You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@daffodil.apache.org by "Mike Beckerle (Jira)" <ji...@apache.org> on 2020/07/30 13:48:00 UTC

[jira] [Commented] (DAFFODIL-602) Setting to prevent off-box (network, external) access to schemas

    [ https://issues.apache.org/jira/browse/DAFFODIL-602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17167934#comment-17167934 ] 

Mike Beckerle commented on DAFFODIL-602:
----------------------------------------

I think the right thing to do here is test that Daffodil is not issuing requests to the network. I.e., construct a DFDL schema where there are URLs in it for schemas to import. And also URLs mentioned in namespace prefixes.

And then watch the network for network packets (perhaps using wireshark), as there should be no outbound http or https or other requests for those URLs. 

Turning on full DFDL validation, which uses Xerces, would verify that Xerces is also not doing this.  When we use Xerces we use it with our resolver, so long as our resolver isn't ever reaching out across the internet Xerces should also have the same behavior. 

Use of an XML Catalog in the resolver (a supported feature) is probably where we draw the line. If you use an XML catalog, there may be ways to make the catalog explicitly incorporate things using URLs across the internet. If so, that's ok because it is explicit. 


> Setting to prevent off-box (network, external) access to schemas
> ----------------------------------------------------------------
>
>                 Key: DAFFODIL-602
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-602
>             Project: Daffodil
>          Issue Type: New Feature
>          Components: API, Front End
>    Affects Versions: s8
>            Reporter: Mike Beckerle
>            Priority: Major
>
> For many DFDL applications this is a must-have capability. 
> Systems whose job is to scrutinize data carefully must have a controlled base of DFDL schemas that are well trusted. 
> Reaching out the internet to get schemas is definitely unacceptable for these applications.
> As for how to test this.... keep in mind that just disconnecting a test box from the internet won't do it. A test might not fail just because a probe for a schema on the internet failed. It might behave in some different manner if it is unable to successfully reach the internet, yet still be making the attempts. The requirement here is that it not even be attempting to contact the internet to get schemas.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)