XML Decoder: Checking for invalid content outside of a root node #1448

Author: mikefarah

examples/mike.xml

@@ -1,7 +1,5 @@
-<?xml version="1.0"?>
-<!DOCTYPE config SYSTEM "/etc/iwatch/iwatch.dtd" >
-<apple>
-<?coolioo version="1.0"?>
-<!DOCTYPE config SYSTEM "/etc/iwatch/iwatch.dtd" >
-<b>things</b>
-</apple>
+date: "2022-11-25"
+raw:
+  id: 1
+  XML: text_outside_1<Tag1 />text_outside_2<Tag2Kling Klong</Tag2>text_outside_3
+  time: 09:19:00

pkg/yqlib/decoder_xml.go

@@ -3,6 +3,7 @@ package yqlib
 import (
 	"encoding/xml"
 	"errors"
+	"fmt"
 	"io"
 	"strings"
 	"unicode"
@@ -226,6 +227,8 @@ func (dec *xmlDecoder) decodeXML(root *xmlNode) error {
 	// That will convert the charset if the provided XML is non-UTF-8
 	xmlDec.CharsetReader = charset.NewReaderLabel
 
+	started := false
+
 	// Create first element from the root node
 	elem := &element{
 		parent: nil,
@@ -269,8 +272,13 @@ func (dec *xmlDecoder) decodeXML(root *xmlNode) error {
 				elem.n.AddChild(dec.prefs.AttributePrefix+a.Name.Local, &xmlNode{Data: []string{a.Value}})
 			}
 		case xml.CharData:
+
 			// Extract XML data (if any)
 			newBit := trimNonGraphic(string(se))
+			if !started && len(newBit) > 0 {
+				return fmt.Errorf("invalid XML: Encountered chardata [%v] outside of XML node", newBit)
+			}
+
 			if len(newBit) > 0 {
 				elem.n.Data = append(elem.n.Data, newBit)
 				elem.state = "chardata"
@@ -309,6 +317,7 @@ func (dec *xmlDecoder) decodeXML(root *xmlNode) error {
 				elem.n.AddChild(dec.prefs.DirectiveName, &xmlNode{Data: []string{string(se)}})
 			}
 		}
+		started = true
 	}
 
 	return nil

pkg/yqlib/operators_test.go

@@ -31,7 +31,7 @@ type expressionScenario struct {
 }
 
 func TestMain(m *testing.M) {
-	logging.SetLevel(logging.DEBUG, "")
+	logging.SetLevel(logging.ERROR, "")
 	Now = func() time.Time {
 		return time.Date(2021, time.May, 19, 1, 2, 3, 4, time.UTC)
 	}

pkg/yqlib/xml_test.go

@@ -235,9 +235,15 @@ const expectedXmlWithProcInstAndDirectives = `<?xml version="1.0"?>
 var xmlScenarios = []formatScenario{
 	{
 		skipDoc:  true,
-		input:    "<root>value<!-- comment--> </root>",
+		input:    "  <root>value<!-- comment--> </root>",
 		expected: "root: value # comment\n",
 	},
+	{
+		skipDoc:       true,
+		input:         "value<root>value</root>",
+		expectedError: "bad file 'sample.yml': invalid XML: Encountered chardata [value] outside of XML node",
+		scenarioType:  "decode-error",
+	},
 	{
 		skipDoc:  true,
 		input:    "<root> <!-- comment-->value</root>",
@@ -502,6 +508,13 @@ func testXMLScenario(t *testing.T, s formatScenario) {
 		prefs := NewDefaultXmlPreferences()
 		prefs.SkipDirectives = true
 		test.AssertResultWithContext(t, s.expected, mustProcessFormatScenario(s, NewXMLDecoder(prefs), NewXMLEncoder(2, prefs)), s.description)
+	case "decode-error":
+		result, err := processFormatScenario(s, NewXMLDecoder(NewDefaultXmlPreferences()), NewYamlEncoder(2, false, ConfiguredYamlPreferences))
+		if err == nil {
+			t.Errorf("Expected error '%v' but it worked: %v", s.expectedError, result)
+		} else {
+			test.AssertResultComplexWithContext(t, s.expectedError, err.Error(), s.description)
+		}
 	case "encode-error":
 		result, err := processFormatScenario(s, NewYamlDecoder(ConfiguredYamlPreferences), NewXMLEncoder(2, NewDefaultXmlPreferences()))
 		if err == nil {

release_notes.txt

@@ -1,3 +1,7 @@
+4.30.5:
+  - Fixed 
+  - Special thanks to Kopfbremse for finding all the bugs
+
 4.30.4:
   - Fixed bug in automated versioning (snap/brew)