From dd6618736218f29ac6adf3c4514efc4740a06279 Mon Sep 17 00:00:00 2001
From: Robert Sparks <rjsparks@nostrum.com>
Date: Mon, 31 Jan 2022 16:54:14 +0000
Subject: [PATCH] Merged in [19895] from jennifer@painless-security.com:

    Look at v2 'title' attribute in reference type heuristics for XML drafts. Related to #3529.
 - Legacy-Id: 19897
Note: SVN reference [19895] has been migrated to Git commit ea79fe0dcc183bc5cd8b27da67865c300b9dce4e
---
 ietf/utils/test_draft_with_references_v3.xml | 41 ++++++++++++++++++++
 ietf/utils/tests.py                          |  1 +
 ietf/utils/xmldraft.py                       |  8 +++-
 3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/ietf/utils/test_draft_with_references_v3.xml b/ietf/utils/test_draft_with_references_v3.xml
index dc3406482..a04880d1d 100644
--- a/ietf/utils/test_draft_with_references_v3.xml
+++ b/ietf/utils/test_draft_with_references_v3.xml
@@ -149,5 +149,46 @@
                 <seriesInfo name='DOI' value='10.17487/RFC1207'/>
             </reference>
         </references>
+        <references title="Malformed Normative References">
+            <!-- title attribute was for references title was removed for v3, but should be recognized -->
+            <reference anchor='RFC4086' target='https://www.rfc-editor.org/info/rfc4086'>
+                <front>
+                    <title>Randomness Requirements for Security</title>
+                    <author initials='D.' surname='Eastlake 3rd' fullname='D. Eastlake 3rd'>
+                        <organization/>
+                    </author>
+                    <author initials='J.' surname='Schiller' fullname='J. Schiller'>
+                        <organization/>
+                    </author>
+                    <author initials='S.' surname='Crocker' fullname='S. Crocker'>
+                        <organization/>
+                    </author>
+                    <date year='2005' month='June'/>
+                    <abstract>
+                        <t>Security systems are built on strong cryptographic algorithms that foil pattern analysis
+                            attempts. However, the security of these systems is dependent on generating secret
+                            quantities for passwords, cryptographic keys, and similar quantities. The use of
+                            pseudo-random processes to generate secret quantities can result in pseudo-security. A
+                            sophisticated attacker may find it easier to reproduce the environment that produced the
+                            secret quantities and to search the resulting small set of possibilities than to locate the
+                            quantities in the whole of the potential number space.
+                        </t>
+                        <t>Choosing random quantities to foil a resourceful and motivated adversary is surprisingly
+                            difficult. This document points out many pitfalls in using poor entropy sources or
+                            traditional pseudo-random number generation techniques for generating such quantities. It
+                            recommends the use of truly random hardware techniques and shows that the existing hardware
+                            on many systems can be used for this purpose. It provides suggestions to ameliorate the
+                            problem when a hardware solution is not available, and it gives examples of how large such
+                            quantities need to be for some applications. This document specifies an Internet Best
+                            Current Practices for the Internet Community, and requests discussion and suggestions for
+                            improvements.
+                        </t>
+                    </abstract>
+                </front>
+                <seriesInfo name='BCP' value='106'/>
+                <seriesInfo name='RFC' value='4086'/>
+                <seriesInfo name='DOI' value='10.17487/RFC4086'/>
+            </reference>
+        </references>
     </back>
 </rfc>
\ No newline at end of file
diff --git a/ietf/utils/tests.py b/ietf/utils/tests.py
index 15f7c9873..40943cfca 100644
--- a/ietf/utils/tests.py
+++ b/ietf/utils/tests.py
@@ -463,6 +463,7 @@ class XMLDraftTests(TestCase):
                 'rfc255': XMLDraft.REF_TYPE_INFORMATIVE,
                 'bcp6': XMLDraft.REF_TYPE_INFORMATIVE,
                 'rfc1207': XMLDraft.REF_TYPE_UNKNOWN,
+                'rfc4086': XMLDraft.REF_TYPE_NORMATIVE,
             }
         )
 
diff --git a/ietf/utils/xmldraft.py b/ietf/utils/xmldraft.py
index dd58c6239..133a766d1 100644
--- a/ietf/utils/xmldraft.py
+++ b/ietf/utils/xmldraft.py
@@ -77,12 +77,18 @@ class XMLDraft(Draft):
                 return self.REF_TYPE_INFORMATIVE
         return self.REF_TYPE_UNKNOWN
 
+    def _reference_section_name(self, section_elt):
+        section_name = section_elt.findtext('name')
+        if section_name is None and 'title' in section_elt.keys():
+            section_name = section_elt.get('title')  # fall back to title if we have it
+        return section_name
+
     def get_refs(self):
         """Extract references from the draft"""
         refs = {}
         # accept nested <references> sections
         for section in self.xmlroot.findall('back//references'):
-            ref_type = self._reference_section_type(section.findtext('name'))
+            ref_type = self._reference_section_type(self._reference_section_name(section))
             for ref in (section.findall('./reference') + section.findall('./referencegroup')):
                 refs[self._document_name(ref.get('anchor'))] = ref_type
         return refs