diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-23 11:58:29 +0200 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2017-06-23 11:58:29 +0200 |
commit | bbe653345bbb5dad2ed2356df6f817dd7de26528 (patch) | |
tree | 1dfb88505f1871e2816513676a03b58db2e00046 /bkucommon | |
parent | 0603c0fbdfe028113431c65590b6e7e28929f6f6 (diff) | |
download | mocca-bbe653345bbb5dad2ed2356df6f817dd7de26528.tar.gz mocca-bbe653345bbb5dad2ed2356df6f817dd7de26528.tar.bz2 mocca-bbe653345bbb5dad2ed2356df6f817dd7de26528.zip |
fix another possible XXE, SSRF problem.
INFO: DocTypes are disabled by default for all XML content that should be signed with mocca!!! Consequently, XML and XAdES signatures for XML documents that contains a DocType declaration is not possible any more.
If DocType declarations are absolutely necessary than this feature can be skipped by set the Java System-Property "-Degiz.mocca.xades.xml.allow.doctype=true"
Diffstat (limited to 'bkucommon')
3 files changed, 73 insertions, 2 deletions
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java index c838b24b..c3c2f14c 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java @@ -73,6 +73,7 @@ import org.w3c.dom.ls.LSException; import org.w3c.dom.ls.LSInput; import org.w3c.dom.ls.LSOutput; import org.w3c.dom.ls.LSParser; +import org.w3c.dom.ls.LSParserFilter; import org.w3c.dom.ls.LSResourceResolver; import org.w3c.dom.ls.LSSerializer; @@ -104,6 +105,8 @@ import at.gv.egiz.xades.QualifyingPropertiesFactory; public class Signature { public static final String XMLDSIG_PREFIX = "dsig"; + public static final String SYSTEM_PROPERTY_ALLOW_DOCTYPES = "egiz.mocca.xades.xml.allow.doctype"; + /** * Logging facility. */ @@ -899,7 +902,12 @@ public class Signature { LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements); domConfig.setParameter("resource-resolver", resourceResolver); domConfig.setParameter("validate", Boolean.TRUE); - + + //Disallow DocTypes per default + String docTypeFlagString = System.getProperty(SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); + boolean docTypeFlag = Boolean.parseBoolean(docTypeFlagString.toLowerCase()); + domConfig.setParameter("disallow-doctype", !docTypeFlag); + Document doc; try { doc = parser.parse(input); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java index 23fdfc17..6e5612f6 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java @@ -317,13 +317,54 @@ public class SignatureTest { } @Test + public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_And_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); + try { + signature.setSignatureInfo(signatureInfo); + assertTrue("Check_ALLOW_DOCTYPES_System_Property", false); + + } catch (SLCommandException e) { + assertTrue("Check_ALLOW_DOCTYPES_System_Property", true); + + } + } + + @Test + public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_WithOut_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException { + + SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); + + Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + + //allow DocTypes to perform this test + System.clearProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES); + try { + signature.setSignatureInfo(signatureInfo); + assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", false); + + } catch (SLCommandException e) { + assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", true); + + } + } + + @Test public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException { SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml"); Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -343,7 +384,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -363,7 +407,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); @@ -383,7 +430,10 @@ public class SignatureTest { Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true); - signature.setSignatureInfo(signatureInfo); + //allow DocTypes to perform this test + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE)); + signature.setSignatureInfo(signatureInfo); + System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE)); Node parent = signature.getParent(); Node nextSibling = signature.getNextSibling(); diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml new file mode 100644 index 00000000..d7950f1e --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml @@ -0,0 +1,13 @@ +<sl:CreateXMLSignatureRequest xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <sl:SignatureInfo> + <sl:SignatureEnvironment> + <sl:Base64Content>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSByIFsNCiAgICA8IUVMRU1FTlQgciBBTlkgPg0KICAgIDwhRU5USVRZICUgc3AgU1lTVEVNICJodHRwOi8vdXBkYXRlLmVnaXouZ3YuYXQvdGVzdC5kdGQiPg0KICAgICVzcDsNCiAgICAlcGFyYW0xOw0KICAgICVleGZpbDsNCl0+DQo8WE1MRG9jdW1lbnQ+DQogICAgPFBhcmFncmFwaD5JY2ggYmluIGRlciBlcnN0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50LjwvUGFyYWdyYXBoPg0KICAgIDxQYXJhZ3JhcGggUGFyYUlkPSJQYXJhMiI+VW5kIGljaCBiaW4gZGVyIHp3ZWl0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50Lg0KICAgIEljaCBoYWJlIHdlaXRlcnMgZWluIGVpZ2VuZW5zIElELUF0dHJpYnV0IGJla29tbWVuLjwvUGFyYWdyYXBoPg0KPC9YTUxEb2N1bWVudD4=</sl:Base64Content> + </sl:SignatureEnvironment> + <sl:SignatureLocation xmlns:doc="urn:document" Index="1">/XMLDocument</sl:SignatureLocation> + <sl:Supplement> + <sl:Content Reference="urn:Document.dtd"> + <sl:LocRefContent>testlocal:Document.dtd</sl:LocRefContent> + </sl:Content> + </sl:Supplement> + </sl:SignatureInfo> +</sl:CreateXMLSignatureRequest>
\ No newline at end of file |