Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: XML vulnerabilities (poop)

by Anonymous Monk
on Mar 26, 2013 at 08:16 UTC ( #1025458=note: print w/ replies, xml ) Need Help??


in reply to XML vulnerabilities

Has anything similar been done for Perl XML libraries?

What do you mean?

That "review" you linked lists Perl's XML::Simple is vulnerable to quadratic entity expansion and external entity expansion (both local and remote).

it says if you turn random xml into a hash, it can eat all of your memory -- not particularly surprising, firefox will do the same thing with any random webpage -- trees cost memory , and features are features :)

Is XML::Simple vunlerable to a feature using too much memory? Maybe :) but that "report" is nothing more than rumor, it doesn't even mention a version number -- and XML::Simple can use at miniumum 3 different backends

Lots of those issues transcend perl/python... any language/library that interfaces to libxml2, including perl's XML::LibXML, is vulnerable to any bugs/vulnerabilities in libxml2

So if you're worried about your parser, check its documentation, check its bug cue, check the options you have turned on;

I've seen bugs reported, and I've seen them get fixed, this is the cycle of software :)


Comment on Re: XML vulnerabilities (poop)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1025458]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2014-10-01 01:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (386 votes), past polls