1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
|
<!--
__ __ _
___\ \/ /_ __ __ _| |_
/ _ \\ /| '_ \ / _` | __|
| __// \| |_) | (_| | |_
\___/_/\_\ .__/ \__,_|\__|
|_| XML parser
Copyright (c) 2001 Scott Bronson <bronson@rinspin.com>
Copyright (c) 2002-2003 Fred L. Drake, Jr. <fdrake@users.sourceforge.net>
Copyright (c) 2009 Karl Waclawek <karl@waclawek.net>
Copyright (c) 2016-2022 Sebastian Pipping <sebastian@pipping.org>
Copyright (c) 2016 Ardo van Rangelrooij <ardo@debian.org>
Copyright (c) 2017 Rhodri James <rhodri@wildebeest.org.uk>
Copyright (c) 2020 Joe Orton <jorton@redhat.com>
Copyright (c) 2021 Tim Bray <tbray@textuality.com>
Unlike most of Expat,
this file is copyrighted under the GNU Free Documentation License 1.1.
-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY dhfirstname "<firstname>Scott</firstname>">
<!ENTITY dhsurname "<surname>Bronson</surname>">
<!-- Please adjust the date whenever revising the manpage. -->
<!ENTITY dhdate "<date>December 19, 2021</date>">
<!ENTITY dhsection "<manvolnum>1</manvolnum>">
<!ENTITY dhemail "<email>bronson@rinspin.com</email>">
<!ENTITY dhusername "Scott Bronson">
<!ENTITY dhucpackage "<refentrytitle>XMLWF</refentrytitle>">
<!ENTITY dhpackage "xmlwf">
<!ENTITY debian "<productname>Debian GNU/Linux</productname>">
<!ENTITY gnu "<acronym>GNU</acronym>">
]>
<refentry>
<refentryinfo>
<address>
&dhemail;
</address>
<author>
&dhfirstname;
&dhsurname;
</author>
<copyright>
<year>2001</year>
<holder>&dhusername;</holder>
</copyright>
&dhdate;
</refentryinfo>
<refmeta>
&dhucpackage;
&dhsection;
</refmeta>
<refnamediv>
<refname>&dhpackage;</refname>
<refpurpose>Determines if an XML document is well-formed</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>&dhpackage;</command>
<arg><replaceable>OPTIONS</replaceable></arg>
<arg><replaceable>FILE</replaceable> ...</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>&dhpackage;</command>
<arg choice="plain"><option>-h</option></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>&dhpackage;</command>
<arg choice="plain"><option>-v</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
<command>&dhpackage;</command> uses the Expat library to
determine if an XML document is well-formed. It is
non-validating.
</para>
<para>
If you do not specify any files on the command-line, and you
have a recent version of <command>&dhpackage;</command>, the
input file will be read from standard input.
</para>
</refsect1>
<refsect1>
<title>WELL-FORMED DOCUMENTS</title>
<para>
A well-formed document must adhere to the
following rules:
</para>
<itemizedlist>
<listitem><para>
The file begins with an XML declaration. For instance,
<literal><?xml version="1.0" standalone="yes"?></literal>.
<emphasis>NOTE</emphasis>:
<command>&dhpackage;</command> does not currently
check for a valid XML declaration.
</para></listitem>
<listitem><para>
Every start tag is either empty (<tag/>)
or has a corresponding end tag.
</para></listitem>
<listitem><para>
There is exactly one root element. This element must contain
all other elements in the document. Only comments, white
space, and processing instructions may come after the close
of the root element.
</para></listitem>
<listitem><para>
All elements nest properly.
</para></listitem>
<listitem><para>
All attribute values are enclosed in quotes (either single
or double).
</para></listitem>
</itemizedlist>
<para>
If the document has a DTD, and it strictly complies with that
DTD, then the document is also considered <emphasis>valid</emphasis>.
<command>&dhpackage;</command> is a non-validating parser --
it does not check the DTD. However, it does support
external entities (see the <option>-x</option> option).
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>
When an option includes an argument, you may specify the argument either
separately ("<option>-d</option> <replaceable>output</replaceable>") or concatenated with the
option ("<option>-d</option><replaceable>output</replaceable>"). <command>&dhpackage;</command>
supports both.
</para>
<variablelist>
<varlistentry>
<term><option>-a</option> <replaceable>factor</replaceable></term>
<listitem>
<para>
Sets the maximum tolerated amplification factor
for protection against billion laughs attacks (default: 100.0).
The amplification factor is calculated as ..
</para>
<literallayout>
amplification := (direct + indirect) / direct
</literallayout>
<para>
.. while parsing, whereas
<direct> is the number of bytes read
from the primary document in parsing and
<indirect> is the number of bytes
added by expanding entities and reading of external DTD files,
combined.
</para>
<para>
<emphasis>NOTE</emphasis>:
If you ever need to increase this value for non-attack payload,
please file a bug report.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-b</option> <replaceable>bytes</replaceable></term>
<listitem>
<para>
Sets the number of output bytes (including amplification)
needed to activate protection against billion laughs attacks
(default: 8 MiB).
This can be thought of as an "activation threshold".
</para>
<para>
<emphasis>NOTE</emphasis>:
If you ever need to increase this value for non-attack payload,
please file a bug report.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-c</option></term>
<listitem>
<para>
If the input file is well-formed and <command>&dhpackage;</command>
doesn't encounter any errors, the input file is simply copied to
the output directory unchanged.
This implies no namespaces (turns off <option>-n</option>) and
requires <option>-d</option> to specify an output directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-d</option> <replaceable>output-dir</replaceable></term>
<listitem>
<para>
Specifies a directory to contain transformed
representations of the input files.
By default, <option>-d</option> outputs a canonical representation
(described below).
You can select different output formats using <option>-c</option>,
<option>-m</option> and <option>-N</option>.
</para>
<para>
The output filenames will
be exactly the same as the input filenames or "STDIN" if the input is
coming from standard input. Therefore, you must be careful that the
output file does not go into the same directory as the input
file. Otherwise, <command>&dhpackage;</command> will delete the
input file before it generates the output file (just like running
<literal>cat < file > file</literal> in most shells).
</para>
<para>
Two structurally equivalent XML documents have a byte-for-byte
identical canonical XML representation.
Note that ignorable white space is considered significant and
is treated equivalently to data.
More on canonical XML can be found at
http://www.jclark.com/xml/canonxml.html .
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-e</option> <replaceable>encoding</replaceable></term>
<listitem>
<para>
Specifies the character encoding for the document, overriding
any document encoding declaration. <command>&dhpackage;</command>
supports four built-in encodings:
<literal>US-ASCII</literal>,
<literal>UTF-8</literal>,
<literal>UTF-16</literal>, and
<literal>ISO-8859-1</literal>.
Also see the <option>-w</option> option.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-k</option></term>
<listitem>
<para>
When processing multiple files, <command>&dhpackage;</command>
by default halts after the the first file with an error.
This tells <command>&dhpackage;</command> to report the error
but to keep processing.
This can be useful, for example, when testing a filter that converts
many files to XML and you want to quickly find out which conversions
failed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-m</option></term>
<listitem>
<para>
Outputs some strange sort of XML file that completely
describes the input file, including character positions.
Requires <option>-d</option> to specify an output file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-n</option></term>
<listitem>
<para>
Turns on namespace processing. (describe namespaces)
<option>-c</option> disables namespaces.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-N</option></term>
<listitem>
<para>
Adds a doctype and notation declarations to canonical XML output.
This matches the example output used by the formal XML test cases.
Requires <option>-d</option> to specify an output file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p</option></term>
<listitem>
<para>
Tells <command>&dhpackage;</command> to process external DTDs and parameter
entities.
</para>
<para>
Normally <command>&dhpackage;</command> never parses parameter
entities. <option>-p</option> tells it to always parse them.
<option>-p</option> implies <option>-x</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-r</option></term>
<listitem>
<para>
Normally <command>&dhpackage;</command> memory-maps the XML file
before parsing; this can result in faster parsing on many
platforms.
<option>-r</option> turns off memory-mapping and uses normal file
IO calls instead.
Of course, memory-mapping is automatically turned off
when reading from standard input.
</para>
<para>
Use of memory-mapping can cause some platforms to report
substantially higher memory usage for
<command>&dhpackage;</command>, but this appears to be a matter of
the operating system reporting memory in a strange way; there is
not a leak in <command>&dhpackage;</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-s</option></term>
<listitem>
<para>
Prints an error if the document is not standalone.
A document is standalone if it has no external subset and no
references to parameter entities.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-t</option></term>
<listitem>
<para>
Turns on timings. This tells Expat to parse the entire file,
but not perform any processing.
This gives a fairly accurate idea of the raw speed of Expat itself
without client overhead.
<option>-t</option> turns off most of the output options
(<option>-d</option>, <option>-m</option>, <option>-c</option>, ...).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-v</option></term>
<listitem>
<para>
Prints the version of the Expat library being used, including some
information on the compile-time configuration of the library, and
then exits.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-w</option></term>
<listitem>
<para>
Enables support for Windows code pages.
Normally, <command>&dhpackage;</command> will throw an error if it
runs across an encoding that it is not equipped to handle itself. With
<option>-w</option>, <command>&dhpackage;</command> will try to use a Windows code
page. See also <option>-e</option>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-x</option></term>
<listitem>
<para>
Turns on parsing external entities.
</para>
<para>
Non-validating parsers are not required to resolve external
entities, or even expand entities at all.
Expat always expands internal entities (?),
but external entity parsing must be enabled explicitly.
</para>
<para>
External entities are simply entities that obtain their
data from outside the XML file currently being parsed.
</para>
<para>
This is an example of an internal entity:
<literallayout>
<!ENTITY vers '1.0.2'>
</literallayout>
</para>
<para>
And here are some examples of external entities:
<literallayout>
<!ENTITY header SYSTEM "header-&vers;.xml"> (parsed)
<!ENTITY logo SYSTEM "logo.png" PNG> (unparsed)
</literallayout>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>--</option></term>
<listitem>
<para>
(Two hyphens.)
Terminates the list of options. This is only needed if a filename
starts with a hyphen. For example:
</para>
<literallayout>
&dhpackage; -- -myfile.xml
</literallayout>
<para>
will run <command>&dhpackage;</command> on the file
<filename>-myfile.xml</filename>.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Older versions of <command>&dhpackage;</command> do not support
reading from standard input.
</para>
</refsect1>
<refsect1>
<title>OUTPUT</title>
<para>
<command>&dhpackage;</command> outputs nothing for files which are problem-free.
If any input file is not well-formed, or if the output for any
input file cannot be opened, <command>&dhpackage;</command> prints a single
line describing the problem to standard output.
</para>
<para>
If the <option>-k</option> option is not provided, <command>&dhpackage;</command>
halts upon encountering a well-formedness or output-file error.
If <option>-k</option> is provided, <command>&dhpackage;</command> continues
processing the remaining input files, describing problems found with any of them.
</para>
</refsect1>
<refsect1>
<title>EXIT STATUS</title>
<para>For option <option>-v</option> or <option>-h</option>, <command>&dhpackage;</command> always exits with status code 0. For other cases, the following exit status codes are returned:
<variablelist>
<varlistentry>
<term><option>0</option></term>
<listitem><para>The input files are well-formed and the output (if requested) was written successfully.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>1</option></term>
<listitem><para>An internal error occurred.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>2</option></term>
<listitem><para>One or more input files were not well-formed or could not be parsed.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>3</option></term>
<listitem><para>If using the <option>-d</option> option, an error occurred opening an output file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>4</option></term>
<listitem><para>There was a command-line argument error in how <command>&dhpackage;</command> was invoked.</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>
The errors should go to standard error, not standard output.
</para>
<para>
There should be a way to get <option>-d</option> to send its
output to standard output rather than forcing the user to send
it to a file.
</para>
<para>
I have no idea why anyone would want to use the
<option>-d</option>, <option>-c</option>, and
<option>-m</option> options. If someone could explain it to
me, I'd like to add this information to this manpage.
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<literallayout>
The Expat home page: https://libexpat.github.io/
The W3 XML 1.0 specification (fourth edition): https://www.w3.org/TR/2006/REC-xml-20060816/
Billion laughs attack: https://en.wikipedia.org/wiki/Billion_laughs_attack
</literallayout>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
This manual page was originally written by &dhusername; &dhemail;
in December 2001 for
the &debian; system (but may be used by others). Permission is
granted to copy, distribute and/or modify this document under
the terms of the <acronym>GNU</acronym> Free Documentation
License, Version 1.1.
</para>
</refsect1>
</refentry>
|