• Replies 2 replies
  • Subscribers 137 subscribers
  • Views 341 views
  • Users 0 members are here
Options
Related

Publish error after upgrading to 15.1

Akheil Jain

After upgrading to 15.1 and recompiling the post publish dll, we get the following error upon publish

Failed with exception System.IO.FileNotFoundException: The URI 'file:///.xxxxfilepath' is not trusted

I checked and the file exists, is there additional config to trust the Publish folder?
emoji
Rate translation
×
Suggest better translation
×
Parents

  • Hi Akheil,

    To continuously earn our badges on SAST, DAST and SCA like you can see on https://www.veracode.com/verified/directory/rws-group we need to act on scan results of Static Code Analysis (SCA) and the likes.

    This requries us to rewrite our code to make it more secure, however in turn it could also require a tweak in custom code.

    I'm going to asume that

    1. Your .xxxxfilepath was probalby an xml/dita file and not a system, DLL or catalog file.
    2. The throwing code is something like "Trisoft.Utilities.Common.XmlOASISCatalog.ValidateUri" as the full stack trace is missing in this thread

    Use following code to load a file:

    using (FileStream stream = File.OpenRead(_ditaMapPath))
using (XmlReader reader = XmlReader.Create(stream, settings))
{
    ...
}

    When using XmlReader.Create(String inputUri, ...), inputUri is passed to the XmlResolver to convert the path.
    Because the XmlResolverUsingCatalog is used as XmlResolver, only paths defined in the catalog are allowed.

    It's safer to use XmlReader.Create(Stream input, ...).
    When File.OpenRead(topic) is used, only local files can be loaded (URLs are not possible),
    and when XmlReader(Stream input, ...) is used, the file path is not passed to the XmlResolver, which prevents it from checking if the file path exists in the catalog.

    If my assumptions are off, please share some sample code and full stack traces. 

    Best wishes,
    Dave
    emoji
Reply

  • Hi Akheil,

    To continuously earn our badges on SAST, DAST and SCA like you can see on https://www.veracode.com/verified/directory/rws-group we need to act on scan results of Static Code Analysis (SCA) and the likes.

    This requries us to rewrite our code to make it more secure, however in turn it could also require a tweak in custom code.

    I'm going to asume that

    1. Your .xxxxfilepath was probalby an xml/dita file and not a system, DLL or catalog file.
    2. The throwing code is something like "Trisoft.Utilities.Common.XmlOASISCatalog.ValidateUri" as the full stack trace is missing in this thread

    Use following code to load a file:

    using (FileStream stream = File.OpenRead(_ditaMapPath))
using (XmlReader reader = XmlReader.Create(stream, settings))
{
    ...
}

    When using XmlReader.Create(String inputUri, ...), inputUri is passed to the XmlResolver to convert the path.
    Because the XmlResolverUsingCatalog is used as XmlResolver, only paths defined in the catalog are allowed.

    It's safer to use XmlReader.Create(Stream input, ...).
    When File.OpenRead(topic) is used, only local files can be loaded (URLs are not possible),
    and when XmlReader(Stream input, ...) is used, the file path is not passed to the XmlResolver, which prevents it from checking if the file path exists in the catalog.

    If my assumptions are off, please share some sample code and full stack traces. 

    Best wishes,
    Dave
    emoji
Children
No Data