Secure policy language - (attribute mapper)
- Repose will pull in the new feature from attribute mapper
Repose - Secure policy language
Validate policy language when a request is made to set it – currently validation occurs when the policy is used not set.
Attribute mapper uses XPath 2.0. There are two calls in XPath 2.0 that are dangerous, and we should prevent those calls from happening, doc and doc-available.
doc can read a file system or URI, and doc-available checks for the presence of a file.
There are two ways to disable these.
1. Register a URI resolver (which would catch it at run time).
2. Pre-parse the XPath looking for "doc" during validation (and potentially when the policy is used).
We're currently leaning towards option 2. It would be done during the validate call in the attribute mapper library.
This work is in the attribute mapper, and it would be in the Scala code (which means we could more easily do it).
- When validating a mapping policy, it fails if the policy includes doc or doc-available.