Many programs require lists of hosts on a network, along with some information about what to do with them. Suppose that you were writing a network monitor like Nagios, and you needed to perform certain checks on hosts on a network. You might ping a host to make sure it's still up and running, you might connect to an HTTP server to check that it is running, you might try to open a POP3 connection with an email server, or you might try a number of other things. What would a list of hosts look like? Let's look at a possible XML format for it, hosts.xml:
<hostlist> <host name="Kestrel"> <ip>188.8.131.52</ip> <description>email server</description> <checks> <check>ping</check> <check>pop3</check> <check>imap</check> <check>smtp</check> </checks> </host> <host name="Pokey"> <ip>184.108.40.206</ip> <description>A desktop computer</description> <checks> <check>ping</check> </checks> </host> </hostlist>
This defines two hosts, Kestrel and Pokey. Kestrel is an email server and should be checked extensively. Pokey is just a desktop computer and should just be pinged regularly to make sure it's running. Both have IP addresses specified.
How would we validate this? Let's start by looking at the format of the hosts file. A hostlist is made up of one or more hosts, each of which has a name attribute which is composed of alphanumeric characters and no spaces or special symbols, an ip child tag with an IP address, an optional description and a list of checks. We can write a basic validator like this:
(use-package :xml-psychiatrist) (use-package :xmls-utilities) (toplevel-match (tag "hostlist" () (tag+ "host" ((attr "name" :matches-regexp "[a-zA-Z]+")) (tag "ip" () (pcdata :matches-regexp "^[0-9][0-9]?[0-9]?\. [0-9][0-9]?[0-9]?\.[0-9][0-9]? [0-9]?\.[0-9][0-9]?[0-9]?$")) (tag? "description" () (pcdata)) (tag "checks" () (tag+ "check" () (pcdata))))) (parse-xml-file "hosts.xml"))
This handles most problems. If the XML file doesn't have any checks defined, it will tell you that. If the XML file misspells a tag, it will tell you. But there are a few small problems with this validator which could be exploited by a properly evil and intelligent person: