Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: XML vulnerabilities (poop)

by Anonymous Monk
on Mar 26, 2013 at 08:16 UTC ( #1025458=note: print w/replies, xml ) Need Help??

in reply to XML vulnerabilities

Has anything similar been done for Perl XML libraries?

What do you mean?

That "review" you linked lists Perl's XML::Simple is vulnerable to quadratic entity expansion and external entity expansion (both local and remote).

it says if you turn random xml into a hash, it can eat all of your memory -- not particularly surprising, firefox will do the same thing with any random webpage -- trees cost memory , and features are features :)

Is XML::Simple vunlerable to a feature using too much memory? Maybe :) but that "report" is nothing more than rumor, it doesn't even mention a version number -- and XML::Simple can use at miniumum 3 different backends

Lots of those issues transcend perl/python... any language/library that interfaces to libxml2, including perl's XML::LibXML, is vulnerable to any bugs/vulnerabilities in libxml2

So if you're worried about your parser, check its documentation, check its bug cue, check the options you have turned on;

I've seen bugs reported, and I've seen them get fixed, this is the cycle of software :)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1025458]
[marto]: good morning all
[Corion]: Good morning ;)
[marto]: meh, that's the last time I reply to finddata, I don't see an improvement in attitude or approach
Discipulus there are none so deaf as those who will not hear..
Discipulus who do not want to ear

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (6)
As of 2017-03-30 07:00 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (353 votes). Check out past polls.