Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The LoadURL function allows all response types/formats to be parsed (other than XML), so that it can proceed to the next process (e.g. xmlquery.(*Node).InnerText from xmlquery.FindOne) without validation.
LoadURL
xmlquery.(*Node).InnerText
xmlquery.FindOne
This security issue affects all xmlquery version.
xmlquery
package main import ( "fmt" "github.com/antchfx/xmlquery" ) func main() { wadl, err := xmlquery.LoadURL("https://httpbin.org/get") if err != nil { panic(err) } attr := xmlquery.FindOne(wadl, "//application/@xmlns") fmt.Println(attr.InnerText()) }
The logs will look similar to the following:
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x6a179a] goroutine 1 [running]: github.com/antchfx/xmlquery.(*Node).InnerText.func1(0xc00032e2d0, 0x0) /home/dw1/.go/src/github.com/antchfx/xmlquery/node.go:55 +0x2a github.com/antchfx/xmlquery.(*Node).InnerText(0x0, 0x746b67, 0x14) /home/dw1/.go/src/github.com/antchfx/xmlquery/node.go:67 +0x84 main.main() /tmp/xmlquery.go:15 +0xa0 exit status 2
Vulnerable code:
xmlquery/node.go
Lines 50 to 62 in 64ca73d
xml.Unmarshal
The text was updated successfully, but these errors were encountered:
checking XML formatted from HTTP response #39
5648b2f
No branches or pull requests
Summary
The
LoadURLfunction allows all response types/formats to be parsed (other than XML), so that it can proceed to the next process (e.g.xmlquery.(*Node).InnerTextfromxmlquery.FindOne) without validation.Description
This security issue affects all
xmlqueryversion.Steps to Reproduce
The logs will look similar to the following:
Vulnerable code:
xmlquery/node.go
Lines 50 to 62 in 64ca73d
Recommended Mitigations
LoadURL, if not XML format; then returns an error.xml.Unmarshal(only to check the validity of the XML content).The text was updated successfully, but these errors were encountered: