We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tests seem to fail on OTP 27.
This is most likely due to a change in xmerl defaults released in OTP 27, and made in erlang/otp#7539 (c.f. detailed release notes)
xmerl
Some default values in Xmerl has been changed to avoid XML External Entity (XXE) vulnerabilities if you're parsing untrusted XML. xmerl_scan: the default value for allow_entities has changed to false. xmerl_sax_parser: the default value for external_entities has changed to none. Own Id: OTP-19079 Application(s): xmerl Related Id(s): GH-7539
xmerl_scan: the default value for allow_entities has changed to false. xmerl_sax_parser: the default value for external_entities has changed to none.
Own Id: OTP-19079 Application(s): xmerl Related Id(s): GH-7539
Using the following .tools-version (and any >27 OTP really)
.tools-version
erlang 27.0 elixir 1.17
And launching tests, we get:
$ mix test Compiling 2 files (.ex) # Warnings [...] .................................... 1) test stream: raise on reading /etc/passwd with dtd: :none (Issue71Test) test/issue_71_test.exs:33 Assertion failed, no matching message after 100ms The following variables were pinned: pid = #PID<0.746.0> Showing 1 of 1 message in the mailbox code: assert_receive {:EXIT, ^pid, {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}}} mailbox: pattern: {:EXIT, ^pid, {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}}} value: {:EXIT, #PID<0.746.0>, {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 3}, {:col, 1}}}} stacktrace: test/issue_71_test.exs:38: (test) 2) test raise on reading /etc/passwd with dtd: :internal_only (Issue71Test) test/issue_71_test.exs:11 match (=) failed code: assert {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}} = catch_exit(SweetXml.parse(sneaky_xml, dtd: :internal_only, quiet: true)) left: {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}} right: {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 3}, {:col, 1}}} stacktrace: test/issue_71_test.exs:14: (test) 3) test raise on reading /etc/passwd with dtd: [only: :banana] (Issue71Test) test/issue_71_test.exs:18 ** (exit) {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 3}, {:col, 1}}} code: assert_raise RuntimeError, fn -> stacktrace: (xmerl 2.0) xmerl_scan.erl:4236: :xmerl_scan.fatal/2 (xmerl 2.0) xmerl_scan.erl:1376: :xmerl_scan.scan_doctype3/3 (xmerl 2.0) xmerl_scan.erl:828: :xmerl_scan.scan_prolog/4 (xmerl 2.0) xmerl_scan.erl:669: :xmerl_scan.scan_document/2 (xmerl 2.0) xmerl_scan.erl:390: :xmerl_scan.string/2 (sweet_xml 0.7.4) lib/sweet_xml.ex:292: SweetXml.do_parse/2 (sweet_xml 0.7.4) lib/sweet_xml.ex:281: SweetXml.parse/2 test/issue_71_test.exs:21: (test) The following output was logged: 10:38:55.783 [error] 1793- fatal: {:error, :entities_not_allowed} 4) test raise on reading /etc/passwd with dtd: :none (Issue71Test) test/issue_71_test.exs:4 match (=) failed code: assert {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}} = catch_exit(SweetXml.parse(sneaky_xml, dtd: :none, quiet: true)) left: {:fatal, {{:error_fetching_DTD, {_, _}}, _file, _line, _col}} right: {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 3}, {:col, 1}}} stacktrace: test/issue_71_test.exs:7: (test) 5) test stream: raise on billion_laugh.xml with dtd: :none (Issue71Test) test/issue_71_test.exs:41 Assertion failed, no matching message after 100ms The following variables were pinned: pid = #PID<0.783.0> Showing 1 of 1 message in the mailbox code: assert_receive {:EXIT, ^pid, {%RuntimeError{}, _stacktrace}} mailbox: pattern: {:EXIT, ^pid, {%RuntimeError{}, _stacktrace}} value: {:EXIT, #PID<0.783.0>, {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 4}, {:col, 2}}}} stacktrace: test/issue_71_test.exs:46: (test) 6) test raise on billion_laugh.xml with dtd: :none (Issue71Test) test/issue_71_test.exs:26 ** (exit) {:fatal, {{:error, :entities_not_allowed}, {:file, :file_name_unknown}, {:line, 4}, {:col, 2}}} code: assert_raise RuntimeError, fn -> stacktrace: (xmerl 2.0) xmerl_scan.erl:4236: :xmerl_scan.fatal/2 (xmerl 2.0) xmerl_scan.erl:1376: :xmerl_scan.scan_doctype3/3 (xmerl 2.0) xmerl_scan.erl:828: :xmerl_scan.scan_prolog/4 (xmerl 2.0) xmerl_scan.erl:669: :xmerl_scan.scan_document/2 (xmerl 2.0) xmerl_scan.erl:390: :xmerl_scan.string/2 (sweet_xml 0.7.4) lib/sweet_xml.ex:292: SweetXml.do_parse/2 (sweet_xml 0.7.4) lib/sweet_xml.ex:281: SweetXml.parse/2 test/issue_71_test.exs:28: (test) The following output was logged: 10:38:55.887 [error] 1793- fatal: {:error, :entities_not_allowed} ... 7) test internal only (SweetXmlStreamTest) test/sweet_xml_stream_test.exs:109 Expected exception SweetXml.DTDError but got SweetXml.XmerlFatal ({:error, :entities_not_allowed}) code: assert_raise SweetXml.DTDError, "no external entity allowed", fn -> stacktrace: (sweet_xml 0.7.4) lib/sweet_xml.ex:539: anonymous fn/1 in SweetXml.stream!/2 (elixir 1.17.0-rc.1) lib/stream.ex:1683: Stream.do_resource/5 (elixir 1.17.0-rc.1) lib/stream.ex:690: Stream.run/1 test/sweet_xml_stream_test.exs:110: (test) The following output was logged: 10:38:55.942 [error] 1793- fatal: {:error, :entities_not_allowed} . 8) test DTD error (SweetXmlStreamTest) test/sweet_xml_stream_test.exs:100 Expected exception SweetXml.DTDError but got SweetXml.XmerlFatal ({:error, :entities_not_allowed}) code: assert_raise SweetXml.DTDError, "DTD not allowed: lol1", fn -> stacktrace: (sweet_xml 0.7.4) lib/sweet_xml.ex:539: anonymous fn/1 in SweetXml.stream!/2 (elixir 1.17.0-rc.1) lib/stream.ex:1683: Stream.do_resource/5 (elixir 1.17.0-rc.1) lib/stream.ex:690: Stream.run/1 test/sweet_xml_stream_test.exs:101: (test) ...... Finished in 0.4 seconds (0.00s async, 0.4s sync) 16 doctests, 38 tests, 8 failures
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Description
Tests seem to fail on OTP 27.
This is most likely due to a change in
xmerl
defaults released in OTP 27, and made in erlang/otp#7539 (c.f. detailed release notes)Steps to reproduce
Using the following
.tools-version
(and any >27 OTP really)And launching tests, we get:
The text was updated successfully, but these errors were encountered: