Skip Menu |

This queue is for tickets about the XML-Simple-DTDReader CPAN distribution.

Report information
The Basics
Id: 50690
Status: rejected
Priority: 0/
Queue: XML-Simple-DTDReader
People
Owner: Nobody in particular
Requestors: tabmcleo [...] cs.ubc.ca
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)
Attachments
metadata.dtd
test.xml

History Show all quoted text
  Tue Oct 20 18:19:05 2009 tabmcleo [...] cs.ubc.ca - Ticket created
CC: <tabmcleo [...] cs.ubc.ca>
Subject: Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Tue, 20 Oct 2009 15:18:36 -0700
To: <bug-XML-Simple-DTDReader [...] rt.cpan.org>
From: "Trevor McLeod" <tabmcleo [...] cs.ubc.ca>
Hello, I am encountering a problem with a Perl program trying to read in an XML file with an external DTD. The error message, generated by DTDReader is as follows: "Your DTD claimed the root element would be 'metadata', but failed to define that element type. at /opt/urlmd_test/urlmd line 450" where "urlmd" is my Perl program. If I include the DTD inline with the XML file, DTDReader parses the XML file correctly. I have doubled check both my XML file and DTD file with a validator and they appear correct: XML: 1 <?xml version="1.0"?> 2 <!DOCTYPE metadata SYSTEM "metadata.dtd"> 3 <metadata> 4 <acm_ccs>asdfasdf</acm_ccs> 5 <author>Trevor McLeod</author> 6 <author>Mike Brannigan</author> 7 <author>Ted Bessel</author> 8 <datatype>dt1</datatype> 9 <datatype>dt2</datatype> 10 <faculty_member>Dr. Beverly Crusher</faculty_member> 11 <keyword>kw1</keyword> 12 <keyword>kw2</keyword> 13 <lab>SPL</lab> 14 <pages>45</pages> 15 <publication_venue>UBC</publication_venue> 16 <research_topic>Some research topic</research_topic> 17 <title>Some title</title> 18 <year>2010</year> 19 </metadata> DTD: 1 <!ELEMENT metadata (acm_ccs?, author*, datatype*, faculty_member?, keyword*, lab?, pages?, publication_venue?, research_topic?, title?, year?)> 2 <!ELEMENT acm_ccs (#PCDATA)> 3 <!ELEMENT author (#PCDATA)> 4 <!ELEMENT datatype (#PCDATA)> 5 <!ELEMENT faculty_member (#PCDATA)> 6 <!ELEMENT keyword (#PCDATA)> 7 <!ELEMENT lab (#PCDATA)> 8 <!ELEMENT pages (#PCDATA)> 9 <!ELEMENT publication_venue (#PCDATA)> 10 <!ELEMENT research_topic (#PCDATA)> 11 <!ELEMENT title (#PCDATA)> 12 <!ELEMENT year (#PCDATA)> I am using Perl 5.10.0 on SuSE Linux 11.1 (Linux lillooet.cs.ubc.ca 2.6.27.29-0.1-pae #1 SMP 2009-08-15 17:53:59 +0200 i686 i686 i386 GNU/Linux). Sincerely, Trevor McLeod Systems Analyst UBC, Department of Computer Science X463-2366 Main Mall Vancouver, B.C. Canada V6T 1Z4 Phone: +1 604 822-8285
  Tue Oct 20 21:43:53 2009 chmrr [...] chmrr.net - Correspondence added
Subject: Re: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Tue, 20 Oct 2009 21:43:31 -0400
To: bug-XML-Simple-DTDReader <bug-xml-simple-dtdreader [...] rt.cpan.org>
From: Alex Vandiver <chmrr [...] chmrr.net>
At Tue Oct 20 18:19:06 -0400 2009, Trevor McLeod via RT wrote: Show quoted text
> I am encountering a problem with a Perl program trying to read in an > XML file with an external DTD. The error message, generated by > DTDReader is as follows: > > "Your DTD claimed the root element would be 'metadata', but failed > to define that element type. at /opt/urlmd_test/urlmd line 450" > where "urlmd" is my Perl program. > > If I include the DTD inline with the XML file, DTDReader parses the > XML file correctly. I have doubled check both my XML file and DTD > file with a
I'm unable to replicate your error. I've attached the files I used; when I run: perl -MXML::Simple::DTDReader -MData::Dumper -e 'print Dumper(XMLin("test.xml"))' ...it correctly prints: $VAR1 = { 'keyword' => [ 'kw1', 'kw2' ], 'faculty_member' => 'Dr. Beverly Crusher', 'author' => [ 'Trevor McLeod', 'Mike Brannigan', 'Ted Bessel' ], 'research_topic' => 'Some research topic', 'acm_ccs' => 'asdfasdf', 'lab' => 'SPL', 'publication_venue' => 'UBC', 'title' => 'Some title', 'year' => '2010', 'datatype' => [ 'dt1', 'dt2' ], 'pages' => '45' }; Can you provide me with a test script that fails for you? - Alex -- Networking -- only one letter away from not working
Download test.xml
application/xml 528b

Message body not shown because it is not plain text.

Message body is not shown because sender requested not to inline it.

  Tue Oct 20 21:43:54 2009 The RT System itself - Status changed from 'new' to 'open'
  Wed Oct 21 11:40:02 2009 tabmcleo [...] cs.ubc.ca - Correspondence added
Subject: RE: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Wed, 21 Oct 2009 08:39:37 -0700
To: <bug-XML-Simple-DTDReader [...] rt.cpan.org>
From: "Trevor McLeod" <tabmcleo [...] cs.ubc.ca>
Alex, Thanks for your prompt reply. I can confirm that the test you provided DOES work in my computing environment. I am working on a test script to send to you. One thing I forgot to note in my original e-mail is that my Perl program (urlmd) is a setuid script. Cheers! Trevor Show quoted text
> -----Original Message----- > From: Alex Vandiver via RT [mailto:bug-XML-Simple- > DTDReader@rt.cpan.org] > Sent: October-20-09 6:44 PM > To: tabmcleo@cs.ubc.ca > Subject: Re: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) > when reading XML files with an external DTD > > <URL: https://rt.cpan.org/Ticket/Display.html?id=50690 > > > At Tue Oct 20 18:19:06 -0400 2009, Trevor McLeod via RT wrote:
> > I am encountering a problem with a Perl program trying to read in an > > XML file with an external DTD. The error message, generated by > > DTDReader is as follows: > > > > "Your DTD claimed the root element would be 'metadata', but failed to > > define that element type. at /opt/urlmd_test/urlmd line 450" > > where "urlmd" is my Perl program. > > > > If I include the DTD inline with the XML file, DTDReader parses the > > XML file correctly. I have doubled check both my XML file and DTD > > file with a
> > I'm unable to replicate your error. I've attached the files I used; > when I run: > > perl -MXML::Simple::DTDReader -MData::Dumper -e 'print > Dumper(XMLin("test.xml"))' > > ...it correctly prints: > > $VAR1 = { > 'keyword' => [ > 'kw1', > 'kw2' > ], > 'faculty_member' => 'Dr. Beverly Crusher', > 'author' => [ > 'Trevor McLeod', > 'Mike Brannigan', > 'Ted Bessel' > ], > 'research_topic' => 'Some research topic', > 'acm_ccs' => 'asdfasdf', > 'lab' => 'SPL', > 'publication_venue' => 'UBC', > 'title' => 'Some title', > 'year' => '2010', > 'datatype' => [ > 'dt1', > 'dt2' > ], > 'pages' => '45' > }; > > Can you provide me with a test script that fails for you? > - Alex > -- > Networking -- only one letter away from not working
  Wed Oct 21 12:50:16 2009 tabmcleo [...] cs.ubc.ca - Correspondence added
CC: <tabmcleo [...] cs.ubc.ca>
Subject: RE: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Wed, 21 Oct 2009 09:49:51 -0700
To: <bug-XML-Simple-DTDReader [...] rt.cpan.org>
From: "Trevor McLeod" <tabmcleo [...] cs.ubc.ca>
Alex, If you run your test using -T you will be able to replicate my problem. First, however, you will have to "modify" your code as follows, otherwise, you will get an error message like this: "Insecure dependency in chdir while running with -T switch at /usr/lib/perl5/site_perl/5.10.0/XML/Simple/DTDReader.pm line 83." If you change your code to "launder" the tainted data obtained by getcwd() like this: if($cwd =~ /(.*)/) { $cwd = $1; } You should then be able to replicate my original problem and receive this error message: "perl -T -MXML::Simple::DTDReader -MData::Dumper -e 'print Dumper(XMLin("mdrecord"))'" "Your DTD claimed the root element would be 'metadata', but failed to define that element type. at -e line 1" My original code was a setuid script running with the -T switch (which is sort of redundant unless the real and effective uids are the same). Trevor Show quoted text
> -----Original Message----- > From: Alex Vandiver via RT [mailto:bug-XML-Simple- > DTDReader@rt.cpan.org] > Sent: October-20-09 6:44 PM > To: tabmcleo@cs.ubc.ca > Subject: Re: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) > when reading XML files with an external DTD > > <URL: https://rt.cpan.org/Ticket/Display.html?id=50690 > > > At Tue Oct 20 18:19:06 -0400 2009, Trevor McLeod via RT wrote:
> > I am encountering a problem with a Perl program trying to read in an > > XML file with an external DTD. The error message, generated by > > DTDReader is as follows: > > > > "Your DTD claimed the root element would be 'metadata', but failed to > > define that element type. at /opt/urlmd_test/urlmd line 450" > > where "urlmd" is my Perl program. > > > > If I include the DTD inline with the XML file, DTDReader parses the > > XML file correctly. I have doubled check both my XML file and DTD > > file with a
> > I'm unable to replicate your error. I've attached the files I used; > when I run: > > perl -MXML::Simple::DTDReader -MData::Dumper -e 'print > Dumper(XMLin("test.xml"))' > > ...it correctly prints: > > $VAR1 = { > 'keyword' => [ > 'kw1', > 'kw2' > ], > 'faculty_member' => 'Dr. Beverly Crusher', > 'author' => [ > 'Trevor McLeod', > 'Mike Brannigan', > 'Ted Bessel' > ], > 'research_topic' => 'Some research topic', > 'acm_ccs' => 'asdfasdf', > 'lab' => 'SPL', > 'publication_venue' => 'UBC', > 'title' => 'Some title', > 'year' => '2010', > 'datatype' => [ > 'dt1', > 'dt2' > ], > 'pages' => '45' > }; > > Can you provide me with a test script that fails for you? > - Alex > -- > Networking -- only one letter away from not working
  Wed Oct 21 14:01:12 2009 chmrr [...] chmrr.net - Correspondence added
Subject: RE: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Wed, 21 Oct 2009 14:00:17 -0400
To: bug-XML-Simple-DTDReader <bug-xml-simple-dtdreader [...] rt.cpan.org>
From: Alex Vandiver <chmrr [...] chmrr.net>
At Wed Oct 21 12:50:16 -0400 2009, Trevor McLeod via RT wrote: Show quoted text
> If you run your test using -T you will be able to replicate my problem. First, > however, you will have to "modify" your code as follows, otherwise, you will > get an error message like this: > > "Insecure dependency in chdir while running with -T switch at > /usr/lib/perl5/site_perl/5.10.0/XML/Simple/DTDReader.pm line 83." > > If you change your code to "launder" the tainted data obtained by getcwd() like > this: > > if($cwd =~ /(.*)/) { > $cwd = $1; > } > > You should then be able to replicate my original problem and receive this error > message: > > "perl -T -MXML::Simple::DTDReader -MData::Dumper -e 'print > Dumper(XMLin("mdrecord"))'" > > "Your DTD claimed the root element would be 'metadata', but failed to define > that element type. at -e line 1"
I am unsurprised that adding three lines was insufficient to make the module run under taint mode. Given that it uses a C library to read data out of a file, and then use that data to find and open another file -- which is exactly the sort of thing taint mode is supposed to prevent -- I suspect more tinkering will be necessary to make the module taint-compatible. I'll look into it when I get the chance, but I don't have a solution for you offhand -- mostly because it may well involve changes to XML::Parser. - Alex -- Networking -- only one letter away from not working
  Wed Oct 21 14:31:07 2009 tabmcleo [...] cs.ubc.ca - Correspondence added
CC: <tabmcleo [...] cs.ubc.ca>
Subject: RE: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD
Date: Wed, 21 Oct 2009 11:30:46 -0700
To: <bug-XML-Simple-DTDReader [...] rt.cpan.org>
From: "Trevor McLeod" <tabmcleo [...] cs.ubc.ca>
Alex, I suspected that the problem might be in XML::Parser, which is why I didn't debug any further. I don't have time to open up another "can of worms" (grin). In the meantime, things work correctly if I use an in-line DTD. Please let me know if you get around to resolving the problem. Thanks for your help, Trevor Show quoted text
> -----Original Message----- > From: Alex Vandiver via RT [mailto:bug-XML-Simple- > DTDReader@rt.cpan.org] > Sent: October-21-09 11:01 AM > To: tabmcleo@cs.ubc.ca > Subject: RE: [rt.cpan.org #50690] Bug in XML::Simple::DTDReader (0.04) > when reading XML files with an external DTD > > <URL: https://rt.cpan.org/Ticket/Display.html?id=50690 > > > At Wed Oct 21 12:50:16 -0400 2009, Trevor McLeod via RT wrote:
> > If you run your test using -T you will be able to replicate my
> problem. First,
> > however, you will have to "modify" your code as follows, otherwise,
> you will
> > get an error message like this: > > > > "Insecure dependency in chdir while running with -T switch at > > /usr/lib/perl5/site_perl/5.10.0/XML/Simple/DTDReader.pm line 83." > > > > If you change your code to "launder" the tainted data obtained by
> getcwd() like
> > this: > > > > if($cwd =~ /(.*)/) { > > $cwd = $1; > > } > > > > You should then be able to replicate my original problem and receive
> this error
> > message: > > > > "perl -T -MXML::Simple::DTDReader -MData::Dumper -e 'print > > Dumper(XMLin("mdrecord"))'" > > > > "Your DTD claimed the root element would be 'metadata', but failed to
> define
> > that element type. at -e line 1"
> > I am unsurprised that adding three lines was insufficient to make the > module run under taint mode. Given that it uses a C library to read > data out of a file, and then use that data to find and open another > file -- which is exactly the sort of thing taint mode is supposed to > prevent -- I suspect more tinkering will be necessary to make the > module taint-compatible. I'll look into it when I get the chance, but > I don't have a solution for you offhand -- mostly because it may well > involve changes to XML::Parser. > - Alex > -- > Networking -- only one letter away from not working
  Mon Nov 09 17:32:30 2009 cpan [...] chmrr.net - Subject changed from 'Bug in XML::Simple::DTDReader (0.04) when reading XML files with an external DTD' to 'Doesn't run under taint mode'
  Mon Nov 09 17:32:30 2009 cpan [...] chmrr.net - Status changed from 'open' to 'rejected'