diff --git a/src/AssemblyInfo.Csv.Core.fs b/src/AssemblyInfo.Csv.Core.fs index 888e73cc7..e5282ab0e 100644 --- a/src/AssemblyInfo.Csv.Core.fs +++ b/src/AssemblyInfo.Csv.Core.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Csv.Core" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Csv.Core" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.DesignTime.fs b/src/AssemblyInfo.DesignTime.fs index 3aad23dfc..1c6932de9 100644 --- a/src/AssemblyInfo.DesignTime.fs +++ b/src/AssemblyInfo.DesignTime.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.DesignTime" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.DesignTime" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.Html.Core.fs b/src/AssemblyInfo.Html.Core.fs index c5af74d43..6d9977aa8 100644 --- a/src/AssemblyInfo.Html.Core.fs +++ b/src/AssemblyInfo.Html.Core.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Html.Core" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Html.Core" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.Http.fs b/src/AssemblyInfo.Http.fs index d622309cb..e7bf4bb51 100644 --- a/src/AssemblyInfo.Http.fs +++ b/src/AssemblyInfo.Http.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Http" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Http" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.Json.Core.fs b/src/AssemblyInfo.Json.Core.fs index b9c0ebccb..dc058f775 100644 --- a/src/AssemblyInfo.Json.Core.fs +++ b/src/AssemblyInfo.Json.Core.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Json.Core" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Json.Core" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.Runtime.Utilities.fs b/src/AssemblyInfo.Runtime.Utilities.fs index 6369e3d64..3005f3d95 100644 --- a/src/AssemblyInfo.Runtime.Utilities.fs +++ b/src/AssemblyInfo.Runtime.Utilities.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Runtime.Utilities" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Runtime.Utilities" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.WorldBank.Core.fs b/src/AssemblyInfo.WorldBank.Core.fs index 17eaa1171..7cf434b3d 100644 --- a/src/AssemblyInfo.WorldBank.Core.fs +++ b/src/AssemblyInfo.WorldBank.Core.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.WorldBank.Core" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.WorldBank.Core" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.Xml.Core.fs b/src/AssemblyInfo.Xml.Core.fs index 8f71377c6..6ee2e054b 100644 --- a/src/AssemblyInfo.Xml.Core.fs +++ b/src/AssemblyInfo.Xml.Core.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data.Xml.Core" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data.Xml.Core" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/AssemblyInfo.fs b/src/AssemblyInfo.fs index 6f77a7564..fa95cbef3 100644 --- a/src/AssemblyInfo.fs +++ b/src/AssemblyInfo.fs @@ -1,6 +1,5 @@ // Auto-Generated by FAKE; do not edit namespace System - open System.Reflection [] @@ -11,17 +10,8 @@ open System.Reflection do () module internal AssemblyVersionInformation = - [] - let AssemblyTitle = "FSharp.Data" - - [] - let AssemblyProduct = "FSharp.Data" - - [] - let AssemblyDescription = "Library of F# type providers and data access tools" - - [] - let AssemblyVersion = "6.6.0.0" - - [] - let AssemblyFileVersion = "6.6.0.0" + let [] AssemblyTitle = "FSharp.Data" + let [] AssemblyProduct = "FSharp.Data" + let [] AssemblyDescription = "Library of F# type providers and data access tools" + let [] AssemblyVersion = "6.6.0.0" + let [] AssemblyFileVersion = "6.6.0.0" diff --git a/src/FSharp.Data.Xml.Core/XmlRuntime.fs b/src/FSharp.Data.Xml.Core/XmlRuntime.fs index bc7fb3844..dbabc040d 100644 --- a/src/FSharp.Data.Xml.Core/XmlRuntime.fs +++ b/src/FSharp.Data.Xml.Core/XmlRuntime.fs @@ -6,6 +6,7 @@ namespace FSharp.Data.Runtime.BaseTypes open System.ComponentModel open System.IO +open System.Xml open System.Xml.Linq #nowarn "10001" @@ -56,7 +57,16 @@ type XmlElement = IsError = false)>] static member Create(reader: TextReader) = use reader = reader - let element = XDocument.Load(reader, LoadOptions.PreserveWhitespace).Root + // Secure XML parsing: disable DTD processing and external entities to prevent XXE attacks + let xmlReaderSettings = + new XmlReaderSettings( + DtdProcessing = DtdProcessing.Prohibit, + XmlResolver = null, + MaxCharactersFromEntities = 1024L * 1024L + ) // 1MB limit + + use xmlReader = XmlReader.Create(reader, xmlReaderSettings) + let element = XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root { XElement = element } /// @@ -69,12 +79,26 @@ type XmlElement = use reader = reader let text = reader.ReadToEnd() + // Secure XML parsing: disable DTD processing and external entities to prevent XXE attacks + let xmlReaderSettings = + new XmlReaderSettings( + DtdProcessing = DtdProcessing.Prohibit, + XmlResolver = null, + MaxCharactersFromEntities = 1024L * 1024L + ) // 1MB limit + try - XDocument.Parse(text, LoadOptions.PreserveWhitespace).Root.Elements() + use stringReader = new StringReader(text) + use xmlReader = XmlReader.Create(stringReader, xmlReaderSettings) + + XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root.Elements() |> Seq.map (fun value -> { XElement = value }) |> Seq.toArray with _ when text.TrimStart().StartsWith "<" -> - XDocument.Parse("" + text + "", LoadOptions.PreserveWhitespace).Root.Elements() + use stringReader = new StringReader("" + text + "") + use xmlReader = XmlReader.Create(stringReader, xmlReaderSettings) + + XDocument.Load(xmlReader, LoadOptions.PreserveWhitespace).Root.Elements() |> Seq.map (fun value -> { XElement = value }) |> Seq.toArray