From ea7f7d8b322f0fd13419da1c0c46f7a9c74eef15 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Fri, 11 Dec 2015 19:08:40 -0500 Subject: [PATCH] Add an expected-file to match behavior of latest libxml2. Recent releases of libxml2 do not provide error context reports for errors detected at the very end of the input string. This appears to be a bug, or at least an infelicity, introduced by the fix for libxml2's CVE-2015-7499. We can hope that this behavioral change will get undone before too long; but the security patch is likely to spread a lot faster/further than any follow-on cleanup, which means this behavior is likely to be present in the wild for some time to come. As a stopgap, add a variant regression test expected-file that matches what you get with a libxml2 that acts this way. --- src/test/regress/expected/xml_2.out | 935 ++++++++++++++++++++++++++++ 1 file changed, 935 insertions(+) create mode 100644 src/test/regress/expected/xml_2.out diff --git a/src/test/regress/expected/xml_2.out b/src/test/regress/expected/xml_2.out new file mode 100644 index 0000000000..21d3de18b8 --- /dev/null +++ b/src/test/regress/expected/xml_2.out @@ -0,0 +1,935 @@ +CREATE TABLE xmltest ( + id int, + data xml +); +INSERT INTO xmltest VALUES (1, 'one'); +INSERT INTO xmltest VALUES (2, 'two'); +INSERT INTO xmltest VALUES (3, 'one + 2 | two +(2 rows) + +SELECT xmlcomment('test'); + xmlcomment +------------- + +(1 row) + +SELECT xmlcomment('-test'); + xmlcomment +-------------- + +(1 row) + +SELECT xmlcomment('test-'); +ERROR: invalid XML comment +SELECT xmlcomment('--test'); +ERROR: invalid XML comment +SELECT xmlcomment('te st'); + xmlcomment +-------------- + +(1 row) + +SELECT xmlconcat(xmlcomment('hello'), + xmlelement(NAME qux, 'foo'), + xmlcomment('world')); + xmlconcat +---------------------------------------- + foo +(1 row) + +SELECT xmlconcat('hello', 'you'); + xmlconcat +----------- + helloyou +(1 row) + +SELECT xmlconcat(1, 2); +ERROR: argument of XMLCONCAT must be type xml, not type integer +LINE 1: SELECT xmlconcat(1, 2); + ^ +SELECT xmlconcat('bad', '', NULL, ''); + xmlconcat +-------------- + +(1 row) + +SELECT xmlconcat('', NULL, ''); + xmlconcat +----------------------------------- + +(1 row) + +SELECT xmlconcat(NULL); + xmlconcat +----------- + +(1 row) + +SELECT xmlconcat(NULL, NULL); + xmlconcat +----------- + +(1 row) + +SELECT xmlelement(name element, + xmlattributes (1 as one, 'deuce' as two), + 'content'); + xmlelement +------------------------------------------------ + content +(1 row) + +SELECT xmlelement(name element, + xmlattributes ('unnamed and wrong')); +ERROR: unnamed XML attribute value must be a column reference +LINE 2: xmlattributes ('unnamed and wrong')); + ^ +SELECT xmlelement(name element, xmlelement(name nested, 'stuff')); + xmlelement +------------------------------------------- + stuff +(1 row) + +SELECT xmlelement(name employee, xmlforest(name, age, salary as pay)) FROM emp; + xmlelement +---------------------------------------------------------------------- + sharon251000 + sam302000 + bill201000 + jeff23600 + cim30400 + linda19100 +(6 rows) + +SELECT xmlelement(name duplicate, xmlattributes(1 as a, 2 as b, 3 as a)); +ERROR: XML attribute name "a" appears more than once +LINE 1: ...ment(name duplicate, xmlattributes(1 as a, 2 as b, 3 as a)); + ^ +SELECT xmlelement(name num, 37); + xmlelement +--------------- + 37 +(1 row) + +SELECT xmlelement(name foo, text 'bar'); + xmlelement +---------------- + bar +(1 row) + +SELECT xmlelement(name foo, xml 'bar'); + xmlelement +---------------- + bar +(1 row) + +SELECT xmlelement(name foo, text 'br'); + xmlelement +------------------------- + b<a/>r +(1 row) + +SELECT xmlelement(name foo, xml 'br'); + xmlelement +------------------- + br +(1 row) + +SELECT xmlelement(name foo, array[1, 2, 3]); + xmlelement +------------------------------------------------------------------------- + 123 +(1 row) + +SET xmlbinary TO base64; +SELECT xmlelement(name foo, bytea 'bar'); + xmlelement +----------------- + YmFy +(1 row) + +SET xmlbinary TO hex; +SELECT xmlelement(name foo, bytea 'bar'); + xmlelement +------------------- + 626172 +(1 row) + +SELECT xmlelement(name foo, xmlattributes(true as bar)); + xmlelement +------------------- + +(1 row) + +SELECT xmlelement(name foo, xmlattributes('2009-04-09 00:24:37'::timestamp as bar)); + xmlelement +---------------------------------- + +(1 row) + +SELECT xmlelement(name foo, xmlattributes('infinity'::timestamp as bar)); +ERROR: timestamp out of range +DETAIL: XML does not support infinite timestamp values. +SELECT xmlelement(name foo, xmlattributes('<>&"''' as funny, xml 'br' as funnier)); + xmlelement +------------------------------------------------------------ + +(1 row) + +SELECT xmlparse(content ''); + xmlparse +---------- + +(1 row) + +SELECT xmlparse(content ' '); + xmlparse +---------- + +(1 row) + +SELECT xmlparse(content 'abc'); + xmlparse +---------- + abc +(1 row) + +SELECT xmlparse(content 'x'); + xmlparse +-------------- + x +(1 row) + +SELECT xmlparse(content '&'); +ERROR: invalid XML content +DETAIL: line 1: xmlParseEntityRef: no name +& + ^ +line 1: chunk is not well balanced +SELECT xmlparse(content '&idontexist;'); +ERROR: invalid XML content +DETAIL: line 1: Entity 'idontexist' not defined +&idontexist; + ^ +line 1: chunk is not well balanced +SELECT xmlparse(content ''); + xmlparse +--------------------------- + +(1 row) + +SELECT xmlparse(content ''); + xmlparse +-------------------------------- + +(1 row) + +SELECT xmlparse(content '&idontexist;'); +ERROR: invalid XML content +DETAIL: line 1: Entity 'idontexist' not defined +&idontexist; + ^ +line 1: Opening and ending tag mismatch: twoerrors line 1 and unbalanced +line 1: chunk is not well balanced +SELECT xmlparse(content ''); + xmlparse +--------------------- + +(1 row) + +SELECT xmlparse(document ''); +ERROR: invalid XML document +DETAIL: line 1: switching encoding : no input +line 1: Document is empty +SELECT xmlparse(document ' '); +ERROR: invalid XML document +DETAIL: line 1: Start tag expected, '<' not found +SELECT xmlparse(document 'abc'); +ERROR: invalid XML document +DETAIL: line 1: Start tag expected, '<' not found +abc +^ +SELECT xmlparse(document 'x'); + xmlparse +-------------- + x +(1 row) + +SELECT xmlparse(document '&'); +ERROR: invalid XML document +DETAIL: line 1: xmlParseEntityRef: no name +& + ^ +line 1: Opening and ending tag mismatch: invalidentity line 1 and abc +SELECT xmlparse(document '&idontexist;'); +ERROR: invalid XML document +DETAIL: line 1: Entity 'idontexist' not defined +&idontexist; + ^ +line 1: Opening and ending tag mismatch: undefinedentity line 1 and abc +SELECT xmlparse(document ''); + xmlparse +--------------------------- + +(1 row) + +SELECT xmlparse(document ''); + xmlparse +-------------------------------- + +(1 row) + +SELECT xmlparse(document '&idontexist;'); +ERROR: invalid XML document +DETAIL: line 1: Entity 'idontexist' not defined +&idontexist; + ^ +line 1: Opening and ending tag mismatch: twoerrors line 1 and unbalanced +SELECT xmlparse(document ''); + xmlparse +--------------------- + +(1 row) + +SELECT xmlpi(name foo); + xmlpi +--------- + +(1 row) + +SELECT xmlpi(name xml); +ERROR: invalid XML processing instruction +DETAIL: XML processing instruction target name cannot be "xml". +SELECT xmlpi(name xmlstuff); + xmlpi +-------------- + +(1 row) + +SELECT xmlpi(name foo, 'bar'); + xmlpi +------------- + +(1 row) + +SELECT xmlpi(name foo, 'in?>valid'); +ERROR: invalid XML processing instruction +DETAIL: XML processing instruction cannot contain "?>". +SELECT xmlpi(name foo, null); + xmlpi +------- + +(1 row) + +SELECT xmlpi(name xml, null); +ERROR: invalid XML processing instruction +DETAIL: XML processing instruction target name cannot be "xml". +SELECT xmlpi(name xmlstuff, null); + xmlpi +------- + +(1 row) + +SELECT xmlpi(name "xml-stylesheet", 'href="mystyle.css" type="text/css"'); + xmlpi +------------------------------------------------------- + +(1 row) + +SELECT xmlpi(name foo, ' bar'); + xmlpi +------------- + +(1 row) + +SELECT xmlroot(xml '', version no value, standalone no value); + xmlroot +--------- + +(1 row) + +SELECT xmlroot(xml '', version '2.0'); + xmlroot +----------------------------- + +(1 row) + +SELECT xmlroot(xml '', version no value, standalone yes); + xmlroot +---------------------------------------------- + +(1 row) + +SELECT xmlroot(xml '', version no value, standalone yes); + xmlroot +---------------------------------------------- + +(1 row) + +SELECT xmlroot(xmlroot(xml '', version '1.0'), version '1.1', standalone no); + xmlroot +--------------------------------------------- + +(1 row) + +SELECT xmlroot('', version no value, standalone no); + xmlroot +--------------------------------------------- + +(1 row) + +SELECT xmlroot('', version no value, standalone no value); + xmlroot +--------- + +(1 row) + +SELECT xmlroot('', version no value); + xmlroot +---------------------------------------------- + +(1 row) + +SELECT xmlroot ( + xmlelement ( + name gazonk, + xmlattributes ( + 'val' AS name, + 1 + 1 AS num + ), + xmlelement ( + NAME qux, + 'foo' + ) + ), + version '1.0', + standalone yes +); + xmlroot +------------------------------------------------------------------------------------------ + foo +(1 row) + +SELECT xmlserialize(content data as character varying(20)) FROM xmltest; + xmlserialize +-------------------- + one + two +(2 rows) + +SELECT xmlserialize(content 'good' as char(10)); + xmlserialize +-------------- + good +(1 row) + +SELECT xmlserialize(document 'bad' as text); +ERROR: not an XML document +SELECT xml 'bar' IS DOCUMENT; + ?column? +---------- + t +(1 row) + +SELECT xml 'barfoo' IS DOCUMENT; + ?column? +---------- + f +(1 row) + +SELECT xml '' IS NOT DOCUMENT; + ?column? +---------- + f +(1 row) + +SELECT xml 'abc' IS NOT DOCUMENT; + ?column? +---------- + t +(1 row) + +SELECT '<>' IS NOT DOCUMENT; +ERROR: invalid XML content +LINE 1: SELECT '<>' IS NOT DOCUMENT; + ^ +DETAIL: line 1: StartTag: invalid element name +<> + ^ +SELECT xmlagg(data) FROM xmltest; + xmlagg +-------------------------------------- + onetwo +(1 row) + +SELECT xmlagg(data) FROM xmltest WHERE id > 10; + xmlagg +-------- + +(1 row) + +SELECT xmlelement(name employees, xmlagg(xmlelement(name name, name))) FROM emp; + xmlelement +-------------------------------------------------------------------------------------------------------------------------------- + sharonsambilljeffcimlinda +(1 row) + +-- Check mapping SQL identifier to XML name +SELECT xmlpi(name ":::_xml_abc135.%-&_"); + xmlpi +------------------------------------------------- + +(1 row) + +SELECT xmlpi(name "123"); + xmlpi +--------------- + +(1 row) + +PREPARE foo (xml) AS SELECT xmlconcat('', $1); +SET XML OPTION DOCUMENT; +EXECUTE foo (''); + xmlconcat +-------------- + +(1 row) + +EXECUTE foo ('bad'); +ERROR: invalid XML document +LINE 1: EXECUTE foo ('bad'); + ^ +DETAIL: line 1: Start tag expected, '<' not found +bad +^ +SET XML OPTION CONTENT; +EXECUTE foo (''); + xmlconcat +-------------- + +(1 row) + +EXECUTE foo ('good'); + xmlconcat +------------ + good +(1 row) + +-- Test backwards parsing +CREATE VIEW xmlview1 AS SELECT xmlcomment('test'); +CREATE VIEW xmlview2 AS SELECT xmlconcat('hello', 'you'); +CREATE VIEW xmlview3 AS SELECT xmlelement(name element, xmlattributes (1 as ":one:", 'deuce' as two), 'content&'); +CREATE VIEW xmlview4 AS SELECT xmlelement(name employee, xmlforest(name, age, salary as pay)) FROM emp; +CREATE VIEW xmlview5 AS SELECT xmlparse(content 'x'); +CREATE VIEW xmlview6 AS SELECT xmlpi(name foo, 'bar'); +CREATE VIEW xmlview7 AS SELECT xmlroot(xml '', version no value, standalone yes); +CREATE VIEW xmlview8 AS SELECT xmlserialize(content 'good' as char(10)); +CREATE VIEW xmlview9 AS SELECT xmlserialize(content 'good' as text); +SELECT table_name, view_definition FROM information_schema.views + WHERE table_name LIKE 'xmlview%' ORDER BY 1; + table_name | view_definition +------------+------------------------------------------------------------------------------------------------------------------- + xmlview1 | SELECT xmlcomment('test'::text) AS xmlcomment; + xmlview2 | SELECT XMLCONCAT('hello'::xml, 'you'::xml) AS "xmlconcat"; + xmlview3 | SELECT XMLELEMENT(NAME element, XMLATTRIBUTES(1 AS ":one:", 'deuce' AS two), 'content&') AS "xmlelement"; + xmlview4 | SELECT XMLELEMENT(NAME employee, XMLFOREST(emp.name AS name, emp.age AS age, emp.salary AS pay)) AS "xmlelement"+ + | FROM emp; + xmlview5 | SELECT XMLPARSE(CONTENT 'x'::text STRIP WHITESPACE) AS "xmlparse"; + xmlview6 | SELECT XMLPI(NAME foo, 'bar'::text) AS "xmlpi"; + xmlview7 | SELECT XMLROOT(''::xml, VERSION NO VALUE, STANDALONE YES) AS "xmlroot"; + xmlview8 | SELECT (XMLSERIALIZE(CONTENT 'good'::xml AS character(10)))::character(10) AS "xmlserialize"; + xmlview9 | SELECT XMLSERIALIZE(CONTENT 'good'::xml AS text) AS "xmlserialize"; +(9 rows) + +-- Text XPath expressions evaluation +SELECT xpath('/value', data) FROM xmltest; + xpath +---------------------- + {one} + {two} +(2 rows) + +SELECT xpath(NULL, NULL) IS NULL FROM xmltest; + ?column? +---------- + t + t +(2 rows) + +SELECT xpath('', ''); +ERROR: empty XPath expression +CONTEXT: SQL function "xpath" statement 1 +SELECT xpath('//text()', 'number one'); + xpath +---------------- + {"number one"} +(1 row) + +SELECT xpath('//loc:piece/@id', 'number one', ARRAY[ARRAY['loc', 'http://127.0.0.1']]); + xpath +------- + {1,2} +(1 row) + +SELECT xpath('//loc:piece', 'number one', ARRAY[ARRAY['loc', 'http://127.0.0.1']]); + xpath +------------------------------------------------------------------------------------------------------------------------------------------------ + {"number one",""} +(1 row) + +SELECT xpath('//loc:piece', 'number one', ARRAY[ARRAY['loc', 'http://127.0.0.1']]); + xpath +-------------------------------------------------------------------------------------- + {"+ + number one + + + + ",""} +(1 row) + +SELECT xpath('//b', 'one two three etc'); + xpath +------------------------- + {two,etc} +(1 row) + +SELECT xpath('//text()', '<'); + xpath +-------- + {<} +(1 row) + +SELECT xpath('//@value', ''); + xpath +-------- + {<} +(1 row) + +SELECT xpath('''<>''', ''); + xpath +--------------------------- + {<<invalid>>} +(1 row) + +SELECT xpath('count(//*)', ''); + xpath +------- + {3} +(1 row) + +SELECT xpath('count(//*)=0', ''); + xpath +--------- + {false} +(1 row) + +SELECT xpath('count(//*)=3', ''); + xpath +-------- + {true} +(1 row) + +SELECT xpath('name(/*)', ''); + xpath +-------- + {root} +(1 row) + +SELECT xpath('/nosuchtag', ''); + xpath +------- + {} +(1 row) + +-- Test xmlexists and xpath_exists +SELECT xmlexists('//town[text() = ''Toronto'']' PASSING BY REF 'Bidford-on-AvonCwmbranBristol'); + xmlexists +----------- + f +(1 row) + +SELECT xmlexists('//town[text() = ''Cwmbran'']' PASSING BY REF 'Bidford-on-AvonCwmbranBristol'); + xmlexists +----------- + t +(1 row) + +SELECT xmlexists('count(/nosuchtag)' PASSING BY REF ''); + xmlexists +----------- + t +(1 row) + +SELECT xpath_exists('//town[text() = ''Toronto'']','Bidford-on-AvonCwmbranBristol'::xml); + xpath_exists +-------------- + f +(1 row) + +SELECT xpath_exists('//town[text() = ''Cwmbran'']','Bidford-on-AvonCwmbranBristol'::xml); + xpath_exists +-------------- + t +(1 row) + +SELECT xpath_exists('count(/nosuchtag)', ''::xml); + xpath_exists +-------------- + t +(1 row) + +INSERT INTO xmltest VALUES (4, 'BudvarfreeCarlinglots'::xml); +INSERT INTO xmltest VALUES (5, 'MolsonfreeCarlinglots'::xml); +INSERT INTO xmltest VALUES (6, 'BudvarfreeCarlinglots'::xml); +INSERT INTO xmltest VALUES (7, 'MolsonfreeCarlinglots'::xml); +SELECT COUNT(id) FROM xmltest WHERE xmlexists('/menu/beer' PASSING data); + count +------- + 0 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xmlexists('/menu/beer' PASSING BY REF data BY REF); + count +------- + 0 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xmlexists('/menu/beers' PASSING BY REF data); + count +------- + 2 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xmlexists('/menu/beers/name[text() = ''Molson'']' PASSING BY REF data); + count +------- + 1 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/menu/beer',data); + count +------- + 0 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/menu/beers',data); + count +------- + 2 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/menu/beers/name[text() = ''Molson'']',data); + count +------- + 1 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/myns:menu/myns:beer',data,ARRAY[ARRAY['myns','http://myns.com']]); + count +------- + 0 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/myns:menu/myns:beers',data,ARRAY[ARRAY['myns','http://myns.com']]); + count +------- + 2 +(1 row) + +SELECT COUNT(id) FROM xmltest WHERE xpath_exists('/myns:menu/myns:beers/myns:name[text() = ''Molson'']',data,ARRAY[ARRAY['myns','http://myns.com']]); + count +------- + 1 +(1 row) + +CREATE TABLE query ( expr TEXT ); +INSERT INTO query VALUES ('/menu/beers/cost[text() = ''lots'']'); +SELECT COUNT(id) FROM xmltest, query WHERE xmlexists(expr PASSING BY REF data); + count +------- + 2 +(1 row) + +-- Test xml_is_well_formed and variants +SELECT xml_is_well_formed_document('bar'); + xml_is_well_formed_document +----------------------------- + t +(1 row) + +SELECT xml_is_well_formed_document('abc'); + xml_is_well_formed_document +----------------------------- + f +(1 row) + +SELECT xml_is_well_formed_content('bar'); + xml_is_well_formed_content +---------------------------- + t +(1 row) + +SELECT xml_is_well_formed_content('abc'); + xml_is_well_formed_content +---------------------------- + t +(1 row) + +SET xmloption TO DOCUMENT; +SELECT xml_is_well_formed('abc'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed('<>'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed(''); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed('bar'); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed('barbaz'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed('number one'); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed('bar'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed('bar'); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed('&'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed('&idontexist;'); + xml_is_well_formed +-------------------- + f +(1 row) + +SELECT xml_is_well_formed(''); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed(''); + xml_is_well_formed +-------------------- + t +(1 row) + +SELECT xml_is_well_formed('&idontexist;'); + xml_is_well_formed +-------------------- + f +(1 row) + +SET xmloption TO CONTENT; +SELECT xml_is_well_formed('abc'); + xml_is_well_formed +-------------------- + t +(1 row) + +-- Since xpath() deals with namespaces, it's a bit stricter about +-- what's well-formed and what's not. If we don't obey these rules +-- (i.e. ignore namespace-related errors from libxml), xpath() +-- fails in subtle ways. The following would for example produce +-- the xml value +-- +-- which is invalid because '<' may not appear un-escaped in +-- attribute values. +-- Since different libxml versions emit slightly different +-- error messages, we suppress the DETAIL in this test. +\set VERBOSITY terse +SELECT xpath('/*', ''); +ERROR: could not parse XML document +\set VERBOSITY default +-- Again, the XML isn't well-formed for namespace purposes +SELECT xpath('/*', ''); +ERROR: could not parse XML document +DETAIL: line 1: Namespace prefix nosuchprefix on tag is not defined + + ^ +CONTEXT: SQL function "xpath" statement 1 +-- XPath deprecates relative namespaces, but they're not supposed to +-- throw an error, only a warning. +SELECT xpath('/*', ''); +WARNING: line 1: xmlns: URI relative is not absolute + + ^ +CONTEXT: SQL function "xpath" statement 1 + xpath +-------------------------------------- + {""} +(1 row) + +-- External entity references should not leak filesystem information. +SELECT XMLPARSE(DOCUMENT ']>&c;'); + xmlparse +----------------------------------------------------------------- + ]>&c; +(1 row) + +SELECT XMLPARSE(DOCUMENT ']>&c;'); + xmlparse +----------------------------------------------------------------------- + ]>&c; +(1 row) + +-- This might or might not load the requested DTD, but it mustn't throw error. +SELECT XMLPARSE(DOCUMENT ' '); + xmlparse +------------------------------------------------------------------------------------------------------------------------------------------------------ +   +(1 row) +