cvs commit: ports/security/vuxml vuln.xml

Simon L. B. Nielsen simon at qxnitro.org
Fri Jun 1 11:19:53 UTC 2012 

On Fri, Jun 1, 2012 at 11:12 AM, Doug Barton <dougb at freebsd.org> wrote:
> On 06/01/2012 02:55, Simon L. B. Nielsen wrote:
>> On Fri, Jun 1, 2012 at 2:02 AM, Doug Barton <dougb at freebsd.org> wrote:
>>>> On Thu, 31 May 2012, Doug Barton wrote:
>>>>
>>>>> On 05/31/2012 09:28 AM, Warren Block wrote:
>>>>>> Sorry, I missed the original post and am not quite sure what is being
>>>>>> checked.  At present, igor doesn't know XML at all.  My hope is that
>>>>>> some existing XML validator can be used to check tagging and indentation
>>>>>> of DocBook XML, and igor can just check for documentation-specific
>>>>>> problems.
>>>>>
>>>>> xmllint does a pretty good job of validation. Not sure how much it helps
>>>>> with indentation, but it's a good place to start.
>>>
>>> To amplify that slightly, since "The Fine Manual" leaves something to be
>>> desired ...
>>>
>>> xmllint --noout --dtdvalid http://www.vuxml.org/dtd/vuxml-1/vuxml-11.dtd
>>> vuln.xml
>>>
>>> is what you want to validate that the file matches the DTD (the current
>>> version passes). There is no way to use xmllint to "validate the
>>> whitespace," but you could theoretically use the --format option as part
>>> of 'make validate'. Note, that would require a one-time commit to change
>>> the current format into what --format outputs, since they are pretty
>>> dramatically different.
>>
>> Just a note, DTD check is unfortunately rather far from validating
>> that VuXML entries are valid...
>
> Right ... the question I was responding to was, "How can we confirm that
> the XML is right?" which is a different question altogether. The wacky
> default whitespace conventions that we have for that file could be
> "fixed" (where that really means standardized on a differently wacky
> schema) by the --format option of xmllint. That would take the "human

Hmm, I think we use pretty much the doc project style... but I can't
remember 100% on the top of my head.

> error" element out of the whitespace issue altogether, and avoid the
> need to validate it since it would always be standard.
>
> Validating against the DTD is probably also a good step to add, since if
> it doesn't at least pass that test, further attempts to validate the
> entries themselves are probably fruitless.

Yes, any commit which does not validate against DTD will break the
vuxml.org and portaudit builds. That's the bare minimum I expect for
any vuln.xml commit.

>
> IOW, adding xmllint to the mix will probably do more good than harm,
> although we need to be careful that we understand what it is, and isn't
> doing for us.

Eh, make validate in the port does exactly that (run xmllint):

http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/files/validate.sh?rev=.

xsltproc is used for some tidy'ing of the file:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/vuxml/files/tidy.sh?rev=.

-- 
Simon

More information about the freebsd-doc mailing list