Revert file deletion, removed decision

SierraNL · SierraNL · commit 818b1e5a4a5a · 2024-11-26T13:11:08.000+01:00
Signed-off-by: Leon Grave &lt;l.grave@gmail.com&gt;
diff --git a/docs/dev/decisions/XmlValidator.md b/docs/dev/decisions/XmlValidator.md
@@ -39,10 +39,6 @@ as it was more popular/used and had a more active community.
 
 Decided to replace `libxmljs2`, as it is end of life.
 
-#### 2024-11-26
-
-Decided to replace `libxmljs2` with `libxml2-wasm`, since it's maintained and a functioning XML validator.
-
 ## WebBrowsers
 
 there seams to exist no solution for validating XML according to XSD
diff --git a/src/_optPlug.node/__xmlValidators/libxmljs2.ts b/src/_optPlug.node/__xmlValidators/libxmljs2.ts
@@ -0,0 +1,44 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+   http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+import { readFile } from 'fs/promises'
+import { type ParserOptions, parseXml } from 'libxmljs2'
+import { pathToFileURL } from 'url'
+
+import type { ValidationError } from '../../validation/types'
+import type { Functionality, Validator } from '../xmlValidator'
+
+const xmlParseOptions: Readonly<ParserOptions> = Object.freeze({
+  nonet: true,
+  compact: true,
+  // explicitly prevent XXE
+  // see https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
+  // see https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1061
+  noent: false,
+  dtdload: false
+})
+
+/** @internal */
+export default (async function (schemaPath: string): Promise<Validator> {
+  const schema = parseXml(await readFile(schemaPath, 'utf-8'),
+    { ...xmlParseOptions, baseUrl: pathToFileURL(schemaPath).toString() })
+
+  return function (data: string): null | ValidationError {
+    const doc = parseXml(data, xmlParseOptions)
+    return doc.validate(schema)
+      ? null
+      : doc.validationErrors
+  }
+}) satisfies Functionality
