Date: Fri, 1 Jun 2012 12:19:51 +0100 From: "Simon L. B. Nielsen" <simon@qxnitro.org> To: Doug Barton <dougb@freebsd.org> Cc: Eitan Adler <eadler@freebsd.org>, freebsd-doc@freebsd.org, wblock@freebsd.org, Thierry Thomas <thierry@freebsd.org>, Jason Helfman <jgh@freebsd.org> Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <CAC8HS2HFrJkzH=f7Z39tn9dOai_VtL0Zg2B0FKSA5aDYKKoL1Q@mail.gmail.com> In-Reply-To: <4FC8959A.8020008@FreeBSD.org> References: <201205302046.q4UKka2f062416@repoman.freebsd.org> <CAF6rxgnqRU5J=B5KDvm_h1XE9fQ3FzOEqUMWQnLL7XN7SrWnOg@mail.gmail.com> <20120530222837.GA94334@dormouse.experts-exchange.com> <CAF6rxgnuTQwXHi09yczTrQwEtCAk16UjFFEtYVsJ2LoL2aaJ4g@mail.gmail.com> <CAMuy=%2BjOSurM7x4fekC6%2BsHp2ovJCyK%2BHXdb8_ADtywRuEyQBA@mail.gmail.com> <alpine.BSF.2.00.1205311023290.83108@wonkity.com> <4FC7BDE9.40602@FreeBSD.org> <alpine.BSF.2.00.1205311405010.83987@wonkity.com> <4FC814BB.90507@FreeBSD.org> <CAC8HS2FfQzYL69cidQzN1JmvyYRsv2AnaXm6TNr1QfLj1JmN%2BA@mail.gmail.com> <4FC8959A.8020008@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 1, 2012 at 11:12 AM, Doug Barton <dougb@freebsd.org> wrote: > On 06/01/2012 02:55, Simon L. B. Nielsen wrote: >> On Fri, Jun 1, 2012 at 2:02 AM, Doug Barton <dougb@freebsd.org> wrote: >>>> On Thu, 31 May 2012, Doug Barton wrote: >>>> >>>>> On 05/31/2012 09:28 AM, Warren Block wrote: >>>>>> Sorry, I missed the original post and am not quite sure what is bein= g >>>>>> checked. =C2=A0At present, igor doesn't know XML at all. =C2=A0My ho= pe is that >>>>>> some existing XML validator can be used to check tagging and indenta= tion >>>>>> of DocBook XML, and igor can just check for documentation-specific >>>>>> problems. >>>>> >>>>> xmllint does a pretty good job of validation. Not sure how much it he= lps >>>>> with indentation, but it's a good place to start. >>> >>> To amplify that slightly, since "The Fine Manual" leaves something to b= e >>> desired ... >>> >>> xmllint --noout --dtdvalid http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dt= d >>> vuln.xml >>> >>> is what you want to validate that the file matches the DTD (the current >>> version passes). There is no way to use xmllint to "validate the >>> whitespace," but you could theoretically use the --format option as par= t >>> of 'make validate'. Note, that would require a one-time commit to chang= e >>> the current format into what --format outputs, since they are pretty >>> dramatically different. >> >> Just a note, DTD check is unfortunately rather far from validating >> that VuXML entries are valid... > > Right ... the question I was responding to was, "How can we confirm that > the XML is right?" which is a different question altogether. The wacky > default whitespace conventions that we have for that file could be > "fixed" (where that really means standardized on a differently wacky > schema) by the --format option of xmllint. That would take the "human Hmm, I think we use pretty much the doc project style... but I can't remember 100% on the top of my head. > error" element out of the whitespace issue altogether, and avoid the > need to validate it since it would always be standard. > > Validating against the DTD is probably also a good step to add, since if > it doesn't at least pass that test, further attempts to validate the > entries themselves are probably fruitless. Yes, any commit which does not validate against DTD will break the vuxml.org and portaudit builds. That's the bare minimum I expect for any vuln.xml commit. > > IOW, adding xmllint to the mix will probably do more good than harm, > although we need to be careful that we understand what it is, and isn't > doing for us. Eh, make validate in the port does exactly that (run xmllint): http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/files/validate.s= h?rev=3D. xsltproc is used for some tidy'ing of the file: http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/files/tidy.sh?re= v=3D. --=20 Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAC8HS2HFrJkzH=f7Z39tn9dOai_VtL0Zg2B0FKSA5aDYKKoL1Q>