Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: XML validator explicitely harden against XXE injections #1064

Merged
merged 4 commits into from
May 8, 2024
Merged

refactor: XML validator explicitely harden against XXE injections #1064

merged 4 commits into from
May 8, 2024

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented May 8, 2024
edited
Loading

Changed

  • The provided XML validation capabilities are hardened (via #1064; concerns #1061)
    This is considered a security measure concerning XML external entity (XXE) injection.

This is not an actual change.
Per default, the XML validation capabilities were already secure in the intended ways.
This is to prevent the fuckup like in the yanked v6.7.0 (see details here)

@jkowalleck jkowalleck requested a review from a team as a code owner May 8, 2024 14:35
@jkowalleck
docs
c60e0f2 
Signed-off-by: Jan Kowalleck <[email protected]>
@codacy-production Codacy Production
Copy link

codacy-production bot commented May 8, 2024
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
Report missing for e7bc72e1 100.00% (target: 90.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (e7bc72e) Report Missing Report Missing Report Missing
Head commit (f5b9752) 22788 22377 98.20%

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#1064) 5 5 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more

Footnotes

  1. Codacy didn't receive coverage data for the commit, or there was an error processing the received data. Check your integration for errors and validate that your coverage setup is correct.

This was referenced May 8, 2024
Closed
Merged
jkowalleck added 2 commits May 8, 2024 16:58
@jkowalleck
docs
7715c28 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck
docs
f5b9752 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck merged commit 5bd28e7 into main May 8, 2024
42 checks passed
@jkowalleck jkowalleck deleted the fix/xxe-3 branch May 8, 2024 15:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jkowalleck