Skip to content

Escape application names for GMarkup#51

Merged
marmarek merged 1 commit intoQubesOS:mainfrom
DemiMarie:fix-markup-error
Dec 10, 2024
Merged

Escape application names for GMarkup#51
marmarek merged 1 commit intoQubesOS:mainfrom
DemiMarie:fix-markup-error

Conversation

@DemiMarie
Copy link
Contributor

@DemiMarie DemiMarie commented Nov 26, 2024

GLib provides a parser called GMarkup, which implements a subset of XML. Application names may contain XML metacharacters, such as "<" and "&". These must be escaped to prevent XML injection, but the app menu didn't do that.

The GMarkup documentation explicitly states that GMarkup must not be used to parse untrusted input 1. Therefore, parsing malicious markup may have undefined results. Fortunately, there is no security problem because the only allowed character with special meaning in XML is "&" and ";" is not allowed. Therefore, there is no way to create a valid XML entity or inject tags. The worst that can happen is the creation of ill-formed markup that that GLib rejects.

This patch also addresses a URL construction bug: filenames need to be URL-encoded in file:// URLs.

@marmarek
Copy link
Member

marmarek commented Nov 27, 2024

(pylint complains)

@DemiMarie
Escape application names for GMarkup
b2e036c 
GLib provides a parser called GMarkup, which implements a subset of XML.
Application names may contain XML metacharacters, such as "<" and "&".
These must be escaped to prevent XML injection, but the app menu didn't
do that.

The GMarkup documentation explicitly states that GMarkup must not be
used to parse untrusted input [1].  Therefore, parsing malicious markup
may have undefined results.  Fortunately, there is no security problem
because the only allowed character with special meaning in XML is "&"
and ";" is not allowed.  Therefore, there is no way to create a valid
XML entity or inject tags.  The worst that can happen is the creation of
ill-formed markup that that GLib rejects.

This patch also addresses a URL construction bug: filenames need to be
URL-encoded in file:// URLs.

[1]: https://github.com/GNOME/glib/blob/3304a517d9a7bdbb52d60394fdae6f9903f0f4f3/glib/gmarkup.c#L50-L51
@qubesos-bot
Copy link

qubesos-bot commented Nov 27, 2024
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024112705-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025021804-4.3&flavor=update

  • system_tests_basic_vm_qrexec_gui_zfs

    • switch_pool: Failed (test died)
      # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...

  • system_tests_audio

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

Failed tests

5 failures

  • system_tests_basic_vm_qrexec_gui_zfs

    • switch_pool: Failed (test died)
      # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...

  • system_tests_audio

  • system_tests_kde_gui_interactive

    • gui_keyboard_layout: wait_serial (wait serial expected)
      # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

    • gui_keyboard_layout: Failed (test died)
      # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/129058#dependencies

15 fixed

  • system_tests_whonix@hw7

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_suspend@hw1

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_whonix

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_suspend

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_qrexec

  • system_tests_audio

  • system_tests_basic_vm_qrexec_gui_btrfs

    • TC_03_QvmRevertTemplateChanges: test_000_revert_linux (error)
      subprocess.CalledProcessError: Command '['sha1sum', '/var/lib/qubes...

  • system_tests_kde_gui_interactive

    • clipboard_and_web: unnamed test (unknown)
    • clipboard_and_web: Failed (test died)
      # Test died: no candidate needle with tag(s) 'clipboard-paste-notif...

Unstable tests

Details

  • system_tests_audio@hw1

    TC_20_AudioVM_Pulse_fedora-40-xfce/test_223_audio_play_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_PipeWire_whonix-workstation-17/test_251_audio_playback_audiovm_pipewire_late_start (1/5 times with errors)
    • job 115623 AssertionError: too short audio, expected 10s, got 9.34507936507936...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_fedora-40-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
    • job 116847 AssertionError: too short audio, expected 10s, got 0.00013605442176...
    • job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...
    TC_20_AudioVM_PipeWire_whonix-workstation-17/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
    • job 115623 AssertionError: too short audio, expected 10s, got 9.05353741496598...

  • system_tests_pvgrub_salt_storage

    TC_41_HVMGrub_debian-12-xfce/test_000_standalone_vm (1/5 times with errors)
    • job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_fedora-40-xfce/test_000_standalone_vm (1/5 times with errors)
    • job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_debian-12-xfce/test_010_template_based_vm (1/5 times with errors)
    • job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
    TC_41_HVMGrub_fedora-40-xfce/test_010_template_based_vm (1/5 times with errors)
    • job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...

  • system_tests_usbproxy

    TC_20_USBProxy_core3_fedora-40-xfce/test_070_attach_not_installed_front (1/5 times with errors)
    • job 117582 NameError: name 'santizied_stderr' is not defined

  • system_tests_network_updates

    VmUpdates_debian-12-xfce/test_020_updates_available_notification (1/5 times with errors)
    • job 117610 subprocess.CalledProcessError: Command '/usr/lib/qubes/upgrades-sta...

  • system_tests_basic_vm_qrexec_gui_zfs

    TC_00_Basic/test_120_start_standalone_with_cdrom_dom0 (1/5 times with errors)
    • job 109480 AssertionError: 1 != 0 : b'Timeout waiting for dom0:loop6 device to...

  • system_tests_audio

    TC_20_AudioVM_Pulse_fedora-40-xfce/test_223_audio_play_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_224_audio_rec_muted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_PipeWire_whonix-workstation-17/test_251_audio_playback_audiovm_pipewire_late_start (1/5 times with errors)
    • job 115623 AssertionError: too short audio, expected 10s, got 9.34507936507936...
    TC_20_AudioVM_Pulse_debian-12-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_fedora-40-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
    • job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
    TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
    • job 116847 AssertionError: too short audio, expected 10s, got 0.00013605442176...
    • job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...
    TC_20_AudioVM_PipeWire_whonix-workstation-17/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
    • job 115623 AssertionError: too short audio, expected 10s, got 9.05353741496598...

Performance Tests

Performance degradation:

No issues

Remaining performance tests:

No remaining performance tests

This was referenced Nov 27, 2024
Merged
Merged
Merged
Merged
Merged
@codecov
Copy link

codecov bot commented Nov 27, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 78.57143% with 3 lines in your changes missing coverage. Please review.

Project coverage is 82.24%. Comparing base (9d665ee) to head (b2e036c).
Report is 18 commits behind head on main.

Files with missing lines Patch % Lines
qubes_menu/utils.py 81.81% 2 Missing ⚠️
qubes_menu/app_widgets.py 66.66% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main      #51      +/-   ##
==========================================
- Coverage   83.01%   82.24%   -0.77%     
==========================================
  Files          22       22              
  Lines        2190     2349     +159     
==========================================
+ Hits         1818     1932     +114     
- Misses        372      417      +45

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

This was referenced Nov 30, 2024
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@qubesos-bot qubesos-bot mentioned this pull request Dec 7, 2024
Merged
marmarek
marmarek approved these changes Dec 10, 2024
View reviewed changes
Copy link
Member

@marmarek marmarek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved as of b2e036c

@marmarek marmarek merged commit ce4ffa0 into QubesOS:main Dec 10, 2024
@DemiMarie DemiMarie deleted the fix-markup-error branch December 10, 2024 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marmarek marmarek marmarek approved these changes

Assignees

No one assigned

Labels

openqa-pending

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DemiMarie @marmarek @qubesos-bot