd(xmlParseDTD(NULL, reinterpret_cast<const xmlChar *>(m_resource.c_str())));
-    if (dtd.get() == NULL) {
-        std::string err = std::string("XML: Failed to load DTD: ") \
-            + m_resource;
-        ms_dbg_a(transaction, 4, err);
-        return true;
-    }
-
-    if (transaction->m_xml->m_data.doc == NULL) {
+    if (!transaction->m_xml->hasDocument()) {
         ms_dbg_a(transaction, 4, "XML document tree could not "\
             "be found for DTD validation.");
         return true;
     }
 
-    if (transaction->m_xml->m_data.well_formed != 1) {
+    if (!transaction->m_xml->isWellFormed()) {
         ms_dbg_a(transaction, 4, "XML: DTD validation failed because " \
             "content is not well formed.");
         return true;
@@ -69,28 +60,14 @@ bool ValidateDTD::evaluate(Transaction *transaction, const std::string &str) {
     }
 #endif
 
-    xmlValidCtxtPtr cvp = xmlNewValidCtxt();
-    if (cvp == NULL) {
-        ms_dbg_a(transaction, 4, "XML: Failed to create a validation context.");
-        return true;
-    }
-
-    /* Send validator errors/warnings to msr_log */
-    cvp->error = (xmlSchemaValidityErrorFunc)error_runtime;
-    cvp->warning = (xmlSchemaValidityErrorFunc)warn_runtime;
-    cvp->userData = transaction;
-
-    if (!xmlValidateDtd(cvp, transaction->m_xml->m_data.doc, dtd.get())) {
+    if (!transaction->m_xml->validateDocumentAgainstDtd(m_resource)) {
         ms_dbg_a(transaction, 4, "XML: DTD validation failed.");
-        xmlFreeValidCtxt(cvp);
         return true;
     }
 
     ms_dbg_a(transaction, 4, std::string("XML: Successfully validated " \
         "payload against DTD: ") + m_resource);
 
-    xmlFreeValidCtxt(cvp);
-
     return false;
 }
 #endif

src/operators/validate_dtd.h

@@ -19,39 +19,16 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#ifdef WITH_LIBXML2
-#include <libxml/xmlschemas.h>
-#include <libxml/xpath.h>
-#endif
 #include <string>
 #include <memory>
 #include <utility>
 
 #include "src/operators/operator.h"
-#include "validate_schema.h"
 
 
 namespace modsecurity {
 namespace operators {
 
-#ifdef WITH_LIBXML2
-class XmlDtdPtrManager {
- public:
-    /** @ingroup ModSecurity_Operator */
-    explicit XmlDtdPtrManager(xmlDtdPtr dtd)
-        : m_dtd(dtd) { }
-    ~XmlDtdPtrManager() {
-        if (m_dtd != NULL) {
-            xmlFreeDtd(m_dtd);
-            m_dtd = NULL;
-        }
-    }
-    xmlDtdPtr get() const {return m_dtd;}
- private:
-    xmlDtdPtr m_dtd; // The resource being managed
-};
-#endif
-
 class ValidateDTD : public Operator {
  public:
     /** @ingroup ModSecurity_Operator */
@@ -62,22 +39,6 @@ class ValidateDTD : public Operator {
     bool init(const std::string &file, std::string *error) override;
 
 
-    static void error_runtime(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        ValidateSchema::callback_func(ctx, ValidateSchema::log_msg, ValidateSchema::PREFIX_ERROR, msg, args);
-        va_end(args);
-    }
-
-
-    static void warn_runtime(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        ValidateSchema::callback_func(ctx, ValidateSchema::log_msg, ValidateSchema::PREFIX_WARNING, msg, args);
-        va_end(args);
-    }
-
-
  private:
     std::string m_resource;
 #endif

src/operators/validate_schema.cc

@@ -42,72 +42,23 @@ bool ValidateSchema::init(const std::string &file, std::string *error) {
 bool ValidateSchema::evaluate(Transaction *transaction,
     const std::string &str) {
 
-    if (transaction->m_xml->m_data.doc == NULL) {
+    if (!transaction->m_xml->hasDocument()) {
         ms_dbg_a(transaction, 4, "XML document tree could not be found for " \
             "schema validation.");
         return true;
     }
 
-    if (transaction->m_xml->m_data.well_formed != 1) {
+    if (!transaction->m_xml->isWellFormed()) {
         ms_dbg_a(transaction, 4, "XML: Schema validation failed because " \
             "content is not well formed.");
         return true;
     }
 
-    xmlSchemaParserCtxtPtr parserCtx = xmlSchemaNewParserCtxt(m_resource.c_str());
-    if (parserCtx == NULL) {
-        std::stringstream err;
-        err << "XML: Failed to load Schema from file: ";
-        err << m_resource;
-        err << ". ";
-        if (m_err.empty() == false) {
-            err << m_err;
+    m_err.clear();
+    if (!transaction->m_xml->validateDocumentAgainstSchema(m_resource, &m_err)) {
+        if (!m_err.empty()) {
+            ms_dbg_a(transaction, 4, m_err);
         }
-        ms_dbg_a(transaction, 4, err.str());
-        return true;
-    }
-
-    xmlSchemaSetParserErrors(parserCtx,
-        (xmlSchemaValidityErrorFunc)error_load,
-        (xmlSchemaValidityWarningFunc)warn_load, &m_err);
-
-    xmlSchemaPtr schema = xmlSchemaParse(parserCtx);
-    if (schema == NULL) {
-        std::stringstream err;
-        err << "XML: Failed to load Schema: ";
-        err << m_resource;
-        err << ".";
-        if (m_err.empty() == false) {
-            err << " " << m_err;
-        }
-        ms_dbg_a(transaction, 4, err.str());
-        xmlSchemaFreeParserCtxt(parserCtx);
-        return true;
-    }
-
-    xmlSchemaValidCtxtPtr validCtx = xmlSchemaNewValidCtxt(schema);
-    if (validCtx == NULL) {
-        std::stringstream err("XML: Failed to create validation context.");
-        if (m_err.empty() == false) {
-            err << " " << m_err;
-        }
-        ms_dbg_a(transaction, 4, err.str());
-        xmlSchemaFree(schema);
-        xmlSchemaFreeParserCtxt(parserCtx);
-        return true;
-    }
-
-    /* Send validator errors/warnings to msr_log */
-    xmlSchemaSetValidErrors(validCtx,
-        (xmlSchemaValidityErrorFunc)error_runtime,
-        (xmlSchemaValidityWarningFunc)warn_runtime, transaction);
-
-    int rc = xmlSchemaValidateDoc(validCtx, transaction->m_xml->m_data.doc);
-
-    xmlSchemaFreeValidCtxt(validCtx);
-    xmlSchemaFree(schema);
-    xmlSchemaFreeParserCtxt(parserCtx);
-    if (rc != 0) {
         ms_dbg_a(transaction, 4, "XML: Schema validation failed.");
         return true; /* No match. */
     } else {

src/operators/validate_schema.h

@@ -19,10 +19,6 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#ifdef WITH_LIBXML2
-#include <libxml/xmlschemas.h>
-#include <libxml/xpath.h>
-#endif
 #include <string>
 #include <memory>
 #include <utility>
@@ -43,61 +39,6 @@ class ValidateSchema : public Operator {
     bool evaluate(Transaction *transaction, const std::string  &str) override;
     bool init(const std::string &file, std::string *error) override;
 
-
-    static void error_load(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        callback_func(ctx, append_msg, PREFIX_ERROR, msg, args);
-        va_end(args);
-    }
-
-
-    static void warn_load(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        callback_func(ctx, append_msg, PREFIX_WARNING, msg, args);
-        va_end(args);
-    }
-
-
-    static void error_runtime(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        callback_func(ctx, log_msg, PREFIX_ERROR, msg, args);
-        va_end(args);
-    }
-
-
-    static void warn_runtime(void *ctx, const char *msg, ...) {
-        va_list args;
-        va_start(args, msg);
-        callback_func(ctx, log_msg, PREFIX_WARNING, msg, args);
-        va_end(args);
-    }
-
-
-    template<typename Pred>
-    static void callback_func(void *ctx, Pred pred, const char *base_msg, const char *msg, va_list args) {
-        char buf[1024];
-        const auto len = vsnprintf(buf, sizeof(buf), msg, args);
-
-        if (len > 0)
-            pred(ctx, base_msg + std::string(buf));
-    }
-
-    static void log_msg(const void *ctx, const std::string &msg) {
-        auto t = reinterpret_cast<const Transaction *>(ctx);
-        ms_dbg_a(t, 4, msg);
-    }
-
-    static void append_msg(void *ctx, const std::string &msg) {
-        auto s = reinterpret_cast<std::string*>(ctx);
-        s->append(msg);
-    }
-
-    static constexpr auto PREFIX_WARNING = "XML Warning: ";
-    static constexpr auto PREFIX_ERROR = "XML Error: ";
-
  private:
     std::string m_resource;
     std::string m_err;