Escape application names for GMarkup #51

DemiMarie · 2024-11-26T03:12:48Z

GLib provides a parser called GMarkup, which implements a subset of XML. Application names may contain XML metacharacters, such as "<" and "&". These must be escaped to prevent XML injection, but the app menu didn't do that.

The GMarkup documentation explicitly states that GMarkup must not be used to parse untrusted input 1. Therefore, parsing malicious markup may have undefined results. Fortunately, there is no security problem because the only allowed character with special meaning in XML is "&" and ";" is not allowed. Therefore, there is no way to create a valid XML entity or inject tags. The worst that can happen is the creation of ill-formed markup that that GLib rejects.

This patch also addresses a URL construction bug: filenames need to be URL-encoded in file:// URLs.

marmarek · 2024-11-27T00:14:09Z

(pylint complains)

GLib provides a parser called GMarkup, which implements a subset of XML. Application names may contain XML metacharacters, such as "<" and "&". These must be escaped to prevent XML injection, but the app menu didn't do that. The GMarkup documentation explicitly states that GMarkup must not be used to parse untrusted input [1]. Therefore, parsing malicious markup may have undefined results. Fortunately, there is no security problem because the only allowed character with special meaning in XML is "&" and ";" is not allowed. Therefore, there is no way to create a valid XML entity or inject tags. The worst that can happen is the creation of ill-formed markup that that GLib rejects. This patch also addresses a URL construction bug: filenames need to be URL-encoded in file:// URLs. [1]: https://github.com/GNOME/glib/blob/3304a517d9a7bdbb52d60394fdae6f9903f0f4f3/glib/gmarkup.c#L50-L51

qubesos-bot · 2024-11-27T07:28:47Z

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024112705-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025021804-4.3&flavor=update

system_tests_basic_vm_qrexec_gui_zfs
- switch_pool: Failed (test died)
  # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...
system_tests_audio
- TC_20_AudioVM_PipeWire_debian-12-xfce: test_260_audio_mic_enabled_switch_audiovm (failure)
  AssertionError: too short audio, expected 10s, got 0.00013605442176...
system_tests_kde_gui_interactive
- gui_keyboard_layout: wait_serial (wait serial expected)
  # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...
- gui_keyboard_layout: Failed (test died)
  # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

Failed tests

5 failures

system_tests_basic_vm_qrexec_gui_zfs
- switch_pool: Failed (test died)
  # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...
system_tests_audio
- TC_20_AudioVM_PipeWire_debian-12-xfce: test_260_audio_mic_enabled_switch_audiovm (failure)
  AssertionError: too short audio, expected 10s, got 0.00013605442176...
- [unstable] TC_20_AudioVM_PipeWire_fedora-40-xfce: test_260_audio_mic_enabled_switch_audiovm (failure)
  AssertionError: too short audio, expected 10s, got 0.00013605442176...
system_tests_kde_gui_interactive
- gui_keyboard_layout: wait_serial (wait serial expected)
  # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...
- gui_keyboard_layout: Failed (test died)
  # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/129058#dependencies

15 fixed

system_tests_whonix@hw7
- whonixcheck: fail (unknown)
  Whonixcheck for sys-whonix failed...
- whonixcheck: unnamed test (unknown)
system_tests_suspend@hw1
- suspend: unnamed test (unknown)
- suspend: Failed (test died)
  # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...
system_tests_whonix
- whonixcheck: fail (unknown)
  Whonixcheck for sys-whonix failed...
- whonixcheck: unnamed test (unknown)
system_tests_suspend
- suspend: unnamed test (unknown)
- suspend: Failed (test died)
  # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...
system_tests_qrexec
- TC_00_Qrexec_whonix-workstation-17: test_070_qrexec_vm_simultaneous_write (failure)
  exited with non-zero code 125; stderr: b"dd: error writing 'standa...
system_tests_audio
- TC_20_AudioVM_Pulse_whonix-workstation-17: test_223_audio_play_hvm (failure)
  AssertionError: too short audio, expected 10s, got 7.33528344671201...
- TC_20_AudioVM_PipeWire_whonix-workstation-17: test_226_audio_playback_pipewire (failure)
  AssertionError: too short audio, expected 10s, got 9.19027210884353...
- TC_20_AudioVM_PipeWire_whonix-workstation-17: test_251_audio_playback_audiovm_pipewire_late_start (failure)
  AssertionError: too short audio, expected 10s, got 9.22900226757369...
system_tests_basic_vm_qrexec_gui_btrfs
- TC_03_QvmRevertTemplateChanges: test_000_revert_linux (error)
  subprocess.CalledProcessError: Command '['sha1sum', '/var/lib/qubes...
system_tests_kde_gui_interactive
- clipboard_and_web: unnamed test (unknown)
- clipboard_and_web: Failed (test died)
  # Test died: no candidate needle with tag(s) 'clipboard-paste-notif...

Unstable tests

system_tests_audio@hw1
TC_20_AudioVM_Pulse_fedora-40-xfce/test_223_audio_play_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_debian-12-xfce/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_debian-12-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_PipeWire_whonix-workstation-17/test_251_audio_playback_audiovm_pipewire_late_start (1/5 times with errors)
- job 115623 AssertionError: too short audio, expected 10s, got 9.34507936507936...
TC_20_AudioVM_Pulse_debian-12-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_fedora-40-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
- job 116847 AssertionError: too short audio, expected 10s, got 0.00013605442176...
- job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...
TC_20_AudioVM_PipeWire_whonix-workstation-17/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
- job 115623 AssertionError: too short audio, expected 10s, got 9.05353741496598...
system_tests_pvgrub_salt_storage
TC_41_HVMGrub_debian-12-xfce/test_000_standalone_vm (1/5 times with errors)
- job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-40-xfce/test_000_standalone_vm (1/5 times with errors)
- job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_debian-12-xfce/test_010_template_based_vm (1/5 times with errors)
- job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
TC_41_HVMGrub_fedora-40-xfce/test_010_template_based_vm (1/5 times with errors)
- job 115648 qubes.exc.QubesVMError: Cannot connect to qrexec agent for 120 seco...
system_tests_usbproxy
TC_20_USBProxy_core3_fedora-40-xfce/test_070_attach_not_installed_front (1/5 times with errors)
- job 117582 NameError: name 'santizied_stderr' is not defined
system_tests_network_updates
VmUpdates_debian-12-xfce/test_020_updates_available_notification (1/5 times with errors)
- job 117610 subprocess.CalledProcessError: Command '/usr/lib/qubes/upgrades-sta...
system_tests_basic_vm_qrexec_gui_zfs
TC_00_Basic/test_120_start_standalone_with_cdrom_dom0 (1/5 times with errors)
- job 109480 AssertionError: 1 != 0 : b'Timeout waiting for dom0:loop6 device to...
system_tests_audio
TC_20_AudioVM_Pulse_fedora-40-xfce/test_223_audio_play_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_debian-12-xfce/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_224_audio_rec_muted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_debian-12-xfce/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_225_audio_rec_unmuted_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_PipeWire_whonix-workstation-17/test_251_audio_playback_audiovm_pipewire_late_start (1/5 times with errors)
- job 115623 AssertionError: too short audio, expected 10s, got 9.34507936507936...
TC_20_AudioVM_Pulse_debian-12-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_fedora-40-xfce/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_Pulse_whonix-workstation-17/test_252_audio_playback_audiovm_switch_hvm (1/5 times with errors)
- job 115623 libvirt.libvirtError: internal error: libxenlight failed to create ...
TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (2/5 times with errors)
- job 116847 AssertionError: too short audio, expected 10s, got 0.00013605442176...
- job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...
TC_20_AudioVM_PipeWire_whonix-workstation-17/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)
- job 115623 AssertionError: too short audio, expected 10s, got 9.05353741496598...

Performance Tests

Performance degradation:

No issues

Remaining performance tests:

No remaining performance tests

codecov · 2024-11-27T09:21:13Z

Codecov Report

Attention: Patch coverage is 78.57143% with 3 lines in your changes missing coverage. Please review.

Project coverage is 82.24%. Comparing base (9d665ee) to head (b2e036c).
Report is 18 commits behind head on main.

Files with missing lines	Patch %	Lines
qubes_menu/utils.py	81.81%	2 Missing ⚠️
qubes_menu/app_widgets.py	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #51      +/-   ##
==========================================
- Coverage   83.01%   82.24%   -0.77%     
==========================================
  Files          22       22              
  Lines        2190     2349     +159     
==========================================
+ Hits         1818     1932     +114     
- Misses        372      417      +45

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

marmarek

Approved as of b2e036c

marmarek added the openqa-pending label Nov 27, 2024

DemiMarie force-pushed the fix-markup-error branch from feccd44 to b2e036c Compare November 27, 2024 08:59

qubesos-bot mentioned this pull request Dec 7, 2024

log stdout/err from updates check on Debian QubesOS/qubes-core-agent-linux#537

Merged

marmarek approved these changes Dec 10, 2024

View reviewed changes

marmarek merged commit ce4ffa0 into QubesOS:main Dec 10, 2024
2 of 4 checks passed

DemiMarie deleted the fix-markup-error branch December 10, 2024 22:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Escape application names for GMarkup #51

Escape application names for GMarkup #51

Uh oh!

DemiMarie commented Nov 26, 2024

Uh oh!

marmarek commented Nov 27, 2024

Uh oh!

qubesos-bot commented Nov 27, 2024 •

edited

Loading

Uh oh!

codecov bot commented Nov 27, 2024 •

edited

Loading

Uh oh!

marmarek left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Escape application names for GMarkup #51

Escape application names for GMarkup #51

Uh oh!

Conversation

DemiMarie commented Nov 26, 2024

Uh oh!

marmarek commented Nov 27, 2024

Uh oh!

qubesos-bot commented Nov 27, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

OpenQA test summary

New failures, excluding unstable

Failed tests

Fixed failures

Unstable tests

Performance Tests

Performance degradation:

Remaining performance tests:

Uh oh!

codecov bot commented Nov 27, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

marmarek left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

qubesos-bot commented Nov 27, 2024 •

edited

Loading

codecov bot commented Nov 27, 2024 •

edited

Loading