From 26871eeaccfb0caefeb8f0542c9a2a014f65bb65 Mon Sep 17 00:00:00 2001
From: Chris Hill-Scott <me@quis.cc>
Date: Mon, 18 Jan 2021 10:01:47 +0000
Subject: [PATCH] Validate CAP against the spec
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This gives us some extra confidence that there aren’t any problems with
the data we’re getting from the other service. It doesn’t address any
specific problems we’ve seen, rather it seems like a sensible precaution
to take.
---
 app/v2/broadcast/post_broadcast.py            |  10 +-
 app/xml_schemas/CAP-v1.2.xsd                  | 218 ++++++++++++++++++
 app/xml_schemas/__init__.py                   |  19 ++
 requirements-app.txt                          |   1 +
 requirements.txt                              |   9 +-
 tests/app/v2/broadcast/test_post_broadcast.py |  22 ++
 6 files changed, 274 insertions(+), 5 deletions(-)
 create mode 100644 app/xml_schemas/CAP-v1.2.xsd
 create mode 100644 app/xml_schemas/__init__.py

diff --git a/app/v2/broadcast/post_broadcast.py b/app/v2/broadcast/post_broadcast.py
index a1b483808..18fe37b64 100644
--- a/app/v2/broadcast/post_broadcast.py
+++ b/app/v2/broadcast/post_broadcast.py
@@ -8,6 +8,8 @@ from app.models import BROADCAST_TYPE, BroadcastMessage, BroadcastStatusType
 from app.schema_validation import validate
 from app.v2.broadcast import v2_broadcast_blueprint
 from app.v2.broadcast.broadcast_schemas import post_broadcast_schema
+from app.v2.errors import BadRequestError
+from app.xml_schemas import validate_xml
 
 
 @v2_broadcast_blueprint.route("", methods=['POST'])
@@ -21,7 +23,13 @@ def create_broadcast():
     if request.content_type == 'application/json':
         broadcast_json = request.get_json()
     elif request.content_type == 'application/cap+xml':
-        broadcast_json = cap_xml_to_dict(request.get_data(as_text=True))
+        cap_xml = request.get_data(as_text=True)
+        if not validate_xml(cap_xml, 'CAP-v1.2.xsd'):
+            raise BadRequestError(
+                message=f'Request data is not valid CAP XML',
+                status_code=400,
+            )
+        broadcast_json = cap_xml_to_dict(cap_xml)
     else:
         raise BadRequestError(
             message=f'Content type {request.content_type} not supported',
diff --git a/app/xml_schemas/CAP-v1.2.xsd b/app/xml_schemas/CAP-v1.2.xsd
new file mode 100644
index 000000000..ed97952be
--- /dev/null
+++ b/app/xml_schemas/CAP-v1.2.xsd
@@ -0,0 +1,218 @@
+<?xml version = "1.0" encoding = "UTF-8"?>
+<!-- Copyright OASIS Open 2010 All Rights Reserved -->
+<schema xmlns = "http://www.w3.org/2001/XMLSchema"
+   targetNamespace = "urn:oasis:names:tc:emergency:cap:1.2"
+   xmlns:cap = "urn:oasis:names:tc:emergency:cap:1.2"
+   xmlns:xs = "http://www.w3.org/2001/XMLSchema"
+   elementFormDefault = "qualified"
+   attributeFormDefault = "unqualified"
+   version = "1.2">
+  <element name = "alert">
+    <annotation>
+      <documentation>CAP Alert Message (version 1.2)</documentation>
+    </annotation>
+    <complexType>
+      <sequence>
+        <element name = "identifier" type = "xs:string"/>
+        <element name = "sender" type = "xs:string"/>
+        <element name = "sent">
+          <simpleType>
+            <restriction base = "xs:dateTime">
+              <pattern value = "\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d[-,+]\d\d:\d\d"/>
+            </restriction>
+          </simpleType>
+        </element>
+        <element name = "status">
+          <simpleType>
+            <restriction base = "xs:string">
+              <enumeration value = "Actual"/>
+              <enumeration value = "Exercise"/>
+              <enumeration value = "System"/>
+              <enumeration value = "Test"/>
+              <enumeration value = "Draft"/>
+            </restriction>
+          </simpleType>
+        </element>
+        <element name = "msgType">
+          <simpleType>
+            <restriction base = "xs:string">
+              <enumeration value = "Alert"/>
+              <enumeration value = "Update"/>
+              <enumeration value = "Cancel"/>
+              <enumeration value = "Ack"/>
+              <enumeration value = "Error"/>
+            </restriction>
+          </simpleType>
+        </element>
+        <element name = "source" type = "xs:string" minOccurs = "0"/>
+        <element name = "scope">
+          <simpleType>
+            <restriction base = "xs:string">
+              <enumeration value = "Public"/>
+              <enumeration value = "Restricted"/>
+              <enumeration value = "Private"/>
+            </restriction>
+          </simpleType>
+        </element>
+        <element name = "restriction" type = "xs:string" minOccurs = "0"/>
+        <element name = "addresses" type = "xs:string" minOccurs = "0"/>
+        <element name = "code" type = "xs:string" minOccurs = "0" maxOccurs = "unbounded"/>
+        <element name = "note" type = "xs:string" minOccurs = "0"/>
+        <element name = "references" type = "xs:string" minOccurs = "0"/>
+        <element name = "incidents" type = "xs:string" minOccurs = "0"/>
+        <element name = "info" minOccurs = "0" maxOccurs = "unbounded">
+          <complexType>
+            <sequence>
+              <element name = "language" type = "xs:language" default = "en-US" minOccurs = "0"/>
+              <element name = "category" maxOccurs = "unbounded">
+                <simpleType>
+                  <restriction base = "xs:string">
+                    <enumeration value = "Geo"/>
+                    <enumeration value = "Met"/>
+                    <enumeration value = "Safety"/>
+                    <enumeration value = "Security"/>
+                    <enumeration value = "Rescue"/>
+                    <enumeration value = "Fire"/>
+                    <enumeration value = "Health"/>
+                    <enumeration value = "Env"/>
+                    <enumeration value = "Transport"/>
+                    <enumeration value = "Infra"/>
+                    <enumeration value = "CBRNE"/>
+                    <enumeration value = "Other"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "event" type = "xs:string"/>
+              <element name = "responseType" minOccurs = "0" maxOccurs = "unbounded">
+                <simpleType>
+                  <restriction base = "xs:string">
+                    <enumeration value = "Shelter"/>
+                    <enumeration value = "Evacuate"/>
+                    <enumeration value = "Prepare"/>
+                    <enumeration value = "Execute"/>
+                    <enumeration value = "Avoid"/>
+                    <enumeration value = "Monitor"/>
+                    <enumeration value = "Assess"/>
+                    <enumeration value = "AllClear"/>
+                    <enumeration value = "None"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "urgency">
+                <simpleType>
+                  <restriction base = "xs:string">
+                    <enumeration value = "Immediate"/>
+                    <enumeration value = "Expected"/>
+                    <enumeration value = "Future"/>
+                    <enumeration value = "Past"/>
+                    <enumeration value = "Unknown"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "severity">
+                <simpleType>
+                  <restriction base = "xs:string">
+                    <enumeration value = "Extreme"/>
+                    <enumeration value = "Severe"/>
+                    <enumeration value = "Moderate"/>
+                    <enumeration value = "Minor"/>
+                    <enumeration value = "Unknown"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "certainty">
+                <simpleType>
+                  <restriction base = "xs:string">
+                    <enumeration value = "Observed"/>
+                    <enumeration value = "Likely"/>
+                    <enumeration value = "Possible"/>
+                    <enumeration value = "Unlikely"/>
+                    <enumeration value = "Unknown"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "audience" type = "xs:string" minOccurs = "0"/>
+              <element name = "eventCode" minOccurs = "0" maxOccurs = "unbounded">
+                <complexType>
+                  <sequence>
+                    <element ref = "cap:valueName"/>
+                    <element ref = "cap:value"/>
+                  </sequence>
+                </complexType>
+              </element>
+              <element name = "effective" minOccurs = "0">
+                <simpleType>
+                  <restriction base = "xs:dateTime">
+                    <pattern value = "\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d[-,+]\d\d:\d\d"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "onset"  minOccurs = "0">
+                <simpleType>
+                  <restriction base = "xs:dateTime">
+                    <pattern value = "\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d[-,+]\d\d:\d\d"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "expires"  minOccurs = "0">
+                <simpleType>
+                  <restriction base = "xs:dateTime">
+                    <pattern value = "\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\d[-,+]\d\d:\d\d"/>
+                  </restriction>
+                </simpleType>
+              </element>
+              <element name = "senderName" type = "xs:string" minOccurs = "0"/>
+              <element name = "headline" type = "xs:string" minOccurs = "0"/>
+              <element name = "description" type = "xs:string" minOccurs = "0"/>
+              <element name = "instruction" type = "xs:string" minOccurs = "0"/>
+              <element name = "web" type = "xs:anyURI" minOccurs = "0"/>
+              <element name = "contact" type = "xs:string" minOccurs = "0"/>
+              <element name = "parameter" minOccurs = "0" maxOccurs = "unbounded">
+                <complexType>
+                  <sequence>
+                    <element ref = "cap:valueName"/>
+                    <element ref = "cap:value"/>
+                  </sequence>
+                </complexType>
+              </element>
+              <element name = "resource" minOccurs = "0" maxOccurs = "unbounded">
+                <complexType>
+                  <sequence>
+                    <element name = "resourceDesc" type = "xs:string"/>
+                    <element name = "mimeType" type = "xs:string"/>
+                    <element name = "size" type = "xs:integer" minOccurs = "0"/>
+                    <element name = "uri" type = "xs:anyURI" minOccurs = "0"/>
+                    <element name = "derefUri" type = "xs:string" minOccurs = "0"/>
+                    <element name = "digest" type = "xs:string" minOccurs = "0"/>
+                  </sequence>
+                </complexType>
+              </element>
+              <element name = "area" minOccurs = "0" maxOccurs = "unbounded">
+                <complexType>
+                  <sequence>
+                    <element name = "areaDesc" type = "xs:string"/>
+                    <element name = "polygon" type = "xs:string" minOccurs = "0" maxOccurs = "unbounded"/>
+                    <element name = "circle" type = "xs:string" minOccurs = "0" maxOccurs = "unbounded"/>
+                    <element name = "geocode" minOccurs = "0" maxOccurs = "unbounded">
+                      <complexType>
+                        <sequence>
+                          <element ref = "cap:valueName"/>
+                          <element ref = "cap:value"/>
+                        </sequence>
+                      </complexType>
+                    </element>
+                    <element name = "altitude" type = "xs:decimal" minOccurs = "0"/>
+                    <element name = "ceiling" type = "xs:decimal" minOccurs = "0"/>
+                  </sequence>
+                </complexType>
+              </element>
+            </sequence>
+          </complexType>
+        </element>
+        <any minOccurs = "0" maxOccurs = "unbounded" namespace = "http://www.w3.org/2000/09/xmldsig#" processContents = "lax"/>
+      </sequence>
+    </complexType>
+  </element>
+  <element name = "valueName" type = "xs:string"/>
+  <element name = "value" type = "xs:string"/>
+</schema>
diff --git a/app/xml_schemas/__init__.py b/app/xml_schemas/__init__.py
new file mode 100644
index 000000000..4d8d11ef0
--- /dev/null
+++ b/app/xml_schemas/__init__.py
@@ -0,0 +1,19 @@
+from lxml import etree
+from pathlib import Path
+
+
+def validate_xml(document, schema_file_name):
+
+    path = Path(__file__).resolve().parent / schema_file_name
+    contents = path.read_text()
+
+    schema_root = etree.XML(contents.encode('utf-8'))
+    schema = etree.XMLSchema(schema_root)
+    parser = etree.XMLParser(schema=schema)
+
+    try:
+        etree.fromstring(document, parser)
+    except etree.XMLSyntaxError:
+        return False
+
+    return True
diff --git a/requirements-app.txt b/requirements-app.txt
index 8688b3922..cc017a729 100644
--- a/requirements-app.txt
+++ b/requirements-app.txt
@@ -24,6 +24,7 @@ strict-rfc3339==0.7
 rfc3987==1.3.8
 cachetools==4.2.0
 beautifulsoup4==4.9.3
+lxml==4.6.2
 
 notifications-python-client==5.7.1
 
diff --git a/requirements.txt b/requirements.txt
index bb5c70107..f9390d13e 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -26,6 +26,7 @@ strict-rfc3339==0.7
 rfc3987==1.3.8
 cachetools==4.2.0
 beautifulsoup4==4.9.3
+lxml==4.6.2
 
 notifications-python-client==5.7.1
 
@@ -39,18 +40,18 @@ prometheus-client==0.9.0
 gds-metrics==0.2.4
 
 ## The following requirements were added by pip freeze:
-alembic==1.4.3
+alembic==1.5.0
 amqp==1.4.9
 anyjson==0.3.3
 attrs==20.3.0
-awscli==1.18.215
+awscli==1.18.216
 bcrypt==3.2.0
 billiard==3.3.0.23
 bleach==3.2.1
 blinker==1.4
 boto==2.49.0
-boto3==1.16.55
-botocore==1.19.55
+boto3==1.16.56
+botocore==1.19.56
 certifi==2020.12.5
 chardet==4.0.0
 click==7.1.2
diff --git a/tests/app/v2/broadcast/test_post_broadcast.py b/tests/app/v2/broadcast/test_post_broadcast.py
index 587fe489b..e38918add 100644
--- a/tests/app/v2/broadcast/test_post_broadcast.py
+++ b/tests/app/v2/broadcast/test_post_broadcast.py
@@ -122,3 +122,25 @@ def test_valid_post_cap_xml_broadcast_returns_201(
     assert response_json['template_name'] is None
     assert response_json['template_version'] is None
     assert response_json['updated_at'] is None
+
+
+def test_invalid_post_cap_xml_broadcast_returns_400(
+    client,
+    sample_broadcast_service,
+):
+    auth_header = create_authorization_header(service_id=sample_broadcast_service.id)
+
+    response = client.post(
+        path='/v2/broadcast',
+        data="<alert>Oh no</alert>",
+        headers=[('Content-Type', 'application/cap+xml'), auth_header],
+    )
+
+    assert response.status_code == 400
+    assert json.loads(response.get_data(as_text=True)) == {
+        'errors': [{
+            'error': 'BadRequestError',
+            'message': 'Request data is not valid CAP XML'
+        }],
+        'status_code': 400,
+    }