This commit is contained in:
Lana Steuck 2013-10-31 16:31:44 -07:00
commit 8f4103529c
18 changed files with 528 additions and 236 deletions

@ -187,6 +187,19 @@ public final class XalanConstants {
public static final String XML_SECURITY_PROPERTY_MANAGER =
ORACLE_JAXP_PROPERTY_PREFIX + "xmlSecurityPropertyManager";
/**
* Feature enableExtensionFunctions
*/
public static final String ORACLE_ENABLE_EXTENSION_FUNCTION =
ORACLE_JAXP_PROPERTY_PREFIX + "enableExtensionFunctions";
public static final String SP_ORACLE_ENABLE_EXTENSION_FUNCTION = "javax.xml.enableExtensionFunctions";
/**
* Values for a feature
*/
public static final String FEATURE_TRUE = "true";
public static final String FEATURE_FALSE = "false";
/**
* Check if we're in jdk8 or above
*/

@ -0,0 +1,124 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.org.apache.xalan.internal.utils;
import com.sun.org.apache.xalan.internal.XalanConstants;
/**
* This class manages security related properties
*
*/
public final class FeatureManager extends FeaturePropertyBase {
/**
* States of the settings of a property, in the order: default value, value
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
* properties, and jaxp api properties
*/
public static enum State {
//this order reflects the overriding order
DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
}
/**
* Xalan Features
*/
public static enum Feature {
ORACLE_ENABLE_EXTENSION_FUNCTION(XalanConstants.ORACLE_ENABLE_EXTENSION_FUNCTION,
"true");
final String name;
final String defaultValue;
Feature(String name, String value) {
this.name = name;
this.defaultValue = value;
}
public boolean equalsName(String propertyName) {
return (propertyName == null) ? false : name.equals(propertyName);
}
String defaultValue() {
return defaultValue;
}
}
/**
* Default constructor. Establishes default values
*/
public FeatureManager() {
values = new String[Feature.values().length];
for (Feature feature : Feature.values()) {
values[feature.ordinal()] = feature.defaultValue();
}
//read system properties or jaxp.properties
readSystemProperties();
}
/**
* Check if the feature is enabled
* @param feature name of the feature
* @return true if enabled, false otherwise
*/
public boolean isFeatureEnabled(Feature feature) {
return Boolean.parseBoolean(values[feature.ordinal()]);
}
/**
* Check if the feature is enabled
* @param propertyName name of the feature
* @return true if enabled, false otherwise
*/
public boolean isFeatureEnabled(String propertyName) {
return Boolean.parseBoolean(values[getIndex(propertyName)]);
}
/**
* Get the index by property name
* @param propertyName property name
* @return the index of the property if found; return -1 if not
*/
public int getIndex(String propertyName){
for (Feature feature : Feature.values()) {
if (feature.equalsName(propertyName)) {
return feature.ordinal();
}
}
return -1;
}
/**
* Read from system properties, or those in jaxp.properties
*/
private void readSystemProperties() {
getSystemProperty(Feature.ORACLE_ENABLE_EXTENSION_FUNCTION,
XalanConstants.SP_ORACLE_ENABLE_EXTENSION_FUNCTION);
}
}

@ -0,0 +1,215 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.org.apache.xalan.internal.utils;
import com.sun.org.apache.xalan.internal.XalanConstants;
/**
* This is the base class for features and properties
*
*/
public abstract class FeaturePropertyBase {
/**
* States of the settings of a property, in the order: default value, value
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
* properties, and jaxp api properties
*/
public static enum State {
//this order reflects the overriding order
DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
}
/**
* Values of the properties as defined in enum Properties
*/
String[] values = null;
/**
* States of the settings for each property in Properties above
*/
State[] states = {State.DEFAULT, State.DEFAULT};
/**
* Set the value for a specific property.
*
* @param property the property
* @param state the state of the property
* @param value the value of the property
*/
public void setValue(Enum property, State state, String value) {
//only update if it shall override
if (state.compareTo(states[property.ordinal()]) >= 0) {
values[property.ordinal()] = value;
states[property.ordinal()] = state;
}
}
/**
* Set the value of a property by its index
* @param index the index of the property
* @param state the state of the property
* @param value the value of the property
*/
public void setValue(int index, State state, String value) {
//only update if it shall override
if (state.compareTo(states[index]) >= 0) {
values[index] = value;
states[index] = state;
}
}
/**
* Set value by property name and state
* @param propertyName property name
* @param state the state of the property
* @param value the value of the property
* @return true if the property is managed by the security property manager;
* false if otherwise.
*/
public boolean setValue(String propertyName, State state, Object value) {
int index = getIndex(propertyName);
if (index > -1) {
setValue(index, state, (String)value);
return true;
}
return false;
}
/**
* Set value by property name and state
* @param propertyName property name
* @param state the state of the property
* @param value the value of the property
* @return true if the property is managed by the security property manager;
* false if otherwise.
*/
public boolean setValue(String propertyName, State state, boolean value) {
int index = getIndex(propertyName);
if (index > -1) {
if (value) {
setValue(index, state, XalanConstants.FEATURE_TRUE);
} else {
setValue(index, state, XalanConstants.FEATURE_FALSE);
}
return true;
}
return false;
}
/**
* Return the value of the specified property
*
* @param property the property
* @return the value of the property
*/
public String getValue(Enum property) {
return values[property.ordinal()];
}
/**
* Return the value of the specified property
*
* @param property the property
* @return the value of the property
*/
public String getValue(String property) {
int index = getIndex(property);
if (index > -1) {
return getValueByIndex(index);
}
return null;
}
/**
* Return the value of the specified property.
*
* @param propertyName the property name
* @return the value of the property as a string. If a property is managed
* by this manager, its value shall not be null.
*/
public String getValueAsString(String propertyName) {
int index = getIndex(propertyName);
if (index > -1) {
return getValueByIndex(index);
}
return null;
}
/**
* Return the value of a property by its ordinal
* @param index the index of a property
* @return value of a property
*/
public String getValueByIndex(int index) {
return values[index];
}
/**
* Get the index by property name
* @param propertyName property name
* @return the index of the property if found; return -1 if not
*/
public abstract int getIndex(String propertyName);
public <E extends Enum<E>> int getIndex(Class<E> property, String propertyName) {
for (Enum<E> enumItem : property.getEnumConstants()) {
if (enumItem.toString().equals(propertyName)) {
//internally, ordinal is used as index
return enumItem.ordinal();
}
}
return -1;
};
/**
* Read from system properties, or those in jaxp.properties
*
* @param property the property
* @param systemProperty the name of the system property
*/
void getSystemProperty(Enum property, String systemProperty) {
try {
String value = SecuritySupport.getSystemProperty(systemProperty);
if (value != null) {
values[property.ordinal()] = value;
states[property.ordinal()] = State.SYSTEMPROPERTY;
return;
}
value = SecuritySupport.readJAXPProperty(systemProperty);
if (value != null) {
values[property.ordinal()] = value;
states[property.ordinal()] = State.JAXPDOTPROPERTIES;
}
} catch (NumberFormatException e) {
//invalid setting ignored
}
}
}

@ -1,42 +1,28 @@
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.org.apache.xalan.internal.utils;
import com.sun.org.apache.xalan.internal.XalanConstants;

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,20 +33,10 @@ import javax.xml.XMLConstants;
* This class manages security related properties
*
*/
public final class XMLSecurityPropertyManager {
public final class XMLSecurityPropertyManager extends FeaturePropertyBase {
/**
* States of the settings of a property, in the order: default value, value
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
* properties, and jaxp api properties
*/
public static enum State {
//this order reflects the overriding order
DEFAULT, FSP, JAXPDOTPROPERTIES, SYSTEMPROPERTY, APIPROPERTY
}
/**
* Limits managed by the security manager
* Properties managed by the security property manager
*/
public static enum Property {
ACCESS_EXTERNAL_DTD(XMLConstants.ACCESS_EXTERNAL_DTD,
@ -72,15 +62,6 @@ public final class XMLSecurityPropertyManager {
}
/**
* Values of the properties as defined in enum Properties
*/
private final String[] values;
/**
* States of the settings for each property in Properties above
*/
private State[] states = {State.DEFAULT, State.DEFAULT};
/**
* Default constructor. Establishes default values
*/
@ -93,86 +74,6 @@ public final class XMLSecurityPropertyManager {
readSystemProperties();
}
/**
* Set limit by property name and state
* @param propertyName property name
* @param state the state of the property
* @param value the value of the property
* @return true if the property is managed by the security property manager;
* false if otherwise.
*/
public boolean setValue(String propertyName, State state, Object value) {
int index = getIndex(propertyName);
if (index > -1) {
setValue(index, state, (String)value);
return true;
}
return false;
}
/**
* Set the value for a specific property.
*
* @param property the property
* @param state the state of the property
* @param value the value of the property
*/
public void setValue(Property property, State state, String value) {
//only update if it shall override
if (state.compareTo(states[property.ordinal()]) >= 0) {
values[property.ordinal()] = value;
states[property.ordinal()] = state;
}
}
/**
* Set the value of a property by its index
* @param index the index of the property
* @param state the state of the property
* @param value the value of the property
*/
public void setValue(int index, State state, String value) {
//only update if it shall override
if (state.compareTo(states[index]) >= 0) {
values[index] = value;
states[index] = state;
}
}
/**
* Return the value of the specified property
*
* @param propertyName the property name
* @return the value of the property as a string
*/
public String getValue(String propertyName) {
int index = getIndex(propertyName);
if (index > -1) {
return getValueByIndex(index);
}
return null;
}
/**
* Return the value of the specified property
*
* @param property the property
* @return the value of the property
*/
public String getValue(Property property) {
return values[property.ordinal()];
}
/**
* Return the value of a property by its ordinal
* @param index the index of a property
* @return value of a property
*/
public String getValueByIndex(int index) {
return values[index];
}
/**
* Get the index by property name
* @param propertyName property name
@ -198,28 +99,4 @@ public final class XMLSecurityPropertyManager {
XalanConstants.SP_ACCESS_EXTERNAL_STYLESHEET);
}
/**
* Read from system properties, or those in jaxp.properties
*
* @param property the property
* @param systemProperty the name of the system property
*/
private void getSystemProperty(Property property, String systemProperty) {
try {
String value = SecuritySupport.getSystemProperty(systemProperty);
if (value != null) {
values[property.ordinal()] = value;
states[property.ordinal()] = State.SYSTEMPROPERTY;
return;
}
value = SecuritySupport.readJAXPProperty(systemProperty);
if (value != null) {
values[property.ordinal()] = value;
states[property.ordinal()] = State.JAXPDOTPROPERTIES;
}
} catch (NumberFormatException e) {
//invalid setting ignored
}
}
}

@ -23,6 +23,7 @@
package com.sun.org.apache.xalan.internal.xsltc.cmdline;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import java.io.File;
import java.net.URL;
import java.util.Vector;
@ -77,7 +78,7 @@ public final class Compile {
final GetOpt getopt = new GetOpt(args, "o:d:j:p:uxhsinv");
if (args.length < 1) printUsage();
final XSLTC xsltc = new XSLTC(true);
final XSLTC xsltc = new XSLTC(true, new FeatureManager());
xsltc.init();
int c;

@ -42,6 +42,7 @@ import com.sun.org.apache.bcel.internal.generic.InvokeInstruction;
import com.sun.org.apache.bcel.internal.generic.LocalVariableGen;
import com.sun.org.apache.bcel.internal.generic.NEW;
import com.sun.org.apache.bcel.internal.generic.PUSH;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.BooleanType;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ClassGenerator;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
@ -717,6 +718,8 @@ class FunctionCall extends Expression {
final ConstantPoolGen cpg = classGen.getConstantPool();
final InstructionList il = methodGen.getInstructionList();
final boolean isSecureProcessing = classGen.getParser().getXSLTC().isSecureProcessing();
final boolean isExtensionFunctionEnabled = classGen.getParser().getXSLTC()
.getFeature(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION);
int index;
// Translate calls to methods in the BasisLibrary
@ -760,7 +763,7 @@ class FunctionCall extends Expression {
il.append(new INVOKESTATIC(index));
}
else if (_isExtConstructor) {
if (isSecureProcessing)
if (isSecureProcessing && !isExtensionFunctionEnabled)
translateUnallowedExtension(cpg, il);
final String clazz =
@ -822,7 +825,7 @@ class FunctionCall extends Expression {
}
// Invoke function calls that are handled in separate classes
else {
if (isSecureProcessing)
if (isSecureProcessing && !isExtensionFunctionEnabled)
translateUnallowedExtension(cpg, il);
final String clazz = _chosenMethod.getDeclaringClass().getName();

@ -43,6 +43,8 @@ import javax.xml.XMLConstants;
import com.sun.org.apache.bcel.internal.classfile.JavaClass;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import com.sun.org.apache.xalan.internal.utils.FeatureManager.Feature;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
@ -148,11 +150,14 @@ public final class XSLTC {
private XMLSecurityManager _xmlSecurityManager;
private final FeatureManager _featureManager;
/**
* XSLTC compiler constructor
*/
public XSLTC(boolean useServicesMechanism) {
public XSLTC(boolean useServicesMechanism, FeatureManager featureManager) {
_parser = new Parser(this, useServicesMechanism);
_featureManager = featureManager;
}
/**
@ -182,6 +187,15 @@ public final class XSLTC {
_useServicesMechanism = flag;
}
/**
* Return the value of the specified feature
* @param name name of the feature
* @return true if the feature is enabled, false otherwise
*/
public boolean getFeature(Feature name) {
return _featureManager.isFeatureEnabled(name);
}
/**
* Return allowed protocols for accessing external stylesheet.
*/

@ -74,12 +74,12 @@ public class SAX2DOM implements ContentHandler, LexicalHandler, Constants {
DocumentBuilderFactory.newInstance();
private boolean _internal = true;
public SAX2DOM(boolean useServicesMachnism) throws ParserConfigurationException {
_document = createDocument(useServicesMachnism);
public SAX2DOM(boolean useServicesMechanism) throws ParserConfigurationException {
_document = createDocument(useServicesMechanism);
_root = _document;
}
public SAX2DOM(Node root, Node nextSibling, boolean useServicesMachnism) throws ParserConfigurationException {
public SAX2DOM(Node root, Node nextSibling, boolean useServicesMechanism) throws ParserConfigurationException {
_root = root;
if (root instanceof Document) {
_document = (Document)root;
@ -88,15 +88,15 @@ public class SAX2DOM implements ContentHandler, LexicalHandler, Constants {
_document = root.getOwnerDocument();
}
else {
_document = createDocument(useServicesMachnism);
_document = createDocument(useServicesMechanism);
_root = _document;
}
_nextSibling = nextSibling;
}
public SAX2DOM(Node root, boolean useServicesMachnism) throws ParserConfigurationException {
this(root, null, useServicesMachnism);
public SAX2DOM(Node root, boolean useServicesMechanism) throws ParserConfigurationException {
this(root, null, useServicesMechanism);
}
public Node getDOM() {
@ -308,18 +308,19 @@ public class SAX2DOM implements ContentHandler, LexicalHandler, Constants {
public void startDTD(String name, String publicId, String systemId)
throws SAXException {}
private Document createDocument(boolean useServicesMachnism) throws ParserConfigurationException {
private Document createDocument(boolean useServicesMechanism) throws ParserConfigurationException {
if (_factory == null) {
if (useServicesMachnism)
if (useServicesMechanism) {
_factory = DocumentBuilderFactory.newInstance();
if (!(_factory instanceof com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl)) {
_internal = false;
}
else
} else {
_factory = DocumentBuilderFactory.newInstance(
"com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl",
SAX2DOM.class.getClassLoader()
);
}
}
Document doc;
if (_internal) {

@ -95,7 +95,7 @@ public class TemplatesHandlerImpl
_tfactory = tfactory;
// Instantiate XSLTC and get reference to parser object
XSLTC xsltc = new XSLTC(tfactory.useServicesMechnism());
XSLTC xsltc = new XSLTC(tfactory.useServicesMechnism(), tfactory.getFeatureManager());
if (tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING))
xsltc.setSecureProcessing(true);

@ -25,12 +25,14 @@ package com.sun.org.apache.xalan.internal.xsltc.trax;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase;
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager;
import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State;
import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase.State;
import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader;
import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC;
@ -227,6 +229,8 @@ public class TransformerFactoryImpl
private XMLSecurityPropertyManager _xmlSecurityPropertyMgr;
private XMLSecurityManager _xmlSecurityManager;
private final FeatureManager _featureManager;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
*/
@ -240,10 +244,13 @@ public class TransformerFactoryImpl
private TransformerFactoryImpl(boolean useServicesMechanism) {
this._useServicesMechanism = useServicesMechanism;
_featureManager = new FeatureManager();
if (System.getSecurityManager() != null) {
_isSecureMode = true;
_isNotSecureProcessing = false;
_featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION,
FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE);
}
_xmlSecurityPropertyMgr = new XMLSecurityPropertyManager();
@ -504,6 +511,10 @@ public class TransformerFactoryImpl
Property.ACCESS_EXTERNAL_STYLESHEET);
}
if (value && _featureManager != null) {
_featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION,
FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE);
}
return;
}
else if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
@ -512,6 +523,11 @@ public class TransformerFactoryImpl
_useServicesMechanism = value;
}
else {
if (_featureManager != null &&
_featureManager.setValue(name, State.APIPROPERTY, value)) {
return;
}
// unknown feature
ErrorMsg err = new ErrorMsg(ErrorMsg.JAXP_UNSUPPORTED_FEATURE, name);
throw new TransformerConfigurationException(err.toString());
@ -561,6 +577,13 @@ public class TransformerFactoryImpl
return !_isNotSecureProcessing;
}
/** Check to see if the property is managed by the security manager **/
String propertyValue = (_featureManager != null) ?
_featureManager.getValueAsString(name) : null;
if (propertyValue != null) {
return Boolean.parseBoolean(propertyValue);
}
// Feature not supported
return false;
}
@ -571,6 +594,13 @@ public class TransformerFactoryImpl
return _useServicesMechanism;
}
/**
* @return the feature manager
*/
public FeatureManager getFeatureManager() {
return _featureManager;
}
/**
* javax.xml.transform.sax.TransformerFactory implementation.
* Get the object that is used by default during the transformation to
@ -857,7 +887,7 @@ public class TransformerFactoryImpl
}
// Create and initialize a stylesheet compiler
final XSLTC xsltc = new XSLTC(_useServicesMechanism);
final XSLTC xsltc = new XSLTC(_useServicesMechanism, _featureManager);
if (_debug) xsltc.setDebug(true);
if (_enableInlining)
xsltc.setTemplateInlining(true);

@ -569,32 +569,13 @@ public class XMLDocumentFragmentScannerImpl
// xerces features
fReportCdataEvent = componentManager.getFeature(Constants.STAX_REPORT_CDATA_EVENT, true);
fSecurityManager = (XMLSecurityManager)componentManager.getProperty(Constants.SECURITY_MANAGER, null);
fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
fElementAttributeLimit = (fSecurityManager != null)?
fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT):0;
fNotifyBuiltInRefs = componentManager.getFeature(NOTIFY_BUILTIN_REFS, false);
Object resolver = componentManager.getProperty(ENTITY_RESOLVER, null);
fExternalSubsetResolver = (resolver instanceof ExternalSubsetResolver) ?
(ExternalSubsetResolver) resolver : null;
// initialize vars
fMarkupDepth = 0;
fCurrentElement = null;
fElementStack.clear();
fHasExternalDTD = false;
fStandaloneSet = false;
fStandalone = false;
fInScanContent = false;
//skipping algorithm
fShouldSkip = false;
fAdd = false;
fSkip = false;
//attribute
fReadingAttributes = false;
//xxx: external entities are supported in Xerces
@ -606,9 +587,6 @@ public class XMLDocumentFragmentScannerImpl
// setup Driver
setScannerState(SCANNER_STATE_CONTENT);
setDriver(fContentDriver);
fEntityStore = fEntityManager.getEntityStore();
dtdGrammarUtil = null;
// JAXP 1.5 features and properties
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
@ -617,6 +595,7 @@ public class XMLDocumentFragmentScannerImpl
fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT, false);
resetCommon();
//fEntityManager.test();
} // reset(XMLComponentManager)
@ -630,17 +609,7 @@ public class XMLDocumentFragmentScannerImpl
fNamespaces = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_NAMESPACE_AWARE)).booleanValue();
fNotifyBuiltInRefs = false ;
// initialize vars
fMarkupDepth = 0;
fCurrentElement = null;
fShouldSkip = false;
fAdd = false;
fSkip = false;
fElementStack.clear();
//fElementStack2.clear();
fHasExternalDTD = false;
fStandaloneSet = false;
fStandalone = false;
//fReplaceEntityReferences = true;
//fSupportExternalEntities = true;
Boolean bo = (Boolean)propertyManager.getProperty(XMLInputFactoryImpl.IS_REPLACING_ENTITY_REFERENCES);
@ -661,20 +630,43 @@ public class XMLDocumentFragmentScannerImpl
//we dont need to do this -- nb.
//setScannerState(SCANNER_STATE_CONTENT);
//setDriver(fContentDriver);
fEntityStore = fEntityManager.getEntityStore();
//fEntityManager.test();
dtdGrammarUtil = null;
// JAXP 1.5 features and properties
XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)
propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER);
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(Constants.SECURITY_MANAGER);
fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
resetCommon();
} // reset(XMLComponentManager)
void resetCommon() {
// initialize vars
fMarkupDepth = 0;
fCurrentElement = null;
fElementStack.clear();
fHasExternalDTD = false;
fStandaloneSet = false;
fStandalone = false;
fInScanContent = false;
//skipping algorithm
fShouldSkip = false;
fAdd = false;
fSkip = false;
fEntityStore = fEntityManager.getEntityStore();
dtdGrammarUtil = null;
if (fSecurityManager != null) {
fLimitAnalyzer = fSecurityManager.getLimitAnalyzer();
fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
} else {
fLimitAnalyzer = null;
fElementAttributeLimit = 0;
}
}
/**
* Returns a list of feature identifiers that are recognized by
* this component. This method may return null if no features
@ -1328,7 +1320,7 @@ public class XMLDocumentFragmentScannerImpl
fAttributes.getLength() > fElementAttributeLimit){
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"ElementAttributeLimit",
new Object[]{rawname, new Integer(fAttributes.getLength()) },
new Object[]{rawname, fElementAttributeLimit },
XMLErrorReporter.SEVERITY_FATAL_ERROR );
}

@ -256,7 +256,7 @@ public class XMLNSDocumentScannerImpl
fAttributes.getLength() > fElementAttributeLimit){
fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,
"ElementAttributeLimit",
new Object[]{rawname, new Integer(fAttributes.getLength()) },
new Object[]{rawname, fElementAttributeLimit },
XMLErrorReporter.SEVERITY_FATAL_ERROR );
}

@ -211,7 +211,7 @@ public final class SecuritySupport {
if (i > 0) {
return uri.substring(i+1, uri.length());
}
return "";
return uri;
}
/**

@ -33,6 +33,7 @@ import com.sun.org.apache.xpath.internal.objects.XObject;
import com.sun.org.apache.xpath.internal.objects.XNodeSet;
import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
import com.sun.org.apache.xalan.internal.res.XSLMessages;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import com.sun.org.apache.xpath.internal.functions.FuncExtFunction;
import java.util.Vector;
@ -54,9 +55,12 @@ public class JAXPExtensionsProvider implements ExtensionsProvider {
}
public JAXPExtensionsProvider(XPathFunctionResolver resolver,
boolean featureSecureProcessing ) {
boolean featureSecureProcessing, FeatureManager featureManager ) {
this.resolver = resolver;
this.extensionInvocationDisabled = featureSecureProcessing;
if (featureSecureProcessing &&
!featureManager.isFeatureEnabled(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION)) {
this.extensionInvocationDisabled = true;
}
}
/**

@ -30,6 +30,7 @@ import com.sun.org.apache.xml.internal.utils.PrefixResolver;
import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
import com.sun.org.apache.xalan.internal.res.XSLMessages;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import javax.xml.namespace.NamespaceContext;
import javax.xml.namespace.QName;
@ -67,33 +68,36 @@ public class XPathExpressionImpl implements javax.xml.xpath.XPathExpression{
private boolean featureSecureProcessing = false;
private boolean useServicesMechanism = true;
private final FeatureManager featureManager;
/** Protected constructor to prevent direct instantiation; use compile()
* from the context.
*/
protected XPathExpressionImpl() { };
protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath,
JAXPPrefixResolver prefixResolver,
XPathFunctionResolver functionResolver,
XPathVariableResolver variableResolver ) {
this.xpath = xpath;
this.prefixResolver = prefixResolver;
this.functionResolver = functionResolver;
this.variableResolver = variableResolver;
this.featureSecureProcessing = false;
protected XPathExpressionImpl() {
this(null, null, null, null,
false, true, new FeatureManager());
};
protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath,
JAXPPrefixResolver prefixResolver,
XPathFunctionResolver functionResolver,
XPathVariableResolver variableResolver,
boolean featureSecureProcessing, boolean useServicesMechanism ) {
XPathVariableResolver variableResolver ) {
this(xpath, prefixResolver, functionResolver, variableResolver,
false, true, new FeatureManager());
};
protected XPathExpressionImpl(com.sun.org.apache.xpath.internal.XPath xpath,
JAXPPrefixResolver prefixResolver,XPathFunctionResolver functionResolver,
XPathVariableResolver variableResolver, boolean featureSecureProcessing,
boolean useServicesMechanism, FeatureManager featureManager ) {
this.xpath = xpath;
this.prefixResolver = prefixResolver;
this.functionResolver = functionResolver;
this.variableResolver = variableResolver;
this.featureSecureProcessing = featureSecureProcessing;
this.useServicesMechanism = useServicesMechanism;
this.featureManager = featureManager;
};
public void setXPath (com.sun.org.apache.xpath.internal.XPath xpath ) {
@ -111,7 +115,7 @@ public class XPathExpressionImpl implements javax.xml.xpath.XPathExpression{
com.sun.org.apache.xpath.internal.XPathContext xpathSupport = null;
if ( functionResolver != null ) {
JAXPExtensionsProvider jep = new JAXPExtensionsProvider(
functionResolver, featureSecureProcessing );
functionResolver, featureSecureProcessing, featureManager );
xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext( jep );
} else {
xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext();

@ -24,6 +24,8 @@ package com.sun.org.apache.xpath.internal.jaxp;
import com.sun.org.apache.xalan.internal.XalanConstants;
import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
import com.sun.org.apache.xalan.internal.res.XSLMessages;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase;
import javax.xml.XMLConstants;
import javax.xml.xpath.XPathFactory;
@ -68,6 +70,8 @@ public class XPathFactoryImpl extends XPathFactory {
private boolean _useServicesMechanism = true;
private final FeatureManager _featureManager;
public XPathFactoryImpl() {
this(true);
}
@ -77,9 +81,12 @@ public class XPathFactoryImpl extends XPathFactory {
}
public XPathFactoryImpl(boolean useServicesMechanism) {
_featureManager = new FeatureManager();
if (System.getSecurityManager() != null) {
_isSecureMode = true;
_isNotSecureProcessing = false;
_featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION,
FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE);
}
this._useServicesMechanism = useServicesMechanism;
}
@ -131,7 +138,8 @@ public class XPathFactoryImpl extends XPathFactory {
public javax.xml.xpath.XPath newXPath() {
return new com.sun.org.apache.xpath.internal.jaxp.XPathImpl(
xPathVariableResolver, xPathFunctionResolver,
!_isNotSecureProcessing, _useServicesMechanism );
!_isNotSecureProcessing, _useServicesMechanism,
_featureManager );
}
/**
@ -181,6 +189,10 @@ public class XPathFactoryImpl extends XPathFactory {
}
_isNotSecureProcessing = !value;
if (value && _featureManager != null) {
_featureManager.setValue(FeatureManager.Feature.ORACLE_ENABLE_EXTENSION_FUNCTION,
FeaturePropertyBase.State.FSP, XalanConstants.FEATURE_FALSE);
}
// all done processing feature
return;
@ -192,6 +204,11 @@ public class XPathFactoryImpl extends XPathFactory {
return;
}
if (_featureManager != null &&
_featureManager.setValue(name, FeaturePropertyBase.State.APIPROPERTY, value)) {
return;
}
// unknown feature
String fmsg = XSLMessages.createXPATHMessage(
XPATHErrorResources.ER_FEATURE_UNKNOWN,
@ -240,6 +257,14 @@ public class XPathFactoryImpl extends XPathFactory {
if (name.equals(XalanConstants.ORACLE_FEATURE_SERVICE_MECHANISM)) {
return _useServicesMechanism;
}
/** Check to see if the property is managed by the security manager **/
String propertyValue = (_featureManager != null) ?
_featureManager.getValueAsString(name) : null;
if (propertyValue != null) {
return _featureManager.isFeatureEnabled(name);
}
// unknown feature
String fmsg = XSLMessages.createXPATHMessage(
XPATHErrorResources.ER_GETTING_UNKNOWN_FEATURE,

@ -35,6 +35,7 @@ import com.sun.org.apache.xpath.internal.objects.XObject;
import com.sun.org.apache.xpath.internal.res.XPATHErrorResources;
import com.sun.org.apache.xalan.internal.res.XSLMessages;
import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
import com.sun.org.apache.xalan.internal.utils.FeatureManager;
import org.w3c.dom.Node;
import org.w3c.dom.Document;
@ -70,18 +71,20 @@ public class XPathImpl implements javax.xml.xpath.XPath {
// extensions function need to throw XPathFunctionException
private boolean featureSecureProcessing = false;
private boolean useServiceMechanism = true;
private final FeatureManager featureManager;
XPathImpl( XPathVariableResolver vr, XPathFunctionResolver fr ) {
this.origVariableResolver = this.variableResolver = vr;
this.origFunctionResolver = this.functionResolver = fr;
this(vr, fr, false, true, new FeatureManager());
}
XPathImpl( XPathVariableResolver vr, XPathFunctionResolver fr,
boolean featureSecureProcessing, boolean useServiceMechanism ) {
boolean featureSecureProcessing, boolean useServiceMechanism,
FeatureManager featureManager) {
this.origVariableResolver = this.variableResolver = vr;
this.origFunctionResolver = this.functionResolver = fr;
this.featureSecureProcessing = featureSecureProcessing;
this.useServiceMechanism = useServiceMechanism;
this.featureManager = featureManager;
}
/**
@ -190,7 +193,7 @@ public class XPathImpl implements javax.xml.xpath.XPath {
com.sun.org.apache.xpath.internal.XPathContext xpathSupport = null;
if ( functionResolver != null ) {
JAXPExtensionsProvider jep = new JAXPExtensionsProvider(
functionResolver, featureSecureProcessing );
functionResolver, featureSecureProcessing, featureManager );
xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext( jep );
} else {
xpathSupport = new com.sun.org.apache.xpath.internal.XPathContext();
@ -391,7 +394,7 @@ public class XPathImpl implements javax.xml.xpath.XPath {
// Can have errorListener
XPathExpressionImpl ximpl = new XPathExpressionImpl (xpath,
prefixResolver, functionResolver, variableResolver,
featureSecureProcessing, useServiceMechanism );
featureSecureProcessing, useServiceMechanism, featureManager );
return ximpl;
} catch ( javax.xml.transform.TransformerException te ) {
throw new XPathExpressionException ( te ) ;