TRA-3311 validate xml before parsing

2025-09-19 09:05:46 +00:00 · 2021-06-07 11:43:04 +03:00
parent ba7b97cf7b b7d3ff6eb8
commit 8b4d813bd8
1 changed files with 9 additions and 0 deletions
--- a/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go
+++ b/api/pkg/sensitiveDataFiltering/messageSensitiveDataCleaner.go
@@ -2,6 +2,8 @@ package sensitiveDataFiltering

 import (
 	"encoding/json"
+	"encoding/xml"
+	"errors"
 	"fmt"
 	"mizuserver/pkg/tap"
 	"net/url"
@@ -103,6 +105,9 @@ func filterPlainText(bytes []byte, options *shared.TrafficFilteringOptions) []by
 }

 func filterXmlEtree(bytes []byte) ([]byte, error) {
+	if !IsValidXML(bytes) {
+		return nil, errors.New("Invalid XML")
+	}
 	xmlDoc := etree.NewDocument()
 	err := xmlDoc.ReadFromBytes(bytes)
 	if err != nil {
@@ -113,6 +118,10 @@ func filterXmlEtree(bytes []byte) ([]byte, error) {
 	return xmlDoc.WriteToBytes()
 }

+func IsValidXML(data []byte) bool {
+	return xml.Unmarshal(data, new(interface{})) == nil
+}
+
 func filterXmlElement(element *etree.Element) {
 	for i, attribute := range element.Attr {
 		if isFieldNameSensitive(attribute.Key) {