XMLValueChecker Class Reference

XMLValueChecker implements static bool methods for checking input values from XML files. More...

#include <XMLTagHandler.h>

Static Public Member Functions
static bool	IsGoodFileName (const FilePath &strFileName, const FilePath &strDirName={})
static bool	IsGoodFileString (const FilePath &str)
static bool	IsGoodSubdirName (const FilePath &strSubdirName, const FilePath &strDirName={})
static bool	IsGoodPathName (const FilePath &strPathName)
static bool	IsGoodPathString (const FilePath &str)

Detailed Description

XMLValueChecker implements static bool methods for checking input values from XML files.

Definition at line 29 of file XMLTagHandler.h.

Member Function Documentation

IsGoodFileName()

bool XMLValueChecker::IsGoodFileName ( const FilePath &  strFileName, const FilePath &  strDirName = {}  )

static

Definition at line 39 of file XMLTagHandler.cpp.

{
   // Test strFileName.
   if (!IsGoodFileString(strFileName) ||
         (strDirName.length() + 1 + strFileName.length() > PLATFORM_MAX_PATH))
      return false;
 
   // Test the corresponding wxFileName.
   wxFileName fileName(strDirName, strFileName);
   return (fileName.IsOk() && fileName.FileExists());
}

References IsGoodFileString(), and PLATFORM_MAX_PATH.

Referenced by AUPImportFileHandle::HandleImport(), AUPImportFileHandle::HandlePCMAliasBlockFile(), and IsGoodPathName().

Here is the call graph for this function:

Here is the caller graph for this function:

IsGoodFileString()

bool XMLValueChecker::IsGoodFileString ( const FilePath &  str )

static

Definition at line 51 of file XMLTagHandler.cpp.

{
   return (!str.empty() &&
 
            // FILENAME_MAX is 260 in MSVC, but inconsistent across platforms,
            // sometimes huge, but we use 260 for all platforms.
            (str.length() <= 260) &&
 
            (str.Find(wxFileName::GetPathSeparator()) == -1)); // No path separator characters.
}

References str.

Referenced by AUPImportFileHandle::HandleSimpleBlockFile(), IsGoodFileName(), and IsGoodSubdirName().

Here is the caller graph for this function:

IsGoodPathName()

bool XMLValueChecker::IsGoodPathName ( const FilePath &  strPathName )

static

Definition at line 78 of file XMLTagHandler.cpp.

{
   // Test the corresponding wxFileName.
   wxFileName fileName(strPathName);
   return XMLValueChecker::IsGoodFileName(fileName.GetFullName(), fileName.GetPath(wxPATH_GET_VOLUME));
}

References IsGoodFileName().

Referenced by AUPImportFileHandle::HandleImport(), and AUPImportFileHandle::HandlePCMAliasBlockFile().

Here is the call graph for this function:

Here is the caller graph for this function:

IsGoodPathString()

bool XMLValueChecker::IsGoodPathString ( const FilePath &  str )

static

Definition at line 85 of file XMLTagHandler.cpp.

{
   return (!str.empty() &&
            (str.length() <= PLATFORM_MAX_PATH));
}

References PLATFORM_MAX_PATH, and str.

Referenced by AUPImportFileHandle::HandlePCMAliasBlockFile().

Here is the caller graph for this function:

IsGoodSubdirName()

bool XMLValueChecker::IsGoodSubdirName ( const FilePath &  strSubdirName, const FilePath &  strDirName = {}  )

static

Definition at line 62 of file XMLTagHandler.cpp.

{
   // Test strSubdirName.
   // Note this prevents path separators, and relative path to parents (strDirName),
   // so fixes vulnerability #3 in the NGS report for UmixIt,
   // where an attacker could craft an AUP file with relative pathnames to get to system files, for example.
   if (!IsGoodFileString(strSubdirName) ||
         (strSubdirName == wxT(".")) || (strSubdirName == wxT("..")) ||
         (strDirName.length() + 1 + strSubdirName.length() > PLATFORM_MAX_PATH))
      return false;
 
   // Test the corresponding wxFileName.
   wxFileName fileName(strDirName, strSubdirName);
   return (fileName.IsOk() && fileName.DirExists());
}

References IsGoodFileString(), PLATFORM_MAX_PATH, and wxT().

Here is the call graph for this function:

---

The documentation for this class was generated from the following files:

• XMLTagHandler.h
• XMLTagHandler.cpp