8294858: XMLStreamReader does not respect jdk.xml.maxXMLNameLimit=0 for namespace names
Reviewed-by: lancea, naoto
This commit is contained in:
Joe Wang
parent
72f74df49a
commit
2ff9d3af81
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -69,6 +69,8 @@ import javax.xml.stream.events.XMLEvent;
|
|||||||
* @author Elena Litani, IBM
|
* @author Elena Litani, IBM
|
||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
* @author Sunitha Reddy, Sun Microsystems
|
* @author Sunitha Reddy, Sun Microsystems
|
||||||
|
*
|
||||||
|
* @LastModified: Nov 2022
|
||||||
*/
|
*/
|
||||||
public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
|
public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
|
||||||
|
|
||||||
@ -637,7 +639,8 @@ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
|
|||||||
// record namespace declarations if any.
|
// record namespace declarations if any.
|
||||||
if (fBindNamespaces) {
|
if (fBindNamespaces) {
|
||||||
if (isNSDecl) {
|
if (isNSDecl) {
|
||||||
if (value.length() > fXMLNameLimit) {
|
//check the length of URI if a limit is set
|
||||||
|
if (fXMLNameLimit > 0 && value.length() > fXMLNameLimit) {
|
||||||
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
|
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
|
||||||
"MaxXMLNameLimit",
|
"MaxXMLNameLimit",
|
||||||
new Object[]{value, value.length(), fXMLNameLimit,
|
new Object[]{value, value.length(), fXMLNameLimit,
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -54,6 +54,8 @@ import javax.xml.stream.events.XMLEvent;
|
|||||||
* @author Neeraj Bajaj, Sun Microsystems
|
* @author Neeraj Bajaj, Sun Microsystems
|
||||||
* @author Venugopal Rao K, Sun Microsystems
|
* @author Venugopal Rao K, Sun Microsystems
|
||||||
* @author Elena Litani, IBM
|
* @author Elena Litani, IBM
|
||||||
|
*
|
||||||
|
* @LastModified: Nov 2022
|
||||||
*/
|
*/
|
||||||
public class XMLNSDocumentScannerImpl
|
public class XMLNSDocumentScannerImpl
|
||||||
extends XMLDocumentScannerImpl {
|
extends XMLDocumentScannerImpl {
|
||||||
@ -453,8 +455,8 @@ public class XMLNSDocumentScannerImpl
|
|||||||
// record namespace declarations if any.
|
// record namespace declarations if any.
|
||||||
if (fBindNamespaces) {
|
if (fBindNamespaces) {
|
||||||
if (isNSDecl) {
|
if (isNSDecl) {
|
||||||
//check the length of URI
|
//check the length of URI if a limit is set
|
||||||
if (tmpStr.length > fXMLNameLimit) {
|
if (fXMLNameLimit > 0 && tmpStr.length > fXMLNameLimit) {
|
||||||
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
|
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
|
||||||
"MaxXMLNameLimit",
|
"MaxXMLNameLimit",
|
||||||
new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
|
new Object[]{new String(tmpStr.ch,tmpStr.offset,tmpStr.length),
|
||||||
|
|||||||
@ -0,0 +1,97 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
package common;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.nio.charset.StandardCharsets;
|
||||||
|
import javax.xml.stream.XMLInputFactory;
|
||||||
|
import javax.xml.stream.XMLStreamReader;
|
||||||
|
import org.testng.Assert;
|
||||||
|
import org.testng.annotations.DataProvider;
|
||||||
|
import org.testng.annotations.Test;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test
|
||||||
|
* @bug 8294858
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @run testng/othervm common.ProcessingLimits
|
||||||
|
* @summary Verifies the support of processing limits. Use this test to cover
|
||||||
|
* tests related to processing limits.
|
||||||
|
*/
|
||||||
|
public class ProcessingLimits {
|
||||||
|
private static final String XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit";
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Data for tests:
|
||||||
|
* xml, name limit
|
||||||
|
*/
|
||||||
|
@DataProvider(name = "xml-data")
|
||||||
|
public Object[][] xmlData() throws Exception {
|
||||||
|
return new Object[][]{
|
||||||
|
{"<foo xmlns='bar'/>", null},
|
||||||
|
{"<foo xmlns='bar'/>", "0"},
|
||||||
|
{"<?xml version=\"1.1\"?><foo xmlns='bar'/>", null},
|
||||||
|
{"<?xml version=\"1.1\"?><foo xmlns='bar'/>", "0"},
|
||||||
|
};
|
||||||
|
}
|
||||||
|
/**
|
||||||
|
* bug 8294858
|
||||||
|
* Verifies that 0 (no limit) is honored by the parser. According to the bug
|
||||||
|
* report, the parser treated 0 literally for namespace names.
|
||||||
|
*
|
||||||
|
* @param xml the XML content
|
||||||
|
* @param limit the limit to be set. "null" means not set.
|
||||||
|
*
|
||||||
|
* @throws Exception if the test fails
|
||||||
|
*/
|
||||||
|
@Test(dataProvider = "xml-data")
|
||||||
|
public void testNameLimit(String xml, String limit)throws Exception
|
||||||
|
{
|
||||||
|
boolean success = true;
|
||||||
|
try {
|
||||||
|
if (limit != null) {
|
||||||
|
System.setProperty(XML_NAME_LIMIT, limit);
|
||||||
|
}
|
||||||
|
parse(xml);
|
||||||
|
} catch (Exception e) {
|
||||||
|
// catch instead of throw so that we can clear the System Property
|
||||||
|
success = false;
|
||||||
|
System.err.println("Limit is set to " + limit + " failed: " + e.getMessage());
|
||||||
|
}
|
||||||
|
if (limit != null) {
|
||||||
|
System.clearProperty(XML_NAME_LIMIT);
|
||||||
|
}
|
||||||
|
Assert.assertTrue(success);
|
||||||
|
}
|
||||||
|
|
||||||
|
private static void parse(String xml)
|
||||||
|
throws Exception
|
||||||
|
{
|
||||||
|
InputStream is = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
|
||||||
|
XMLStreamReader reader = XMLInputFactory.newInstance().createXMLStreamReader(is);
|
||||||
|
while (reader.hasNext())
|
||||||
|
reader.next();
|
||||||
|
System.err.println("Parsed successfully");
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user