karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Resolved] (KARAF-4209) Weak XML Schema: Unbounded Occurrences
Date Sat, 28 Jan 2017 05:15:24 GMT

     [ https://issues.apache.org/jira/browse/KARAF-4209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré resolved KARAF-4209.
-----------------------------------------
       Resolution: Won't Fix
    Fix Version/s:     (was: 4.0.9)
                       (was: 4.1.0)

The number of features is unlimited that's why the maxOccurs is unbounded in the XSD.

> Weak XML Schema: Unbounded Occurrences
> --------------------------------------
>
>                 Key: KARAF-4209
>                 URL: https://issues.apache.org/jira/browse/KARAF-4209
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis
on the karaf source code.
> Setting a maxOccurs value to unbounded can lead to resources exhaustion and ultimately
a denial of service.
> File: features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd
> Line: 64
> karaf-features-1.0.0.xsd, lines 64-77:
> 64         <xs:choice minOccurs="0" maxOccurs="unbounded">
> 65             <xs:element name="details" minOccurs="0" type="xs:string">
> 66                 <xs:annotation>
> 67                     <xs:documentation><![CDATA[
> 68 The help text shown for this feature when using the feature:info console command.
> 69                     ]]>
> 70                     </xs:documentation>
> 71                 </xs:annotation>
> 72             </xs:element>
> 73             <xs:element name="config" type="tns:config" />
> 74             <xs:element name="configfile" type="tns:configFile" />
> 75             <xs:element name="feature" type="tns:dependency" />
> 76             <xs:element name="bundle" type="tns:bundle" />
> 77         </xs:choice>



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message