[x3d-public] Log4j and what it means for encodings

[John Carlson]

All,

I’m afraid to introduce this subject, but since I am apparently the QA for the X3D JSON examples, I do feel fairly confident there no examples in the X3D Resources Examples that will break one’s standard JSON parser.  I guess the defensive tests may be in SavageDefense.   Should we do some examples that can break typical parsers and validators, so browser developers can get more comfortable with their systems?  Could this be added to the ConformanceNist examples?

I know that some HAnim examples cause my X3DJSONLD system to “go out to lunch” for a while, or fail to sync up beginning and ending tags.

I suggest we go through my online examples previously posted try to patch what we can.  Here’s my current list of examples, from a previous message starting with “Status”.  https://coderextreme.net/X3DJSONLD/src/main/html/codex.html. The message made assignments as I saw fit, but I encourage you to go through your assigned list,  I believe I am pointed at development or recent releases of X_ITE and X3DOM.

Apple Mail is making my life miserable.   Going back to gmail.   Why did I ever leave?

John

Sent from my iPad

> On Dec 11, 2021, at 3:37 PM, John Carlson <yottzumm at gmail.com> wrote:
> Apparently there is a denial of service attack happening on log4j/struts/soap.   Imagine your X3D xml/json/VRML having millions of nested Groups and transforms.   How can we defend ourselves, and what limits can we set in place?  I do know tail recursion can help, but I’m not sure what happens when there are too many stack frames to open.
> 
> I know the standard talks about limits on these things, but is there a limit of depth of nested nodes in the standard?  I will do some googling.
> 
> Sent from my iPad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20211211/561ad924/attachment.html>