1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/**********************************************************************
Audacity: A Digital Audio Editor
XMLTagHandler.cpp
Dominic Mazzoni
Vaughan Johnson
*//****************************************************************//**
\class XMLTagHandler
\brief This class is an interface which should be implemented by
classes which wish to be able to load and save themselves
using XML files.
\class XMLValueChecker
\brief XMLValueChecker implements static bool methods for checking
input values from XML files.
*//*******************************************************************/
#include "XMLTagHandler.h"
#ifdef _WIN32
#include <windows.h>
#include <wx/msw/winundef.h>
#endif
#include <wx/defs.h>
#include <wx/arrstr.h>
#include <wx/filename.h>
#include "FileNames.h"
// "Good" means the name is well-formed and names an existing file or folder.
bool XMLValueChecker::IsGoodFileName(const FilePath & strFileName, const FilePath & strDirName /* = "{} */)
{
// Test strFileName.
if (!IsGoodFileString(strFileName) ||
(strDirName.length() + 1 + strFileName.length() > PLATFORM_MAX_PATH))
return false;
// Test the corresponding wxFileName.
wxFileName fileName(strDirName, strFileName);
return (fileName.IsOk() && fileName.FileExists());
}
bool XMLValueChecker::IsGoodFileString(const FilePath &str)
{
return (!str.empty() &&
// FILENAME_MAX is 260 in MSVC, but inconsistent across platforms,
// sometimes huge, but we use 260 for all platforms.
(str.length() <= 260) &&
(str.Find(wxFileName::GetPathSeparator()) == -1)); // No path separator characters.
}
bool XMLValueChecker::IsGoodSubdirName(const FilePath & strSubdirName, const FilePath & strDirName /* = {} */)
{
// Test strSubdirName.
// Note this prevents path separators, and relative path to parents (strDirName),
// so fixes vulnerability #3 in the NGS report for UmixIt,
// where an attacker could craft an AUP file with relative pathnames to get to system files, for example.
if (!IsGoodFileString(strSubdirName) ||
(strSubdirName == wxT(".")) || (strSubdirName == wxT("..")) ||
(strDirName.length() + 1 + strSubdirName.length() > PLATFORM_MAX_PATH))
return false;
// Test the corresponding wxFileName.
wxFileName fileName(strDirName, strSubdirName);
return (fileName.IsOk() && fileName.DirExists());
}
bool XMLValueChecker::IsGoodPathName(const FilePath & strPathName)
{
// Test the corresponding wxFileName.
wxFileName fileName(strPathName);
return XMLValueChecker::IsGoodFileName(fileName.GetFullName(), fileName.GetPath(wxPATH_GET_VOLUME));
}
bool XMLValueChecker::IsGoodPathString(const FilePath &str)
{
return (!str.empty() &&
(str.length() <= PLATFORM_MAX_PATH));
}
void XMLTagHandler::ReadXMLEndTag(const char *tag)
{
HandleXMLEndTag(tag);
}
void XMLTagHandler::ReadXMLContent(const char *s, int len)
{
HandleXMLContent(std::string_view(s, len));
}
XMLTagHandler *XMLTagHandler::ReadXMLChild(const char *tag)
{
return HandleXMLChild(tag);
}
|
