1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
//! Processing limits to mitigate malicious SVGs.
/// Maximum number of times that elements can be referenced through URL fragments.
///
/// This is a mitigation for the security-related bugs:
/// <https://gitlab.gnome.org/GNOME/librsvg/issues/323>
/// <https://gitlab.gnome.org/GNOME/librsvg/issues/515>
///
/// Imagine the XML [billion laughs attack], but done in SVG's terms:
///
/// - #323 above creates deeply nested groups of `<use>` elements.
/// The first one references the second one ten times, the second one
/// references the third one ten times, and so on. In the file given,
/// this causes 10^17 objects to be rendered. While this does not
/// exhaust memory, it would take a really long time.
///
/// - #515 has deeply nested references of `<pattern>` elements. Each
/// object inside each pattern has an attribute
/// fill="url(#next_pattern)", so the number of final rendered objects
/// grows exponentially.
///
/// We deal with both cases by placing a limit on how many references
/// will be resolved during the SVG rendering process, that is,
/// how many `url(#foo)` will be resolved.
///
/// [billion laughs attack]: https://bitbucket.org/tiran/defusedxml
pub const MAX_REFERENCED_ELEMENTS: usize = 500_000;
/// Maximum number of elements loadable per document.
///
/// This is a mitigation for SVG files which create millions of elements
/// in an attempt to exhaust memory. We don't allow loading more than
/// this number of elements during the initial streaming load process.
pub const MAX_LOADED_ELEMENTS: usize = 1_000_000;
/// Maximum number of attributes per XML element.
///
/// A malicious file could have `<foo attr1="blah" attr2="blah" attr3="blah"/>`,
/// etc. Librsvg puts this limit on how many attributes an element can have.
pub const MAX_LOADED_ATTRIBUTES: usize = u16::MAX as usize;
/// Maximum level of nesting for XInclude (XML Include) files.
///
/// See <https://gitlab.gnome.org/GNOME/librsvg/-/issues/942>. With
/// the use of XML like `<xi:include parse="xml" href="foo.xml"/>`, an
/// SVG document can recursively include other XML files. This value
/// defines a maximum level of nesting for XInclude, to prevent cases
/// where the base document is included within itself, or when two
/// documents recursively include each other.
pub const MAX_XINCLUDE_DEPTH: usize = 20;