Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Switch to libxml2-wasm for XML validation
Browse files Browse the repository at this point in the history
Due to libxmljs2 not being maintained and contained a vulnerability, a replacement needed to be found.
This commit replaces it with libxml2-wasm, which is a new, but maintained library, which serves the purpose of validating XML.

The implementation is as close the the previous library in regards to flags passed to libxml2, but only adapted to a different interface and the recommendation to dispose all objects.

This is my first contribution to this project, and typescript isn't my usual language, so comments are welcome.

Resolves: CycloneDX#1079
Signed-off-by: Leon Grave <[email protected]>
LeonGrave committed Nov 26, 2024
1 parent 3fd7dd8 commit d3ca0f2
Showing 5 changed files with 61 additions and 51 deletions.
7 changes: 6 additions & 1 deletion docs/dev/decisions/XmlValidator.md
Original file line number Diff line number Diff line change
@@ -22,7 +22,8 @@ There are several implementations for this:
* [`libxmljs3`](https://www.npmjs.com/package/libxmljs3)
* unmaintained copy of `libxmljs2`
* ! DO NOT USE !
* Any alternative? Please open a pull-request to add them.
* [`libxml2-wasm`](https://www.npmjs.com/package/libxml2-wasm)
* maintained WASM implementation of a libxml2 wrapper

At the moment of writing (2023-04-21),
`libxmljs` and `libxmljs2` are both working on several test environments. Both had the needed capabilities.
@@ -38,6 +39,10 @@ as it was more popular/used and had a more active community.

Decided to replace `libxmljs2`, as it is end of life.

#### 2024-11-26

Decided to replace `libxmljs2` with `libxml2-wasm`, since it's maintained and a functioning XML validator.

## WebBrowsers

there seams to exist no solution for validating XML according to XSD
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -87,7 +87,7 @@
"ajv": "^8.12.0",
"ajv-formats": "^3.0.1",
"ajv-formats-draft2019": "^1.6.1",
"libxmljs2": "^0.31 || ^0.32 || ^0.33 || ^0.35",
"libxml2-wasm": "^0.4.1",
"xmlbuilder2": "^3.0.2"
},
"devDependencies": {
53 changes: 53 additions & 0 deletions src/_optPlug.node/__xmlValidators/libxml2-wasm.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*!
This file is part of CycloneDX JavaScript Library.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
SPDX-License-Identifier: Apache-2.0
Copyright (c) OWASP Foundation. All Rights Reserved.
*/

import { readFile } from 'fs/promises';
import { ParseOption, XmlDocument, XsdValidator } from 'libxml2-wasm';
import { pathToFileURL } from 'url';

import type { ValidationError } from '../../validation/types';
import type { Functionality, Validator } from '../xmlValidator';

/** @internal */
export default (async function (schemaPath: string): Promise<Validator> {
const schema = XmlDocument.fromString(
await readFile(schemaPath, 'utf-8'),
{
option: ParseOption.XML_PARSE_NONET | ParseOption.XML_PARSE_COMPACT,
url: pathToFileURL(schemaPath).toString()
});
const validator = XsdValidator.fromDoc(schema);

return function (data: string): null | ValidationError {
const doc = XmlDocument.fromString(data, { option: ParseOption.XML_PARSE_NONET | ParseOption.XML_PARSE_COMPACT });
let errors = null;
try {
validator.validate(doc);
}
catch (validationErrors) {
errors = validationErrors;
}

doc.dispose();
validator.dispose();
schema.dispose();

return errors;
}
}) satisfies Functionality
48 changes: 0 additions & 48 deletions src/_optPlug.node/__xmlValidators/libxmljs2.ts

This file was deleted.

2 changes: 1 addition & 1 deletion src/_optPlug.node/xmlValidator.ts
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ export default opWrapper<Functionality>('XmlValidator', [
/* eslint-disable @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-return, @typescript-eslint/no-require-imports
-- needed */

['libxmljs2', () => require('./__xmlValidators/libxmljs2').default]
['libxml2-wasm', () => require('./__xmlValidators/libxml2-wasm').default]
// ... add others here, pull-requests welcome!

/* eslint-enable @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-unsafe-return, @typescript-eslint/no-require-imports */

0 comments on commit d3ca0f2

Please sign in to comment.