Escape application names for GMarkup

[DemiMarie]

GLib provides a parser called GMarkup, which implements a subset of XML. Application names may contain XML metacharacters, such as "<" and "&". These must be escaped to prevent XML injection, but the app menu didn't do that.

The GMarkup documentation explicitly states that GMarkup must not be used to parse untrusted input 1. Therefore, parsing malicious markup may have undefined results. Fortunately, there is no security problem because the only allowed character with special meaning in XML is "&" and ";" is not allowed. Therefore, there is no way to create a valid XML entity or inject tags. The worst that can happen is the creation of ill-formed markup that that GLib rejects.

This patch also addresses a URL construction bug: filenames need to be URL-encoded in file:// URLs.

[marmarek]

(pylint complains)

[qubesos-bot]

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024121004-4.3&flavor=pull-requests

Test run included the following:

• Add dracut config to the Debian package too qubes-core-agent-linux#536 (QubesOS/qubes-core-agent-linux@e9e5b81)
• Honor NoDisplay=true #52 (9586eda)
• tests: try dracut on Debian too qubes-core-admin#638 (QubesOS/qubes-core-admin@5b7e57b)
• Layer shell support #53 (8d2ebd7)
• audio: fix reacting on mic enable/disable requests qubes-gui-daemon#161 (QubesOS/qubes-gui-daemon@0030c81)
• Various test improvement, especially for testing minimal templates qubes-core-admin#639 (QubesOS/qubes-core-admin@301f33d)
• pipewire: prevent starting in root session qubes-gui-agent-linux#220 (QubesOS/qubes-gui-agent-linux@7be8161)
• Escape application names for GMarkup #51 (b2e036c)
• Make "multimedia" devices more detailed qubes-core-admin-client#322 (QubesOS/qubes-core-admin-client@95a2f69)
• Retire old qubes-vm-create dialog qubes-manager#393 (QubesOS/qubes-manager@210f867)
• Try to retrieve exit code of a failed service call qubes-core-qrexec#183 (QubesOS/qubes-core-qrexec@66c1519)
• DEBUG: log stdout/err from updates check on Debian qubes-core-agent-linux#537 (QubesOS/qubes-core-agent-linux@81954b6)
• Improve handling early startup issues qubes-gui-agent-linux#219 (QubesOS/qubes-gui-agent-linux@0ad1350)

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2024111705-4.3&flavor=update

• system_tests_extra

  • TC_00_QVCTest_whonix-workstation-17: test_010_screenshare (failure)
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 0 == 0

• system_tests_kde_gui_interactive

  • gui_keyboard_layout: wait_serial (wait serial expected)
    # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

Failed tests

4 failures

• system_tests_extra

  • TC_00_QVCTest_whonix-gateway-17: test_010_screenshare (failure)
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 0 == 0

  • TC_00_QVCTest_whonix-workstation-17: test_010_screenshare (failure)
    ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^... AssertionError: 0 == 0

• system_tests_kde_gui_interactive

  • gui_keyboard_layout: wait_serial (wait serial expected)
    # wait_serial expected: "echo -e '[Layout]\nLayoutList=us,de' | sud...

  • gui_keyboard_layout: Failed (test died)
    # Test died: command 'test "$(cd ~user;ls e1*)" = "$(qvm-run -p wor...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/119126#dependencies

2 fixed

• system_tests_audio@hw1

  • TC_20_AudioVM_PipeWire_whonix-workstation-17: test_260_audio_mic_enabled_switch_audiovm (failure)
    AssertionError: too short audio, expected 10s, got 0.00013605442176...

• system_tests_basic_vm_qrexec_gui_zfs

  • switch_pool: Failed (test died)
    # Test died: command 'dnf install -y ./zfs-release.rpm' failed at /...

Unstable tests

• system_tests_audio

  TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)

  • job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...

• system_tests_audio@hw1

  TC_20_AudioVM_PipeWire_fedora-40-xfce/test_260_audio_mic_enabled_switch_audiovm (1/5 times with errors)

  • job 117586 AssertionError: too short audio, expected 10s, got 0.00013605442176...

[codecov]

Codecov Report

Attention: Patch coverage is 78.57143% with 3 lines in your changes missing coverage. Please review.

Project coverage is 82.24%. Comparing base (9d665ee) to head (b2e036c).
Report is 18 commits behind head on main.

Files with missing lines	Patch %	Lines
qubes_menu/utils.py	81.81%	2 Missing ⚠️
qubes_menu/app_widgets.py	66.66%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #51      +/-   ##
==========================================
- Coverage   83.01%   82.24%   -0.77%     
==========================================
  Files          22       22              
  Lines        2190     2349     +159     
==========================================
+ Hits         1818     1932     +114     
- Misses        372      417      +45     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[marmarek]

Approved as of b2e036c