问题描述
我计划让网站用户上传自己的SVG文档,并使用inkscape或svg2pdf进行呈现.用户要么未经身份验证,要么经过微不足道的注册过程,因此我希望进行一些黑客尝试.因此,对于任何可以最大限度减少安全威胁的过滤方法,我将不胜感激.
I plan to let website users upload their own SVG documents and render them with inkscape or svg2pdf. The users will either be unauthenticated or go through a trivial sign-up process, so I would expect some hack attempts. I should therefore appreciate any pointers on what filtering I can do to minimise security threats.
- Inkscape似乎不受 JavaScript加载标签的困扰,并愉快地呈现了内容而没有任何不愉快的地方发生(也就是说,使用这种方法我都无法让Firefox 10发出警报框).
- 我担心
<image xlink:href />标签可能会使用外部URI链接到巨大或格式错误的位图图像-从理论上讲,这可能会使服务崩溃.有没有一种遍历XML文档以筛选它们的简便方法?我当然可以使用XMLReader轻松地做到这一点,但是想知道是否可能需要处理onload之类的"onload"(尽管Firefox只是拒绝了它,因为它是无效的,所以也许这是不必要的担心).旁节点:图像本身是可以接受的,但是我想我要么要求它们要么是内联data:,要么将可接受的目标URI列入白名单,并且具有文件大小限制. - 是否有任何SVG指令(特别是呈现文本的指令)可能包含系统文件的文本内容,例如
/etc/passwd等? - 我还可以采用的一种方法是针对SVG规范进行验证.这是我在此处问的另一个问题.. li>
- Inkscape doesn't seem to be bothered by JavaScript onload tags and happily renders the content without anything untoward happening (that said, I can't get Firefox 10 to cough up an alert box either using that approach).
- I am concerned that an
<image xlink:href />tag could link to a huge or malformed bitmap image using an external URI - which theoretically could crash the service. Is there an easy way to traverse the XML document to filter these? I can do this easily with XMLReader of course, but wonder if I might have to deal with things likeonloadfor 'onload' (though Firefox just rejected it as invalid, so perhaps this is a needless worry). Sidenode: images in themselves are acceptable but I think I'd either require them to either be inlinedata:or whitelist acceptable target URIs, with filesize limitations. - Are there any SVG directives (in particular that render text) that could include the text contents of system files, such as
/etc/passwdetc? - One approach I could also take is validation against the SVG spec. That's the subject of another question I've asked here.
我正在将PHP 5.2与XMLReader和XMLWriter一起使用,尽管其他基于PHP流的系统也是可以接受的.系统是用于开发人员的OS X 10.6.8,以及用于生产的LAMP.
I'm using PHP 5.2 with XMLReader and XMLWriter, though other PHP stream-based systems would be acceptable. Systems are OS X 10.6.8 for dev, and LAMP on production.
推荐答案
您需要确保您的特定实施无法进行XXE攻击,请参见此处.
You need to make sure XXE attacks are not possible for your specific implementation, see here.
这篇关于让用户呈现自己的SVG文件的安全隐患的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!