I'm trying to create an XmlSchemaSet against the SAML 2.0 set of schema definitions, starting with the protocol schema here: https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd
var set = new XmlSchemaSet();
XmlSchema schema;
using (var reader = XmlReader.Create(
"https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"))
{
schema = XmlSchema.Read(reader, (sender, e) => Console.WriteLine(e.Message));
}
set.Add(schema);
set.Compile();
When Compile is called, the following exception is thrown:
System.Xml.Schema.XmlSchemaException
Type 'urn:oasis:names:tc:SAML:2.0:assertion:EncryptedElementType' is not declared.
at System.Xml.Schema.XmlSchemaSet.InternalValidationCallback(Object sender, ValidationEventArgs e)
at System.Xml.Schema.BaseProcessor.SendValidationEvent(XmlSchemaException e, XmlSeverityType severity)
at System.Xml.Schema.BaseProcessor.SendValidationEvent(XmlSchemaException e)
at System.Xml.Schema.Compiler.CompileElement(XmlSchemaElement xe)
at System.Xml.Schema.Compiler.Compile()
at System.Xml.Schema.Compiler.Execute(XmlSchemaSet schemaSet, SchemaInfo schemaCompiledInfo)
at System.Xml.Schema.XmlSchemaSet.Compile()
at XSD.Program.Main(String[] args)
The type specified urn:oasis:names:tc:SAML:2.0:assertion:EncryptedElementType appears in the namespace imported at the top of the schema:
<import
namespace="urn:oasis:names:tc:SAML:2.0:assertion"
schemaLocation="saml-schema-assertion-2.0.xsd"/>
Using Fiddler, I can't see the application making any attempts at retrieving the imported schema.
Why don't these import statements appear to be working with the XmlSchemaSet?
The default behaviour of the XmlSchemaSet is to not try to resolve any external schemas. To this this, the XmlResolver property must be set. The go-to resolver implementation is XmlUrlResolver:
set.XmlResolver = new XmlUrlResolver();
The important thing is to set this property before adding any schemas to the set. The call to Add performs "pre-processing" on the schema, which includes resolving any import statements. Assigning the XmlResolver after calling Add appears to have no effect.
The application code needs to be:
var set = new XmlSchemaSet
{
// Enable resolving of external schemas.
XmlResolver = new XmlUrlResolver()
};
XmlSchema schema;
using (var reader = XmlReader.Create(
"https://docs.oasis-open.org/security/saml/v2.0/saml-schema-protocol-2.0.xsd"))
{
schema = XmlSchema.Read(reader, (sender, e) => Console.WriteLine(e.Message));
}
set.Add(schema);
set.Compile();
NOTE The above code still does not actually produce the desired result due to problems loading the schemas from w3.org, however the imported SAML schema is resolved successfully.
Related
I am trying to validate XML using an online XSD. Here is my current code for my controller:
using System;
using System.IO;
using System.Net;
using System.Xml;
using System.Xml.Linq;
using System.Xml.Schema;
using Microsoft.AspNetCore.Mvc;
namespace EINV.API.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class XmlController : Controller
{
[HttpPost]
public IActionResult ValidateXml2(IFormFile xmlFile, string xsdUrl)
{
XmlReaderSettings settings = new XmlReaderSettings();
settings.XmlResolver = new XmlXsdResolver(); // Need this for resolving include and import
settings.ValidationType = ValidationType.Schema; // This might not be needed, I am using same settings to validate the input xml
//settings.DtdProcessing = DtdProcessing.Parse; // I have an include that is dtd. maybe I should prohibit dtd after I compile the xsd files.
settings.Schemas.Add(null, xsdUrl); // https://docs.oasis-open.org/ubl/os-UBL-2.1/xsd/maindoc/UBL-Invoice-2.1.xsd
settings.Schemas.Compile();
settings.ValidationType = ValidationType.Schema;
XmlReader reader = XmlReader.Create(xmlFile.OpenReadStream(), settings, "https://docs.oasis-open.org/ubl/os-UBL-2.1/xsd/maindoc/");
XmlDocument document = new XmlDocument();
document.Load(reader);
ValidationEventHandler eventHandler = new ValidationEventHandler(ValidationEventHandler);
// the following call to Validate succeeds.
document.Validate(eventHandler);
// Load the XML file into an XmlDocument
return Ok();
}
protected class XmlXsdResolver : XmlUrlResolver
{
public override object GetEntity(Uri absoluteUri, string role, Type ofObjectToReturn)
{
return base.GetEntity(absoluteUri, role, ofObjectToReturn);
}
}
private void ValidationEventHandler(object? sender, ValidationEventArgs? e)
{
if (e?.Severity == XmlSeverityType.Error)
{
throw new Exception("XML validation error: " + e.Message);
}
}
}
}
I have referenced several other posts in trying to resolve this, such as the following:
How can I resolve the schemaLocation attribute of an .XSD when all of my .XSD's are stored as resources?
Compiling two embedded XSDs: error "Cannot resolve 'schemaLocation' attribute
Validating xml against an xsd that has include and import in c#
But always end up with the same error:
System.Xml.Schema.XmlSchemaValidationException: 'The 'urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2:UBLExtensions' element is not declared.'
The XML that I am using, which I downloaded into a file and upload through my SWAGGER when calling the controller, is located here: https://docs.oasis-open.org/ubl/os-UBL-2.1/xml/UBL-Invoice-2.1-Example.xml
The XSD that I am using is located here: https://docs.oasis-open.org/ubl/os-UBL-2.1/xsd/maindoc/UBL-Invoice-2.1.xsd
I think you need to set settings.Schemas.XmlResolver = new XmlUrlResolver(); as well, as the flag settings.ValidationFlags |= XmlSchemaValidationFlags.ProcessSchemaLocation; before.
That might get you only further as I think some schemas (e.g. for signatures) are imported and not found. So in the end you will need to make sure you have local copies of those schemas and have your resolver use the local copies.
I have a similar problem to C# - Validating xml file against local .xsd security issues.
but my point is not a security concern in the first place. I'm hoping to secure my schema files against a "stupid user" more than an actual attacker.
Is there a possibility to pack my xsd-files into a dll at compile time and use it from there during runtime (instead of just reading a text file from the file system)?
If it would be inside a dll the "stupid user" wouldn't be able to just edit the files by accident and for an attacker we could even go further and protect the dll with strong-naming and digital signatures.
internal class XmlValidator : Validator
{
private static XmlSchemaSet _schemas;
/// <summary>
/// Initializes a new instance of the <see cref="XmlValidator"/> class.
/// </summary>
internal XmlValidator()
{
string path;
path = Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location);
}
else
{
path = #".\";
}
// Add schemas
_schemas = new XmlSchemaSet();
_schemas.Add("http://myschema/schema1", Path.Combine(path, "Schemas", "schema-v1.0.xsd"));
_schemas.Add("http://myschema/schema11", Path.Combine(path, "Schemas", "chema-v1.1.xsd"));
}
So instead of reading them directly from the file system during initialization I would like to read them as some kind of resource.
So something similar to translation files. Created at compile time and unchangeable during runtime
Sure this is possible. I do it the same way to protect them.
First declare them as Embedded Resource
Use it in code
public void LoadXsd()
{
string resourceName = "DefaultNamespace.specs.info.IErrorInfo.xsd";
Assembly assembly = Assembly.GetExecutingAssembly();
XmlSchema xsd = XmlSchema.Read(assembly.GetManifestResourceStream(resourceName), _XsdSchema_ValidationEventHandler);
XmlSchemaSet schemaSet = new XmlSchemaSet();
schemaSet.Add(xsd);
}
private void _XsdSchema_ValidationEventHandler(object sender, ValidationEventArgs e)
{
_Logger.Error($"XSD validation error: {e.Message}");
}
It would be also possible to load them all at once:
public void LoadAllXsdFiles()
{
XmlSchemaSet schemaSet = new XmlSchemaSet();
var assembly = Assembly.GetExecutingAssembly();
var allXsdFiles = assembly.GetManifestResourceNames().Where(r => r.EndsWith(".xsd"));
foreach (string xsdFile in allXsdFiles)
{
XmlSchema xsd = XmlSchema.Read(assembly.GetManifestResourceStream(xsdFile), _XsdSchema_ValidationEventHandler);
schemaSet.Add(xsd);
}
}
I need to validate an XML documents against a set of XSD schemas. There is a top-level schema which imports other schemas, nested schemas may also import some schemas. For example, schema a.xsd imports b.xsd and c.xsd; b.xsd imports d.xsd. In this example a.xsd is a top-level schema.
I use the following code for a such validaton:
static void Main(string[] args)
{
try
{
var settings = new XmlReaderSettings();
settings.ValidationType = ValidationType.Schema;
settings.ConformanceLevel = ConformanceLevel.Document;
settings.Schemas.Add("targetNs", "path/to/a.xsd");
settings.ValidationEventHandler += ValidateHandler;
var reader = XmlReader.Create("path/to/file.xml", settings);
while (reader.Read()) ;
}
catch (Exception ex)
{
throw ex;
}
}
private static void ValidateHandler(object sender, ValidationEventArgs e)
{
Console.WriteLine(e.Message);
}
Although the code above implicity uses nested schemas for a valuidation, there is a problem: if some nested schema is invalid XML document it is just ignored without any exceptions.
Could you please help me with this problem?
If you need to validate the schema(s) before validating the document you can do it as follows:
try
{
using (FileStream fs = File.OpenRead("path/to/a.xsd"))
{
XmlSchema schema = XmlSchema.Read(fs, ValidateHandler);
}
}
catch (Exception e)
{
throw new Exception("Schema file is invalid. " + e.Message);
}
Then add the schema to your settings as follows:
schema.TargetNamespace = "targetNs";
settings.Schemas.Addschema(schema);
I'm trying to validate an XBRL document, but I'm a bit lost. The XBRL is a (simplified) example of the Dutch taxonomy for company tax submits. Here's the XBRL:
string xbrl = #"<xbrli:xbrl xml:lang='nl' xmlns:xbrli='http://www.xbrl.org/2003/instance' xmlns:link='http://www.xbrl.org/2003/linkbase' xmlns:xlink='http://www.w3.org/1999/xlink' xmlns:bd-alg='http://www.nltaxonomie.nl/8.0/basis/bd/items/bd-algemeen' xmlns:xbrldi='http://xbrl.org/2006/xbrldi' xmlns:bd-dim-dom='http://www.nltaxonomie.nl/8.0/basis/bd/domains/bd-domains' xmlns:bd-dim-dim='http://www.nltaxonomie.nl/8.0/domein/bd/axes/bd-axes' xmlns:bd-bedr='http://www.nltaxonomie.nl/8.0/basis/bd/items/bd-bedrijven' xmlns:iso4217='http://www.xbrl.org/2003/iso4217'>
<link:schemaRef xlink:type='simple' xlink:href='http://www.nltaxonomie.nl/8.0/report/bd/entrypoints/bd-rpt-vpb-aangifte-2013.xsd' xlink:arcrole='http://www.w3.org/1999/xlink/properties/linkbase'/>
<xbrli:context id='c1'>
<xbrli:entity>
<xbrli:identifier scheme='www.belastingdienst.nl/identificatie'>800030357</xbrli:identifier>
</xbrli:entity>
<xbrli:period>
<xbrli:startDate>2013-07-01</xbrli:startDate>
<xbrli:endDate>2014-06-01</xbrli:endDate>
</xbrli:period>
<xbrli:scenario>
<xbrldi:explicitMember dimension='bd-dim-dim:PartyDimension'>bd-dim-dom:Declarant</xbrldi:explicitMember>
</xbrli:scenario>
</xbrli:context>
<xbrli:context id='c2'>
<xbrli:entity>
<xbrli:identifier scheme='www.belastingdienst.nl/identificatie'>800030357</xbrli:identifier>
</xbrli:entity>
<xbrli:period>
<xbrli:instant>2014-06-01</xbrli:instant>
</xbrli:period>
<xbrli:scenario>
<xbrldi:explicitMember dimension='bd-dim-dim:TimeDimension'>bd-dim-dom:End</xbrldi:explicitMember>
<xbrldi:explicitMember dimension='bd-dim-dim:PartyDimension'>bd-dim-dom:Declarant</xbrldi:explicitMember>
</xbrli:scenario>
</xbrli:context>
<xbrli:unit id='u1'>
<xbrli:measure>iso4217:EUR</xbrli:measure>
</xbrli:unit>
<bd-alg:SoftwarePackageName contextRef='c1'>SoftwareNaame</bd-alg:SoftwarePackageName>
<bd-alg:SoftwarePackageVersion contextRef='c1'>V1</bd-alg:SoftwarePackageVersion>
<bd-alg:TaxReturnMessageType contextRef='c1'>81</bd-alg:TaxReturnMessageType>
<bd-bedr:AssetsTotalAmountFiscal contextRef='c2' decimals='INF' unitRef='u1'>0</bd-bedr:AssetsTotalAmountFiscal>
<bd-bedr:BalanceProfitCalculationForTaxPurposesFiscal contextRef='c1' decimals='INF' unitRef='u1'>0</bd-bedr:BalanceProfitCalculationForTaxPurposesFiscal>
</xbrli:xbrl>";
I use the following code to load the XSD and validate the document:
var doc = XDocument.Parse(xbrl);
var xmlReader = XmlReader.Create("http://www.nltaxonomie.nl/8.0/report/bd/entrypoints/bd-rpt-vpb-aangifte-2013.xsd");
var schema = XmlSchema.Read(xmlReader,
(sender, e) => { throw e.Exception; });
var set = new XmlSchemaSet();
set.Add(schema);
set.Compile();
doc.Validate(set, (sender, e) =>
{
throw new Exception("document validation failed: " + e.Message);
});
This produces the following error message:
document validation failed: The element 'xbrl' in namespace 'http://www.xbrl.org/2003/instance' has invalid child element 'SoftwarePackageName' in namespace 'http://www.nltaxonomie.nl/8.0/basis/bd/items/bd-algemeen'. List of possible elements expected: 'item, tuple, context, unit' in namespace 'http://www.xbrl.org/2003/instance' as well as 'footnoteLink' in namespace 'http://www.xbrl.org/2003/linkbase'.
Apparantly SchemaSet.Compile fails to find all the related XSD's (direct link to the main XSD here). I've been trying different ways of loading the schema and parsing the document for hours now, but I'm not sure how to solve this problem.
I have also tried to read the document with Gepsio. Gepsio loads the document, but doesn't find any facts in the document, so it looks like the structure of the Dutch taxonomy schema is the problem here.
Your XML instance does not validate with that schema. Perhaps it will validate with another schema which imports it, or perhaps you need to create a new schema which imports all the schemas you need.
The problem is that these elements, placed at top level below root, at the end of your file:
<bd-alg:SoftwarePackageName contextRef='c1'>SoftwareNaame</bd-alg:SoftwarePackageName>
<bd-alg:SoftwarePackageVersion contextRef='c1'>V1</bd-alg:SoftwarePackageVersion>
<bd-alg:TaxReturnMessageType contextRef='c1'>81</bd-alg:TaxReturnMessageType>
<bd-bedr:AssetsTotalAmountFiscal contextRef='c2' decimals='INF' unitRef='u1'>0</bd-bedr:AssetsTotalAmountFiscal>
<bd-bedr:BalanceProfitCalculationForTaxPurposesFiscal contextRef='c1' decimals='INF' unitRef='u1'>0</bd-bedr:BalanceProfitCalculationForTaxPurposesFiscal>
are not allowed, according to the schema.
If you believe they should be allowed, probably you are not using the correct schema.
If your application can use a derived type, a solution would be to create a new schema which imports the schema you need, and defines a new root (in a new namespace) which allows the extra elements. If the types in the original schema are exposed, you can also try to redefine the root type in the same namespace.
I don't want to do anything fancy, I just want to make sure a document is valid, and print an error message if it is not. Google pointed me to this, but it seems XmlValidatingReader is obsolete (at least, that's what MonoDevelop tells me).
Edit: I'm trying Mehrdad's tip, but I'm having trouble. I think I've got most of it, but I can't find OnValidationEvent anywhere. Where go I get OnValidationEvent from?
XmlReaderSettings settings = new XmlReaderSettings();
settings.ValidationType = ValidationType.DTD;
settings.ValidationEventHandler += new ValidationEventHandler(/*trouble is here*/);
XmlReader validatingReader = XmlReader.Create(fileToLoad, settings);
Instead of creating XmlValidatingReader class directly, you should construct an appropriate XmlReaderSettings object and pass it as an argument to the XmlReader.Create method:
var settings = new XmlReaderSettings { ValidationType = ValidationType.DTD };
settings.ValidationEventHandler += new ValidationEventHandler(OnValidationEvent);
var reader = XmlReader.Create("file.xml", settings);
The rest is unchanged.
P.S. OnValidationEvent is the name of the method you declare to handle validation events. Obviously, you can remove the line if you don't want to subscribe to validation events raised by the XmlReader.
var messages = new StringBuilder();
var settings = new XmlReaderSettings { ValidationType = ValidationType.DTD };
settings.ValidationEventHandler += (sender, args) => messages.AppendLine(args.Message);
var reader = XmlReader.Create("file.xml", settings);
if (messages.Length > 0)
{
// Log Validation Errors
// Throw Exception
// Etc.
}
ValidationEventHandler
Lambda Expressions
Type Inference
I've referred to this example on DTD validation.
https://learn.microsoft.com/en-us/dotnet/api/system.xml.xmlreadersettings.dtdprocessing?view=netcore-3.1#input
This example has invalid DTD XML, which I've corrected as below.
<!--XML file using a DTD-->
<!DOCTYPE store [
<!ELEMENT store (item)*>
<!ELEMENT item (name,dept,price)>
<!ATTLIST item type CDATA #REQUIRED ISBN CDATA
#REQUIRED>
<!ELEMENT name (#PCDATA)>
<!ELEMENT dept (#PCDATA)>
<!ELEMENT price (#PCDATA)>]>
<store>
<item type="supplies" ISBN="2-3631-4">
<name>paint</name>
<dept>1</dept>
<price>16.95</price>
</item>
</store>
full description:
In Visual Studio .NET, create a new Visual C# Console Application
project named ValidateXml. Add two using statements to the beginning
of Class1.cs as follows:
using System.Xml; // for XmlTextReader and XmlValidatingReader
using System.Xml.Schema; // for XmlSchemaCollection (which is used later)
In Class1.cs, declare a boolean variable named isValid before the
start of the Main method as follows:
private static bool isValid = true; // If a validation error occurs,
// set this flag to false in the
// validation event handler.
Create an XmlTextReader object to read an XML document from a text
file in the Main method, and then create an XmlValidatingReader to
validate this XML data as follows:
XmlTextReader r = new XmlTextReader("C:\\MyFolder\\ProductWithDTD.xml");
XmlValidatingReader v = new XmlValidatingReader(r);
The ValidationType property of the XmlValidatingReader object
indicates the type of validation that is required (DTD, XDR, or
Schema). Set this property to DTD as follows:
v.ValidationType = ValidationType.DTD;
If any validation errors occur, the validating reader generates a
validation event. Add the following code to register a validation
event handler (you will implement the MyValidationEventHandler
method in Step 7):
v.ValidationEventHandler +=
new ValidationEventHandler(MyValidationEventHandler);
Add the following code to read and validate the XML document. If any
validation errors occur, MyValidationEventHandler is called to
address the error. This method sets isValid to false (see Step 8).
You can check the status of isValid after validation to see if the
document is valid or invalid.
while (v.Read())
{
// Can add code here to process the content.
}
v.Close();
// Check whether the document is valid or invalid.
if (isValid)
Console.WriteLine("Document is valid");
else
Console.WriteLine("Document is invalid");
Write the MyValidationEventHandler method after the Main method as
follows:
public static void MyValidationEventHandler(object sender,
ValidationEventArgs args)
{
isValid = false;
Console.WriteLine("Validation event\n" + args.Message);
}
Build and run the application. The application should report that the XML document is valid.
e.g.:
In Visual Studio .NET, modify ProductWithDTD.xml to invalidate it (for example, delete the <AuthorName>M soliman</AuthorName> element).
Run the application again. You should receive the following error message:
Validation event
Element 'Product' has invalid content. Expected 'ProductName'.
An error occurred at file:///C:/MyFolder/ProductWithDTD.xml(4, 5).
Document is invalid