[x3d-public] xmldsig# false-positive warning by Python xmlschema XML() method
Brutzman, Donald (Don) (CIV)
brutzman at nps.edu
Sun Jul 16 13:50:44 PDT 2023
Sorry for misdirect. unless you were trying to do something spectial, it was
probably just invoking the method for validation-reporting purposes. In
that case, there is no output.
all the best, Don
--
Don Brutzman Naval Postgraduate School, Code USW/Br brutzman at nps.edu
Watkins 270, MOVES Institute, Monterey CA 93943-5000 USA +1.831.656.2149
X3D graphics, virtual worlds, navy robotics https://faculty.nps.edu/brutzman
From: John Carlson <yottzumm at gmail.com>
Sent: Sunday, July 16, 2023 10:47 AM
To: Brutzman, Donald (Don) (CIV) <brutzman at nps.edu>
Cc: X3D Graphics public mailing list <x3d-public at web3d.org>
Subject: Re: xmldsig# false-positive warning by Python xmlschema XML()
method
NPS WARNING: *external sender* verify before acting.
I didn't see any XML? I'll have to look again. I didn't realize the code
did that. I ran it the input XML through X3dToPython.xslt it looks like.
On Sun, Jul 16, 2023 at 12:04 PM Brutzman, Donald (Don) (CIV)
<brutzman at nps.edu <mailto:brutzman at nps.edu> > wrote:
Thanks for issue report. Am first wondering, despite error message, was
your XML produced satisfactorily?
Next, troubleshooting.
"*** Python-to-XML well-formed XML document test failed." means that the
Python XML library failed to validate the XML output.
The error message shows exactly what it dislikes: having a hash tag # in the
xmldsig namespace, which in XML parlance refers to a namespace.
XMLSchemaParseError cannot import namespace
'http://www.w3.org/2000/09/xmldsig#
<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org
%2F2000%2F09%2Fxmldsig%23&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46
da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C638251264362
254252%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
k1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xkvKYtfTHHCUB2td3Y4ubXl0S8Sln81K
HeW95aGrqNk%3D&reserved=0> ': Entities are forbidden (entity_name='dsig')
The construct itself is OK, and used in XML documents with a digital
signature, as specified by
* XML Signature Syntax and Processing Version 2.0
* W3C Working Group Note 23 July 2015
* http://www.w3.org/TR/xmldsig-core2
<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org
%2FTR%2Fxmldsig-core2&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da72
7608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C6382512643628796
84%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QTcLF%2FXnR6zYOlh%2F4s0GNHyFJ9hbGcrw
8OXFwws2Ttc%3D&reserved=0>
* XML Signature Best Practices, W3C Working Group Note 11 April 2013
* https://www.w3.org/TR/xmldsig-bestpractices
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or
g%2FTR%2Fxmldsig-bestpractices&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e6
8ba46da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C6382512
64362879684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJB
TiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=NuOWsNrQ7pJfxd4kSU2EnbchFu%
2BjMuoifcU9tbB8s%2Bs%3D&reserved=0>
The second reference on best practices suggests a workaround of sorts
(manually coerce until it avoids an error).
* 3.4 For Applications: Signing XML without namespace information
("legacy XML")
* Best Practice 21: Applications: When creating an enveloping
signature over XML without namespace information, take steps to avoid having
that content inherit the XML Signature namespace.
* Avoid enveloped content from inheriting the XML Signature namespace
by either inserting an empty default namespace declaration or by defining a
namespace prefix for the Signature Namespace usage.
*
https://www.w3.org/TR/2013/NOTE-xmldsig-bestpractices-20130411/#signing-xml-
without-namespaces
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.w3.or
g%2FTR%2F2013%2FNOTE-xmldsig-bestpractices-20130411%2F%23signing-xml-without
-namespaces&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da727608db8624
b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C638251264362879684%7CUnkno
wn%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI
6Mn0%3D%7C3000%7C%7C%7C&sdata=0dcMkp%2FeIYOc3N886tbH%2FMu1kL5GK8eCACCNzSsBAU
Q%3D&reserved=0>
The current code producing this warning in our x3d.py library is on line
15186. The preceding lines of code use python's xmlschema package and then
xml.etree XML()
Root-cause analysis: this appears to be a failure in the xmlschema Python
library. We will need to track down how to report an issue there. here
goes..
* https://pypi.org/project/xmlschema
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpypi.org%
2Fproject%2Fxmlschema&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da72
7608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C6382512643628796
84%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha
WwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=b%2BgZdSXc9BziqX1056rMtHanAwEcxFAr%2
FTFLqdRwTJ4%3D&reserved=0>
* https://xmlschema.readthedocs.io/en/latest
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxmlschema
.readthedocs.io%2Fen%2Flatest&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68
ba46da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C63825126
4362879684%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT
iI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3tXXrxBwYbdwuhcgevFjPSdE0Qfi
Hlp253X94OAbf1A%3D&reserved=0>
*
https://xmlschema.readthedocs.io/en/latest/api.html#xmlschema.XMLSchemaNames
paceError
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxmlschema
.readthedocs.io%2Fen%2Flatest%2Fapi.html%23xmlschema.XMLSchemaNamespaceError
&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da727608db8624b065%7C6d93
6231a51740ea9199f7578963378e%7C0%7C0%7C638251264363035792%7CUnknown%7CTWFpbG
Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3
000%7C%7C%7C&sdata=PUI%2B4Qyq0rVlvRWDxV4OYiQyFM3%2BBg5f%2BWlDNGmF6bw%3D&rese
rved=0>
* exception XMLSchemaNamespaceError
* Raised when a wrong runtime condition is found with a namespace.
* xmlschema project page
* https://github.com/sissaschool/xmlschema
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsissaschool%2Fxmlschema&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba
46da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C6382512643
63035792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI
6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=t44F%2BgZHiQSPPJav6P7QCm47UNmh
KdEW2HrK6frjlk0%3D&reserved=0>
Bug report submitted:
* xmlschema issues
* validation problem, xmldsig# namespace for XML digital signature
#357
* https://github.com/sissaschool/xmlschema/issues/357
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsissaschool%2Fxmlschema%2Fissues%2F357&data=05%7C01%7Cbrutzman%40nps.edu
%7Ca3c5166e68ba46da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7
C0%7C638251264363035792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=blAcpMHQapyXX0H
K6VUD6HyoC0kD%2B61xe5Xey6b1mso%3D&reserved=0>
I've added a TODO item in the x3d.py code generator to help us track this
down at some future point. Code block follows for full clarity and future
reference.
try:
selfX3dXmlText = ''
import xmlschema
x3dSchemaUrl = 'https://www.web3d.org/specifications/x3d-' +
validationVersion + '.xsd'
x3dschema = xmlschema.XMLSchema(x3dSchemaUrl)
try:
from xml.etree import ElementTree
selfX3dXmlText = self.XML()
selfX3dXmlTree = ElementTree.fromstring(selfX3dXmlText)
print("Python-to-XML well-formed XML document test of XML
output complete")
x3dschema.is_valid(selfX3dXmlTree)
print("Python-to-XML X3D", str(self.version), "schema
validation test of XML output complete")
except SyntaxError as err: # Exception
#
https://stackoverflow.com/questions/18176602/how-to-get-the-name-of-an-excep
tion-that-was-caught-in-python
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstackover
flow.com%2Fquestions%2F18176602%2Fhow-to-get-the-name-of-an-exception-that-w
as-caught-in-python&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da7276
08db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C638251264363035792
%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWw
iLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=JQ57vqtji%2FrMmV2Dszr4yDS0iqcp7iE5Z9aQ
NLDHc7M%3D&reserved=0>
print("*** Python-to-XML X3D", str(self.version), "schema
validation test of XML output failed.")
print(" x3dSchemaUrl=", x3dSchemaUrl)
if hasattr(err,'position') and err.position[0]:
print(" ", type(err).__name__, "(line=" +
str(err.lineno) + ')', err)
if selfX3dXmlText: # might have failed to generate
print(prependLineNumbers(selfX3dXmlText,err.lineno))
except Exception as err: # usually ParseError
#
https://docs.python.org/3/library/xml.etree.elementtree.html#exceptions
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.pyth
on.org%2F3%2Flibrary%2Fxml.etree.elementtree.html%23exceptions&data=05%7C01%
7Cbrutzman%40nps.edu%7Ca3c5166e68ba46da727608db8624b065%7C6d936231a51740ea91
99f7578963378e%7C0%7C0%7C638251264363035792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoi
MC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s
data=b1GtW3dmL%2FWb3Has6EZgQC2hmiwkT5mJpO%2FTBzI0GYo%3D&reserved=0>
print("*** Python-to-XML well-formed XML document test failed.")
print(" x3dSchemaUrl=" + x3dSchemaUrl)
print(" " + type(err).__name__, err)
if hasattr(err,'position') and err.position[0]:
lineNumber = err.position[0]
print('type(err.position)=' + str(type(err.position)),
'lineNumber=' + str(lineNumber))
else:
lineNumber = 1
if selfX3dXmlText: # might have failed to generate
print(prependLineNumbers(selfX3dXmlText,lineNumber))
# TODO handle xmldsig# namespace error by xmlschema library -
otherwise trap/identify this error
# Submitted bug report: validation problem, xmldsig# namespace
for XML digital signature #357
# https://github.com/sissaschool/xmlschema/issues/357
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Fsissaschool%2Fxmlschema%2Fissues%2F357&data=05%7C01%7Cbrutzman%40nps.edu
%7Ca3c5166e68ba46da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7
C0%7C638251264363035792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi
V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=blAcpMHQapyXX0H
K6VUD6HyoC0kD%2B61xe5Xey6b1mso%3D&reserved=0>
Again thanks for helpful issue report. Have fun with X3D Python!
all the best, Don
--
Don Brutzman Naval Postgraduate School, Code USW/Br brutzman at nps.edu
<mailto:brutzman at nps.edu>
Watkins 270, MOVES Institute, Monterey CA 93943-5000 USA +1.831.656.2149
X3D graphics, virtual worlds, navy robotics https://faculty.nps.edu/brutzman
From: John Carlson <yottzumm at gmail.com <mailto:yottzumm at gmail.com> >
Sent: Sunday, July 16, 2023 2:18 AM
To: Brutzman, Donald (Don) (CIV) <brutzman at nps.edu <mailto:brutzman at nps.edu>
>; X3D Graphics public mailing list <x3d-public at web3d.org
<mailto:x3d-public at web3d.org> >
Subject: Not sure what to do with this failure?
Text-python attached, see below weird issue. Should I upgrade? What is
happening with x3d.py and X3D 4.0? The link is good, but it looks like the
schema doesn't validate?
Back to JSON.
py JinLOA4Canonical101.py.txt
x3d.py package 4.0.64.4 loaded, have fun with X3D Graphics!
Self-test diagnostics:
*** Python-to-XML well-formed XML document test failed.
x3dSchemaUrl=https://www.web3d.org/specifications/x3d-4.0.xsd
XMLSchemaParseError cannot import namespace
'http://www.w3.org/2000/09/xmldsig#
<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org
%2F2000%2F09%2Fxmldsig%23&data=05%7C01%7Cbrutzman%40nps.edu%7Ca3c5166e68ba46
da727608db8624b065%7C6d936231a51740ea9199f7578963378e%7C0%7C0%7C638251264363
035792%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I
k1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=9e2EsKm8aIIwj2MQWVhf5EpGkIpT3BMg
wK0mNJ9SeVI%3D&reserved=0> ': Entities are forbidden (entity_name='dsig')
Python-to-VRML export of VRML output successful
Python-to-JSON export of JSON output successful (under development)
python load and self-test diagnostics complete.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20230716/0f559cec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5464 bytes
Desc: not available
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20230716/0f559cec/attachment-0001.p7s>
More information about the x3d-public
mailing list