encoding/xml
is unsafe for security-critical operations GO-S0905Go's encoding/xml
is vulnerable for security-critical operations such as XML
signature validation and SAML.
Using encoding/xml
could make your application vulnerable to attacks when
dealing with security-critical operations such as XML signature validation and
SAML; otherwise, it is safe to use encoding/xml
. The vulnerability present in
encoding/xml
was first reported to Go Team by Mattermost. Their report
recommends using "github.com/mattermost/xml-roundtrip-validator" when your
application deals with XML signature validation and SAML because it implements
mitigations for multiple security issues that are not present in encoding/xml
.
package main
import (
"encoding/xml"
)
type Person struct {
Name string `xml:"name"`
Age int `xml:"age"`
}
func Process(input []byte) *Person {
var p Person
xml.Unmarshal(input, &p)
return &p
}
package main
import (
"encoding/xml"
"strings"
xrv "github.com/mattermost/xml-roundtrip-validator"
)
type Person struct {
Name string `xml:"name"`
Age int `xml:"age"`
}
func Process(input []byte) (*Person, error) {
if errs := xrv.ValidateAll(strings.NewReader(input)); len(errs) != 0 {
// Process the errors
return nil, errors.New("invalid xml")
}
var p Person
xml.Unmarshal(input, &p)
return &p, nil
}