[jira] [Commented] (DAFFODIL-602) Setting to prevent off-box (network, external) access to schemas

Thu, 30 Jul 2020 06:48:18 -0700 


    [ 
https://issues.apache.org/jira/browse/DAFFODIL-602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17167934#comment-17167934
 ] 

Mike Beckerle commented on DAFFODIL-602:
----------------------------------------

I think the right thing to do here is test that Daffodil is not issuing 
requests to the network. I.e., construct a DFDL schema where there are URLs in 
it for schemas to import. And also URLs mentioned in namespace prefixes.

And then watch the network for network packets (perhaps using wireshark), as 
there should be no outbound http or https or other requests for those URLs. 

Turning on full DFDL validation, which uses Xerces, would verify that Xerces is 
also not doing this.  When we use Xerces we use it with our resolver, so long 
as our resolver isn't ever reaching out across the internet Xerces should also 
have the same behavior. 

Use of an XML Catalog in the resolver (a supported feature) is probably where 
we draw the line. If you use an XML catalog, there may be ways to make the 
catalog explicitly incorporate things using URLs across the internet. If so, 
that's ok because it is explicit. 


> Setting to prevent off-box (network, external) access to schemas
> ----------------------------------------------------------------
>
>                 Key: DAFFODIL-602
>                 URL: https://issues.apache.org/jira/browse/DAFFODIL-602
>             Project: Daffodil
>          Issue Type: New Feature
>          Components: API, Front End
>    Affects Versions: s8
>            Reporter: Mike Beckerle
>            Priority: Major
>
> For many DFDL applications this is a must-have capability. 
> Systems whose job is to scrutinize data carefully must have a controlled base 
> of DFDL schemas that are well trusted. 
> Reaching out the internet to get schemas is definitely unacceptable for these 
> applications.
> As for how to test this.... keep in mind that just disconnecting a test box 
> from the internet won't do it. A test might not fail just because a probe for 
> a schema on the internet failed. It might behave in some different manner if 
> it is unable to successfully reach the internet, yet still be making the 
> attempts. The requirement here is that it not even be attempting to contact 
> the internet to get schemas.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to