Re: "Safe Mode" processing for XSLT

The risk that I see is from allowing the XSLT to read arbitrary files from
the file system - though subject to file system security, of course.

e.g.

<xsl:stylesheet version="2.0" xmlns:xsl="
http://www.w3.org/1999/XSL/Transform">
    <xsl:template match="/">
        <xsl:copy-of
select="document('file:///var/lib/tomcat7/conf/tomcat-users.xml')"/>
    </xsl:template>
</xsl:stylesheet>


On 3 June 2015 at 15:41, Imsieke, Gerrit, le-tex <gerrit.imsieke@le-tex.de>
wrote:

> Conal,
>
> Just want to throw in my two cents. I think p:xslt in itself is
> harmless, particularly if you didn’t install any extension functions
> with direct OS access. Even if the stylesheet uses xsl:result-document,
> it won’t write stuff to disk by itself. These documents appear on the
> secondary port and are typically handled by p:store if they need to be
> stored to disk. So if your users are only able to upload their own XSLT
> and if you don’t use their outputs as inputs for p:store or for the
> options of EXProc file system steps such as p:delete, then you should be
> safe. Apart from bad code that might cause stack overflows or excessive
> computing times. Or am I missing something?
>
>
> --
> Gerrit Imsieke
> Geschäftsführer / Managing Director
> le-tex publishing services GmbH
> Weissenfelser Str. 84, 04229 Leipzig, Germany
> Phone +49 341 355356 110, Fax +49 341 355356 510
> gerrit.imsieke@le-tex.de, http://www.le-tex.de
>
> Registergericht / Commercial Register: Amtsgericht Leipzig
> Registernummer / Registration Number: HRB 24930
>
> Geschäftsführer: Gerrit Imsieke, Svea Jelonek,
> Thomas Schmidt, Dr. Reinhard Vöckler
>
>

Received on Wednesday, 3 June 2015 06:07:44 UTC