8306632: Add a JDK Property for specifying DTD support
Reviewed-by: lancea, smarks
This commit is contained in:
parent
a62c48b87e
commit
dccf670492
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -51,8 +51,6 @@ import org.xml.sax.ContentHandler;
|
|||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
import org.xml.sax.Locator;
|
import org.xml.sax.Locator;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
|
||||||
import org.xml.sax.XMLReader;
|
import org.xml.sax.XMLReader;
|
||||||
import org.xml.sax.helpers.AttributesImpl;
|
import org.xml.sax.helpers.AttributesImpl;
|
||||||
|
|
||||||
@ -62,7 +60,7 @@ import org.xml.sax.helpers.AttributesImpl;
|
|||||||
* @author G. Todd Miller
|
* @author G. Todd Miller
|
||||||
* @author Morten Jorgensen
|
* @author Morten Jorgensen
|
||||||
* @author Erwin Bolwidt <ejb@klomp.org>
|
* @author Erwin Bolwidt <ejb@klomp.org>
|
||||||
* @LastModified: Jan 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class Parser implements Constants, ContentHandler {
|
public class Parser implements Constants, ContentHandler {
|
||||||
|
|
||||||
@ -469,65 +467,22 @@ public class Parser implements Constants, ContentHandler {
|
|||||||
* @return The root of the abstract syntax tree
|
* @return The root of the abstract syntax tree
|
||||||
*/
|
*/
|
||||||
public SyntaxTreeNode parse(InputSource input) {
|
public SyntaxTreeNode parse(InputSource input) {
|
||||||
try {
|
final XMLReader reader = JdkXmlUtils.getXMLReader(
|
||||||
final XMLReader reader = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
|
(XMLSecurityManager)_xsltc.getProperty(JdkConstants.SECURITY_MANAGER),
|
||||||
_xsltc.isSecureProcessing());
|
_overrideDefaultParser,
|
||||||
|
_xsltc.isSecureProcessing(),
|
||||||
|
_xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
|
||||||
|
(CatalogFeatures)_xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES));
|
||||||
|
|
||||||
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, XMLConstants.ACCESS_EXTERNAL_DTD,
|
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, XMLConstants.ACCESS_EXTERNAL_DTD,
|
||||||
_xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD), true);
|
_xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD), true);
|
||||||
|
|
||||||
|
|
||||||
boolean supportCatalog = true;
|
|
||||||
boolean useCatalog = _xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG);
|
|
||||||
try {
|
|
||||||
reader.setFeature(JdkXmlUtils.USE_CATALOG, useCatalog);
|
|
||||||
}
|
|
||||||
catch (SAXNotRecognizedException | SAXNotSupportedException e) {
|
|
||||||
supportCatalog = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (supportCatalog && useCatalog) {
|
|
||||||
try {
|
|
||||||
CatalogFeatures cf = (CatalogFeatures)_xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES);
|
|
||||||
if (cf != null) {
|
|
||||||
for (CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
|
|
||||||
reader.setProperty(f.getPropertyName(), cf.get(f));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (SAXNotRecognizedException e) {
|
|
||||||
//shall not happen for internal settings
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
String lastProperty = "";
|
|
||||||
try {
|
|
||||||
XMLSecurityManager securityManager =
|
|
||||||
(XMLSecurityManager)_xsltc.getProperty(JdkConstants.SECURITY_MANAGER);
|
|
||||||
for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
|
|
||||||
if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
|
|
||||||
lastProperty = limit.apiProperty();
|
|
||||||
reader.setProperty(lastProperty, securityManager.getLimitValueAsString(limit));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (securityManager.printEntityCountInfo()) {
|
|
||||||
lastProperty = JdkConstants.JDK_DEBUG_LIMIT;
|
|
||||||
reader.setProperty(lastProperty, JdkConstants.JDK_YES);
|
|
||||||
}
|
|
||||||
} catch (SAXException se) {
|
|
||||||
XMLSecurityManager.printWarning(reader.getClass().getName(), lastProperty, se);
|
|
||||||
}
|
|
||||||
|
|
||||||
// try setting other JDK-impl properties, ignore if not supported
|
// try setting other JDK-impl properties, ignore if not supported
|
||||||
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
||||||
_xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
|
_xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
|
||||||
|
|
||||||
return(parse(reader, input));
|
return(parse(reader, input));
|
||||||
}
|
}
|
||||||
catch (SAXException e) {
|
|
||||||
reportError(ERROR, new ErrorMsg(e.getMessage()));
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public SyntaxTreeNode getDocumentRoot() {
|
public SyntaxTreeNode getDocumentRoot() {
|
||||||
return _root;
|
return _root;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -42,6 +42,8 @@ import org.xml.sax.helpers.XMLFilterImpl;
|
|||||||
* skeleton extension of XMLFilterImpl for now.
|
* skeleton extension of XMLFilterImpl for now.
|
||||||
* @author Santiago Pericas-Geertsen
|
* @author Santiago Pericas-Geertsen
|
||||||
* @author G. Todd Miller
|
* @author G. Todd Miller
|
||||||
|
*
|
||||||
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
||||||
public class TrAXFilter extends XMLFilterImpl {
|
public class TrAXFilter extends XMLFilterImpl {
|
||||||
@ -64,8 +66,11 @@ public class TrAXFilter extends XMLFilterImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void createParent() throws SAXException {
|
private void createParent() throws SAXException {
|
||||||
XMLReader parent = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
|
XMLReader parent = JdkXmlUtils.getXMLReader(_transformer._securityManager,
|
||||||
_transformer.isSecureProcessing());
|
_overrideDefaultParser,
|
||||||
|
_transformer.isSecureProcessing(),
|
||||||
|
_transformer._useCatalog,
|
||||||
|
_transformer._catalogFeatures);
|
||||||
|
|
||||||
// make this XMLReader the parent of this filter
|
// make this XMLReader the parent of this filter
|
||||||
setParent(parent);
|
setParent(parent);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -20,8 +20,6 @@
|
|||||||
|
|
||||||
package com.sun.org.apache.xalan.internal.xsltc.trax;
|
package com.sun.org.apache.xalan.internal.xsltc.trax;
|
||||||
|
|
||||||
import jdk.xml.internal.JdkConstants;
|
|
||||||
import jdk.xml.internal.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase;
|
import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase;
|
||||||
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
|
import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
|
||||||
import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
|
import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
|
||||||
@ -71,6 +69,7 @@ import javax.xml.transform.sax.TransformerHandler;
|
|||||||
import javax.xml.transform.stax.*;
|
import javax.xml.transform.stax.*;
|
||||||
import javax.xml.transform.stream.StreamResult;
|
import javax.xml.transform.stream.StreamResult;
|
||||||
import javax.xml.transform.stream.StreamSource;
|
import javax.xml.transform.stream.StreamSource;
|
||||||
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
import jdk.xml.internal.JdkXmlFeatures;
|
import jdk.xml.internal.JdkXmlFeatures;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
@ -78,6 +77,7 @@ import jdk.xml.internal.JdkProperty.ImplPropMap;
|
|||||||
import jdk.xml.internal.JdkProperty.State;
|
import jdk.xml.internal.JdkProperty.State;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
import jdk.xml.internal.TransformErrorListener;
|
import jdk.xml.internal.TransformErrorListener;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
import org.xml.sax.XMLFilter;
|
import org.xml.sax.XMLFilter;
|
||||||
@ -88,7 +88,7 @@ import org.xml.sax.XMLReader;
|
|||||||
* @author G. Todd Miller
|
* @author G. Todd Miller
|
||||||
* @author Morten Jorgensen
|
* @author Morten Jorgensen
|
||||||
* @author Santiago Pericas-Geertsen
|
* @author Santiago Pericas-Geertsen
|
||||||
* @LastModified: Jan 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class TransformerFactoryImpl
|
public class TransformerFactoryImpl
|
||||||
extends SAXTransformerFactory implements SourceLoader
|
extends SAXTransformerFactory implements SourceLoader
|
||||||
@ -503,19 +503,19 @@ public class TransformerFactoryImpl
|
|||||||
}
|
}
|
||||||
} else if (JdkXmlUtils.CATALOG_FILES.equals(name)) {
|
} else if (JdkXmlUtils.CATALOG_FILES.equals(name)) {
|
||||||
_catalogFiles = (String) value;
|
_catalogFiles = (String) value;
|
||||||
cfBuilder = CatalogFeatures.builder().with(Feature.FILES, _catalogFiles);
|
cfBuilder = cfBuilder.with(Feature.FILES, _catalogFiles);
|
||||||
return;
|
return;
|
||||||
} else if (JdkXmlUtils.CATALOG_DEFER.equals(name)) {
|
} else if (JdkXmlUtils.CATALOG_DEFER.equals(name)) {
|
||||||
_catalogDefer = (String) value;
|
_catalogDefer = (String) value;
|
||||||
cfBuilder = CatalogFeatures.builder().with(Feature.DEFER, _catalogDefer);
|
cfBuilder = cfBuilder.with(Feature.DEFER, _catalogDefer);
|
||||||
return;
|
return;
|
||||||
} else if (JdkXmlUtils.CATALOG_PREFER.equals(name)) {
|
} else if (JdkXmlUtils.CATALOG_PREFER.equals(name)) {
|
||||||
_catalogPrefer = (String) value;
|
_catalogPrefer = (String) value;
|
||||||
cfBuilder = CatalogFeatures.builder().with(Feature.PREFER, _catalogPrefer);
|
cfBuilder = cfBuilder.with(Feature.PREFER, _catalogPrefer);
|
||||||
return;
|
return;
|
||||||
} else if (JdkXmlUtils.CATALOG_RESOLVE.equals(name)) {
|
} else if (JdkXmlUtils.CATALOG_RESOLVE.equals(name)) {
|
||||||
_catalogResolve = (String) value;
|
_catalogResolve = (String) value;
|
||||||
cfBuilder = CatalogFeatures.builder().with(Feature.RESOLVE, _catalogResolve);
|
cfBuilder = cfBuilder.with(Feature.RESOLVE, _catalogResolve);
|
||||||
return;
|
return;
|
||||||
} else if (ImplPropMap.CDATACHUNKSIZE.is(name)) {
|
} else if (ImplPropMap.CDATACHUNKSIZE.is(name)) {
|
||||||
_cdataChunkSize = JdkXmlUtils.getValue(value, _cdataChunkSize);
|
_cdataChunkSize = JdkXmlUtils.getValue(value, _cdataChunkSize);
|
||||||
@ -765,8 +765,11 @@ public class TransformerFactoryImpl
|
|||||||
baseId = isource.getSystemId();
|
baseId = isource.getSystemId();
|
||||||
|
|
||||||
if (reader == null) {
|
if (reader == null) {
|
||||||
reader = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
|
reader = JdkXmlUtils.getXMLReader(_xmlSecurityManager,
|
||||||
!_isNotSecureProcessing);
|
_overrideDefaultParser,
|
||||||
|
!_isNotSecureProcessing,
|
||||||
|
_xmlFeatures.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
|
||||||
|
_catalogFeatures);
|
||||||
}
|
}
|
||||||
|
|
||||||
_stylesheetPIHandler.setBaseId(baseId);
|
_stylesheetPIHandler.setBaseId(baseId);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -82,7 +82,6 @@ import javax.xml.transform.stax.StAXSource;
|
|||||||
import javax.xml.transform.stream.StreamResult;
|
import javax.xml.transform.stream.StreamResult;
|
||||||
import javax.xml.transform.stream.StreamSource;
|
import javax.xml.transform.stream.StreamSource;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import static jdk.xml.internal.JdkConstants.SP_XSLTC_IS_STANDALONE;
|
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
import jdk.xml.internal.JdkXmlFeatures;
|
import jdk.xml.internal.JdkXmlFeatures;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
@ -101,7 +100,7 @@ import org.xml.sax.ext.LexicalHandler;
|
|||||||
* @author Morten Jorgensen
|
* @author Morten Jorgensen
|
||||||
* @author G. Todd Miller
|
* @author G. Todd Miller
|
||||||
* @author Santiago Pericas-Geertsen
|
* @author Santiago Pericas-Geertsen
|
||||||
* @LastModified: Jan 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public final class TransformerImpl extends Transformer
|
public final class TransformerImpl extends Transformer
|
||||||
implements DOMCache
|
implements DOMCache
|
||||||
@ -219,7 +218,7 @@ public final class TransformerImpl extends Transformer
|
|||||||
*/
|
*/
|
||||||
private String _accessExternalDTD = JdkConstants.EXTERNAL_ACCESS_DEFAULT;
|
private String _accessExternalDTD = JdkConstants.EXTERNAL_ACCESS_DEFAULT;
|
||||||
|
|
||||||
private XMLSecurityManager _securityManager;
|
protected XMLSecurityManager _securityManager;
|
||||||
/**
|
/**
|
||||||
* A map to store parameters for the identity transform. These
|
* A map to store parameters for the identity transform. These
|
||||||
* are not needed during the transformation, but we must keep track of
|
* are not needed during the transformation, but we must keep track of
|
||||||
@ -307,7 +306,7 @@ public final class TransformerImpl extends Transformer
|
|||||||
_useCatalog = _tfactory.getFeature(XMLConstants.USE_CATALOG);
|
_useCatalog = _tfactory.getFeature(XMLConstants.USE_CATALOG);
|
||||||
if (_useCatalog) {
|
if (_useCatalog) {
|
||||||
_catalogFeatures = (CatalogFeatures)_tfactory.getAttribute(JdkXmlFeatures.CATALOG_FEATURES);
|
_catalogFeatures = (CatalogFeatures)_tfactory.getAttribute(JdkXmlFeatures.CATALOG_FEATURES);
|
||||||
String catalogFiles = _catalogFeatures.get(CatalogFeatures.Feature.DEFER);
|
String catalogFiles = _catalogFeatures.get(CatalogFeatures.Feature.FILES);
|
||||||
if (catalogFiles != null) {
|
if (catalogFiles != null) {
|
||||||
_readerManager.setFeature(XMLConstants.USE_CATALOG, _useCatalog);
|
_readerManager.setFeature(XMLConstants.USE_CATALOG, _useCatalog);
|
||||||
_readerManager.setProperty(JdkXmlFeatures.CATALOG_FEATURES, _catalogFeatures);
|
_readerManager.setProperty(JdkXmlFeatures.CATALOG_FEATURES, _catalogFeatures);
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -41,7 +41,6 @@ import jdk.xml.internal.JdkXmlUtils;
|
|||||||
import jdk.xml.internal.XMLSecurityManager;
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.Document;
|
import org.w3c.dom.Document;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
import org.xml.sax.SAXException;
|
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
import org.xml.sax.SAXNotRecognizedException;
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
import org.xml.sax.SAXNotSupportedException;
|
||||||
import org.xml.sax.XMLReader;
|
import org.xml.sax.XMLReader;
|
||||||
@ -51,7 +50,7 @@ import org.xml.sax.XMLReader;
|
|||||||
*
|
*
|
||||||
* Added Catalog Support for URI resolution
|
* Added Catalog Support for URI resolution
|
||||||
*
|
*
|
||||||
* @LastModified: Jan 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
||||||
public final class Util {
|
public final class Util {
|
||||||
@ -91,8 +90,12 @@ public final class Util {
|
|||||||
if (reader == null) {
|
if (reader == null) {
|
||||||
boolean overrideDefaultParser = xsltc.getFeature(
|
boolean overrideDefaultParser = xsltc.getFeature(
|
||||||
JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
|
JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
|
||||||
reader = JdkXmlUtils.getXMLReader(overrideDefaultParser,
|
reader = JdkXmlUtils.getXMLReader(
|
||||||
xsltc.isSecureProcessing());
|
(XMLSecurityManager)xsltc.getProperty(JdkConstants.SECURITY_MANAGER),
|
||||||
|
overrideDefaultParser,
|
||||||
|
xsltc.isSecureProcessing(),
|
||||||
|
xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
|
||||||
|
(CatalogFeatures)xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES));
|
||||||
} else {
|
} else {
|
||||||
// compatibility for legacy applications
|
// compatibility for legacy applications
|
||||||
reader.setFeature
|
reader.setFeature
|
||||||
@ -107,27 +110,6 @@ public final class Util {
|
|||||||
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
||||||
xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
|
xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
|
||||||
|
|
||||||
String lastProperty = "";
|
|
||||||
try {
|
|
||||||
XMLSecurityManager securityManager =
|
|
||||||
(XMLSecurityManager)xsltc.getProperty(JdkConstants.SECURITY_MANAGER);
|
|
||||||
if (securityManager != null) {
|
|
||||||
for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
|
|
||||||
if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
|
|
||||||
lastProperty = limit.apiProperty();
|
|
||||||
reader.setProperty(lastProperty,
|
|
||||||
securityManager.getLimitValueAsString(limit));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (securityManager.printEntityCountInfo()) {
|
|
||||||
lastProperty = JdkConstants.JDK_DEBUG_LIMIT;
|
|
||||||
reader.setProperty(lastProperty, JdkConstants.JDK_YES);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (SAXException se) {
|
|
||||||
XMLSecurityManager.printWarning(reader.getClass().getName(), lastProperty, se);
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean supportCatalog = true;
|
boolean supportCatalog = true;
|
||||||
boolean useCatalog = xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG);
|
boolean useCatalog = xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG);
|
||||||
try {
|
try {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -32,7 +32,6 @@ import com.sun.org.apache.xerces.internal.util.MessageFormatter;
|
|||||||
import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
|
import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
|
||||||
import com.sun.org.apache.xerces.internal.util.PropertyState;
|
import com.sun.org.apache.xerces.internal.util.PropertyState;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
|
||||||
@ -56,6 +55,7 @@ import javax.xml.XMLConstants;
|
|||||||
import javax.xml.catalog.CatalogFeatures;
|
import javax.xml.catalog.CatalogFeatures;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.DOMConfiguration;
|
import org.w3c.dom.DOMConfiguration;
|
||||||
import org.w3c.dom.DOMErrorHandler;
|
import org.w3c.dom.DOMErrorHandler;
|
||||||
import org.w3c.dom.DOMException;
|
import org.w3c.dom.DOMException;
|
||||||
@ -71,7 +71,7 @@ import org.w3c.dom.ls.LSResourceResolver;
|
|||||||
*
|
*
|
||||||
* @author Elena Litani, IBM
|
* @author Elena Litani, IBM
|
||||||
* @author Neeraj Bajaj, Sun Microsystems.
|
* @author Neeraj Bajaj, Sun Microsystems.
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class DOMConfigurationImpl extends ParserConfigurationSettings
|
public class DOMConfigurationImpl extends ParserConfigurationSettings
|
||||||
implements XMLParserConfiguration, DOMConfiguration {
|
implements XMLParserConfiguration, DOMConfiguration {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -24,7 +24,6 @@
|
|||||||
*/
|
*/
|
||||||
package com.sun.org.apache.xerces.internal.impl;
|
package com.sun.org.apache.xerces.internal.impl;
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
|
import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
@ -36,6 +35,7 @@ import javax.xml.stream.XMLResolver;
|
|||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class manages the properties for the Stax specification and its
|
* This class manages the properties for the Stax specification and its
|
||||||
@ -45,6 +45,8 @@ import jdk.xml.internal.JdkXmlUtils;
|
|||||||
* @author Neeraj Bajaj
|
* @author Neeraj Bajaj
|
||||||
* @author K Venugopal
|
* @author K Venugopal
|
||||||
* @author Sunitha Reddy
|
* @author Sunitha Reddy
|
||||||
|
*
|
||||||
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class PropertyManager {
|
public class PropertyManager {
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -27,10 +27,10 @@ import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
|||||||
import com.sun.org.apache.xerces.internal.util.XML11Char;
|
import com.sun.org.apache.xerces.internal.util.XML11Char;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLString;
|
import com.sun.org.apache.xerces.internal.xni.XMLString;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the entity scanner methods in
|
* Implements the entity scanner methods in
|
||||||
@ -41,7 +41,7 @@ import java.io.IOException;
|
|||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
* @author Neil Graham, IBM
|
* @author Neil Graham, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: Aug 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class XML11EntityScanner
|
public class XML11EntityScanner
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -27,7 +27,6 @@ import com.sun.org.apache.xerces.internal.impl.dtd.XMLDTDValidatorFilter;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
||||||
@ -36,6 +35,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
|||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
|
||||||
import javax.xml.stream.events.XMLEvent;
|
import javax.xml.stream.events.XMLEvent;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -70,7 +70,7 @@ import javax.xml.stream.events.XMLEvent;
|
|||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
* @author Sunitha Reddy, Sun Microsystems
|
* @author Sunitha Reddy, Sun Microsystems
|
||||||
*
|
*
|
||||||
* @LastModified: Nov 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
|
public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl {
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -25,8 +25,6 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
|||||||
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
||||||
@ -41,6 +39,8 @@ import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
|||||||
import com.sun.xml.internal.stream.dtd.nonvalidating.DTDGrammar;
|
import com.sun.xml.internal.stream.dtd.nonvalidating.DTDGrammar;
|
||||||
import java.io.EOFException;
|
import java.io.EOFException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class is responsible for scanning the declarations found
|
* This class is responsible for scanning the declarations found
|
||||||
@ -63,7 +63,7 @@ import java.io.IOException;
|
|||||||
* @author Glenn Marcy, IBM
|
* @author Glenn Marcy, IBM
|
||||||
* @author Eric Ye, IBM
|
* @author Eric Ye, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: Feb 2020
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLDTDScannerImpl
|
public class XMLDTDScannerImpl
|
||||||
extends XMLScanner
|
extends XMLScanner
|
||||||
@ -388,6 +388,7 @@ implements XMLDTDScanner, XMLComponent, XMLEntityHandler {
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
fStringBuffer.clear();
|
fStringBuffer.clear();
|
||||||
|
fEntityScanner = fEntityManager.getEntityScanner();
|
||||||
while (fEntityScanner.scanData("]", fStringBuffer, 0)) {
|
while (fEntityScanner.scanData("]", fStringBuffer, 0)) {
|
||||||
int c = fEntityScanner.peekChar();
|
int c = fEntityScanner.peekChar();
|
||||||
if (c != -1) {
|
if (c != -1) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -28,8 +28,6 @@ import com.sun.org.apache.xerces.internal.util.XMLAttributesIteratorImpl;
|
|||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
@ -56,6 +54,8 @@ import javax.xml.stream.events.XMLEvent;
|
|||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
@ -74,7 +74,7 @@ import jdk.xml.internal.SecuritySupport;
|
|||||||
* @author Eric Ye, IBM
|
* @author Eric Ye, IBM
|
||||||
* @author Sunitha Reddy, SUN Microsystems
|
* @author Sunitha Reddy, SUN Microsystems
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLDocumentFragmentScannerImpl
|
public class XMLDocumentFragmentScannerImpl
|
||||||
extends XMLScanner
|
extends XMLScanner
|
||||||
@ -326,6 +326,8 @@ public class XMLDocumentFragmentScannerImpl
|
|||||||
protected String fDeclaredEncoding = null;
|
protected String fDeclaredEncoding = null;
|
||||||
/** Xerces Feature: Disallow doctype declaration. */
|
/** Xerces Feature: Disallow doctype declaration. */
|
||||||
protected boolean fDisallowDoctype = false;
|
protected boolean fDisallowDoctype = false;
|
||||||
|
// DTD Error Code
|
||||||
|
protected String fDTDErrorCode = null;
|
||||||
|
|
||||||
/** Create entity reference nodes. */
|
/** Create entity reference nodes. */
|
||||||
protected boolean fCreateEntityRefNodes = false;
|
protected boolean fCreateEntityRefNodes = false;
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -43,9 +43,11 @@ import com.sun.xml.internal.stream.dtd.DTDGrammarUtil;
|
|||||||
import java.io.CharConversionException;
|
import java.io.CharConversionException;
|
||||||
import java.io.EOFException;
|
import java.io.EOFException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import javax.xml.stream.XMLInputFactory;
|
|
||||||
import javax.xml.stream.events.XMLEvent;
|
import javax.xml.stream.events.XMLEvent;
|
||||||
|
import jdk.xml.internal.JdkConstants;
|
||||||
|
import jdk.xml.internal.JdkProperty.State;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -67,7 +69,7 @@ import jdk.xml.internal.SecuritySupport;
|
|||||||
* Refer to the table in unit-test javax.xml.stream.XMLStreamReaderTest.SupportDTD for changes
|
* Refer to the table in unit-test javax.xml.stream.XMLStreamReaderTest.SupportDTD for changes
|
||||||
* related to property SupportDTD.
|
* related to property SupportDTD.
|
||||||
* @author Joe Wang, Sun Microsystems
|
* @author Joe Wang, Sun Microsystems
|
||||||
* @LastModified: Sep 2017
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLDocumentScannerImpl
|
public class XMLDocumentScannerImpl
|
||||||
extends XMLDocumentFragmentScannerImpl{
|
extends XMLDocumentFragmentScannerImpl{
|
||||||
@ -258,16 +260,11 @@ public class XMLDocumentScannerImpl
|
|||||||
setScannerState(XMLEvent.START_DOCUMENT);
|
setScannerState(XMLEvent.START_DOCUMENT);
|
||||||
} // setInputSource(XMLInputSource)
|
} // setInputSource(XMLInputSource)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/**return the state of the scanner */
|
/**return the state of the scanner */
|
||||||
public int getScannetState(){
|
public int getScannetState(){
|
||||||
return fScannerState ;
|
return fScannerState ;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public void reset(PropertyManager propertyManager) {
|
public void reset(PropertyManager propertyManager) {
|
||||||
super.reset(propertyManager);
|
super.reset(propertyManager);
|
||||||
// other settings
|
// other settings
|
||||||
@ -276,10 +273,14 @@ public class XMLDocumentScannerImpl
|
|||||||
fDoctypeSystemId = null;
|
fDoctypeSystemId = null;
|
||||||
fSeenDoctypeDecl = false;
|
fSeenDoctypeDecl = false;
|
||||||
fNamespaceContext.reset();
|
fNamespaceContext.reset();
|
||||||
fSupportDTD = ((Boolean)propertyManager.getProperty(XMLInputFactory.SUPPORT_DTD)).booleanValue();
|
|
||||||
|
// Check the DTD setting
|
||||||
|
checkDTDSetting();
|
||||||
|
|
||||||
// xerces features
|
// xerces features
|
||||||
fLoadExternalDTD = !((Boolean)propertyManager.getProperty(Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD)).booleanValue();
|
fLoadExternalDTD = !((Boolean)propertyManager.getProperty(
|
||||||
|
Constants.ZEPHYR_PROPERTY_PREFIX + Constants.IGNORE_EXTERNAL_DTD));
|
||||||
|
|
||||||
setScannerState(XMLEvent.START_DOCUMENT);
|
setScannerState(XMLEvent.START_DOCUMENT);
|
||||||
setDriver(fXMLDeclDriver);
|
setDriver(fXMLDeclDriver);
|
||||||
fSeenInternalSubset = false;
|
fSeenInternalSubset = false;
|
||||||
@ -320,9 +321,11 @@ public class XMLDocumentScannerImpl
|
|||||||
fSeenDoctypeDecl = false;
|
fSeenDoctypeDecl = false;
|
||||||
fExternalSubsetSource = null;
|
fExternalSubsetSource = null;
|
||||||
|
|
||||||
|
// Check the DTD setting
|
||||||
|
checkDTDSetting();
|
||||||
|
|
||||||
// xerces features
|
// xerces features
|
||||||
fLoadExternalDTD = componentManager.getFeature(LOAD_EXTERNAL_DTD, true);
|
fLoadExternalDTD = componentManager.getFeature(LOAD_EXTERNAL_DTD, true);
|
||||||
fDisallowDoctype = componentManager.getFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false);
|
|
||||||
|
|
||||||
fNamespaces = componentManager.getFeature(NAMESPACES, true);
|
fNamespaces = componentManager.getFeature(NAMESPACES, true);
|
||||||
|
|
||||||
@ -355,6 +358,26 @@ public class XMLDocumentScannerImpl
|
|||||||
|
|
||||||
} // reset(XMLComponentManager)
|
} // reset(XMLComponentManager)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks the DTD settings. Uses the JDK property {@code jdk.xml.dtd.support}
|
||||||
|
* in all cases except:
|
||||||
|
* if the Xerces property is set
|
||||||
|
* if the StAX property is set
|
||||||
|
*/
|
||||||
|
private void checkDTDSetting() {
|
||||||
|
fDisallowDoctype = fSecurityManager.is(Limit.DTD, JdkConstants.DENY);
|
||||||
|
fSupportDTD = !fSecurityManager.is(Limit.DTD, JdkConstants.IGNORE);
|
||||||
|
fDTDErrorCode = "JDK_DTD_DENY";
|
||||||
|
|
||||||
|
if (fSecurityManager.getState(Limit.XERCES_DISALLOW_DTD) == State.APIPROPERTY
|
||||||
|
|| fSecurityManager.getState(Limit.XERCES_DISALLOW_DTD) == State.LEGACY_APIPROPERTY) {
|
||||||
|
fDisallowDoctype = fSecurityManager.is(Limit.XERCES_DISALLOW_DTD);
|
||||||
|
fDTDErrorCode = "DoctypeNotAllowed";
|
||||||
|
} else if (fSecurityManager.getState(Limit.STAX_SUPPORT_DTD) == State.APIPROPERTY
|
||||||
|
|| fSecurityManager.getState(Limit.STAX_SUPPORT_DTD) == State.LEGACY_APIPROPERTY) {
|
||||||
|
fSupportDTD = fSecurityManager.is(Limit.STAX_SUPPORT_DTD);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of feature identifiers that are recognized by
|
* Returns a list of feature identifiers that are recognized by
|
||||||
@ -895,7 +918,7 @@ public class XMLDocumentScannerImpl
|
|||||||
|
|
||||||
case SCANNER_STATE_DOCTYPE: {
|
case SCANNER_STATE_DOCTYPE: {
|
||||||
if (fDisallowDoctype) {
|
if (fDisallowDoctype) {
|
||||||
reportFatalError("DoctypeNotAllowed", null);
|
reportFatalError(fDTDErrorCode, null);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fSeenDoctypeDecl) {
|
if (fSeenDoctypeDecl) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2009, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2009, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -28,8 +28,6 @@ import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
|
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
|
||||||
import com.sun.org.apache.xerces.internal.util.*;
|
import com.sun.org.apache.xerces.internal.util.*;
|
||||||
import com.sun.org.apache.xerces.internal.util.URI;
|
import com.sun.org.apache.xerces.internal.util.URI;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
||||||
@ -59,8 +57,12 @@ import javax.xml.catalog.CatalogResolver;
|
|||||||
import javax.xml.stream.XMLInputFactory;
|
import javax.xml.stream.XMLInputFactory;
|
||||||
import javax.xml.transform.Source;
|
import javax.xml.transform.Source;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
|
import jdk.xml.internal.JdkProperty;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
|
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
|
|
||||||
|
|
||||||
@ -91,7 +93,7 @@ import org.xml.sax.InputSource;
|
|||||||
* @author K.Venugopal SUN Microsystems
|
* @author K.Venugopal SUN Microsystems
|
||||||
* @author Neeraj Bajaj SUN Microsystems
|
* @author Neeraj Bajaj SUN Microsystems
|
||||||
* @author Sunitha Reddy SUN Microsystems
|
* @author Sunitha Reddy SUN Microsystems
|
||||||
* @LastModified: Aug 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
||||||
|
|
||||||
@ -1544,7 +1546,6 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
|||||||
fStaxEntityResolver = null;
|
fStaxEntityResolver = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
fSupportDTD = ((Boolean)propertyManager.getProperty(XMLInputFactory.SUPPORT_DTD));
|
|
||||||
fReplaceEntityReferences = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES));
|
fReplaceEntityReferences = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES));
|
||||||
fSupportExternalEntities = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES));
|
fSupportExternalEntities = ((Boolean)propertyManager.getProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES));
|
||||||
|
|
||||||
@ -1563,6 +1564,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
|||||||
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
|
fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD);
|
||||||
|
|
||||||
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
|
fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER);
|
||||||
|
checkSupportDTD();
|
||||||
|
|
||||||
fLimitAnalyzer = new XMLLimitAnalyzer();
|
fLimitAnalyzer = new XMLLimitAnalyzer();
|
||||||
//reset fEntityStorage
|
//reset fEntityStorage
|
||||||
@ -1633,7 +1635,7 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
|||||||
entityExpansionIndex = fSecurityManager.getIndex(JdkConstants.SP_ENTITY_EXPANSION_LIMIT);
|
entityExpansionIndex = fSecurityManager.getIndex(JdkConstants.SP_ENTITY_EXPANSION_LIMIT);
|
||||||
|
|
||||||
//StAX Property
|
//StAX Property
|
||||||
fSupportDTD = true;
|
checkSupportDTD();
|
||||||
fReplaceEntityReferences = true;
|
fReplaceEntityReferences = true;
|
||||||
fSupportExternalEntities = true;
|
fSupportExternalEntities = true;
|
||||||
|
|
||||||
@ -1659,6 +1661,20 @@ public class XMLEntityManager implements XMLComponent, XMLEntityResolver {
|
|||||||
|
|
||||||
} // reset(XMLComponentManager)
|
} // reset(XMLComponentManager)
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks the supportDTD setting. Use the StAX supportDTD property if it is
|
||||||
|
* set, otherwise the jdk.xml.dtd.support. Refer to the module-summary for
|
||||||
|
* more details.
|
||||||
|
*/
|
||||||
|
private void checkSupportDTD() {
|
||||||
|
// SupportDTD set the DTD property, so no longer read from propertyManager
|
||||||
|
fSupportDTD = !fSecurityManager.is(Limit.DTD, JdkConstants.IGNORE);
|
||||||
|
if (fSecurityManager.getState(Limit.STAX_SUPPORT_DTD) == JdkProperty.State.APIPROPERTY
|
||||||
|
|| fSecurityManager.getState(Limit.STAX_SUPPORT_DTD) == JdkProperty.State.LEGACY_APIPROPERTY) {
|
||||||
|
fSupportDTD = fSecurityManager.is(Limit.STAX_SUPPORT_DTD);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// reset general state. Should not be called other than by
|
// reset general state. Should not be called other than by
|
||||||
// a class acting as a component manager but not
|
// a class acting as a component manager but not
|
||||||
// implementing that interface for whatever reason.
|
// implementing that interface for whatever reason.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -32,9 +32,6 @@ import com.sun.org.apache.xerces.internal.util.EncodingMap;
|
|||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.*;
|
import com.sun.org.apache.xerces.internal.xni.*;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||||
@ -48,6 +45,9 @@ import java.io.InputStreamReader;
|
|||||||
import java.io.Reader;
|
import java.io.Reader;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
|
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Implements the entity scanner methods.
|
* Implements the entity scanner methods.
|
||||||
@ -57,7 +57,7 @@ import java.util.Locale;
|
|||||||
* @author Arnaud Le Hors, IBM
|
* @author Arnaud Le Hors, IBM
|
||||||
* @author K.Venugopal Sun Microsystems
|
* @author K.Venugopal Sun Microsystems
|
||||||
*
|
*
|
||||||
* @LastModified: Mar 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLEntityScanner implements XMLLocator {
|
public class XMLEntityScanner implements XMLLocator {
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -34,9 +34,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
|||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
|
|
||||||
import javax.xml.stream.events.XMLEvent;
|
import javax.xml.stream.events.XMLEvent;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This class adds the functionality of namespace processing.
|
* This class adds the functionality of namespace processing.
|
||||||
@ -55,7 +54,7 @@ import javax.xml.stream.events.XMLEvent;
|
|||||||
* @author Venugopal Rao K, Sun Microsystems
|
* @author Venugopal Rao K, Sun Microsystems
|
||||||
* @author Elena Litani, IBM
|
* @author Elena Litani, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: Nov 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLNSDocumentScannerImpl
|
public class XMLNSDocumentScannerImpl
|
||||||
extends XMLDocumentScannerImpl {
|
extends XMLDocumentScannerImpl {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2003, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -30,8 +30,6 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
|||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
import com.sun.org.apache.xerces.internal.util.XMLStringBuffer;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLAttributes;
|
import com.sun.org.apache.xerces.internal.xni.XMLAttributes;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier;
|
||||||
@ -41,6 +39,8 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
|
|||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||||
import com.sun.xml.internal.stream.Entity;
|
import com.sun.xml.internal.stream.Entity;
|
||||||
|
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
//import com.sun.xml.stream.XMLEntityManager;
|
//import com.sun.xml.stream.XMLEntityManager;
|
||||||
//import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
//import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
||||||
@ -67,7 +67,7 @@ import com.sun.xml.internal.stream.Entity;
|
|||||||
* @author Eric Ye, IBM
|
* @author Eric Ye, IBM
|
||||||
* @author K.Venugopal SUN Microsystems
|
* @author K.Venugopal SUN Microsystems
|
||||||
* @author Sunitha Reddy, SUN Microsystems
|
* @author Sunitha Reddy, SUN Microsystems
|
||||||
* @LastModified: Aug 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public abstract class XMLScanner
|
public abstract class XMLScanner
|
||||||
implements XMLComponent {
|
implements XMLComponent {
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
#
|
#
|
||||||
|
# Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
#
|
||||||
|
#
|
||||||
# Licensed to the Apache Software Foundation (ASF) under one or more
|
# Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
# contributor license agreements. See the NOTICE file distributed with
|
# contributor license agreements. See the NOTICE file distributed with
|
||||||
# this work for additional information regarding copyright ownership.
|
# this work for additional information regarding copyright ownership.
|
||||||
@ -323,3 +326,8 @@
|
|||||||
# Catalog 09
|
# Catalog 09
|
||||||
# Technical term, do not translate: catalog
|
# Technical term, do not translate: catalog
|
||||||
CatalogException=JAXP00090001: The CatalogResolver is enabled with the catalog \"{0}\", but a CatalogException is returned.
|
CatalogException=JAXP00090001: The CatalogResolver is enabled with the catalog \"{0}\", but a CatalogException is returned.
|
||||||
|
|
||||||
|
# Implementation Property DTD
|
||||||
|
JDK_DTD_DENY = JAXP00010008: DOCTYPE is disallowed when the DTD property is set to deny. \
|
||||||
|
Refer to: property jdk.xml.dtd.support in java.xml/module-summary.
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2011, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -41,7 +41,6 @@ import com.sun.org.apache.xerces.internal.util.Status;
|
|||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
|
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
@ -76,7 +75,7 @@ import java.util.StringTokenizer;
|
|||||||
import java.util.WeakHashMap;
|
import java.util.WeakHashMap;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlFeatures;
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
import org.w3c.dom.DOMConfiguration;
|
import org.w3c.dom.DOMConfiguration;
|
||||||
@ -103,7 +102,7 @@ import org.xml.sax.InputSource;
|
|||||||
* @xerces.internal
|
* @xerces.internal
|
||||||
*
|
*
|
||||||
* @author Neil Graham, IBM
|
* @author Neil Graham, IBM
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElementDeclHelper,
|
public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElementDeclHelper,
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -25,16 +25,16 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
||||||
import com.sun.org.apache.xerces.internal.impl.dtd.models.CMNode;
|
import com.sun.org.apache.xerces.internal.impl.dtd.models.CMNode;
|
||||||
import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter;
|
import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @xerces.internal
|
* @xerces.internal
|
||||||
*
|
*
|
||||||
* @author Neeraj Bajaj
|
* @author Neeraj Bajaj
|
||||||
*
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class CMNodeFactory {
|
public class CMNodeFactory {
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -34,7 +34,6 @@ import com.sun.org.apache.xerces.internal.util.DOMUtil;
|
|||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
import com.sun.org.apache.xerces.internal.xs.XSConstants;
|
import com.sun.org.apache.xerces.internal.xs.XSConstants;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
@ -42,6 +41,7 @@ import java.util.HashMap;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.StringTokenizer;
|
import java.util.StringTokenizer;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.Attr;
|
import org.w3c.dom.Attr;
|
||||||
import org.w3c.dom.Element;
|
import org.w3c.dom.Element;
|
||||||
|
|
||||||
@ -67,7 +67,7 @@ import org.w3c.dom.Element;
|
|||||||
* @xerces.internal
|
* @xerces.internal
|
||||||
*
|
*
|
||||||
* @author Sandy Gao, IBM
|
* @author Sandy Gao, IBM
|
||||||
* @LastModified: Apr 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class XSAttributeChecker {
|
public class XSAttributeChecker {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2007, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -62,7 +62,6 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
|||||||
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
|
import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
import com.sun.org.apache.xerces.internal.util.XMLChar;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
@ -109,6 +108,7 @@ import javax.xml.stream.XMLStreamReader;
|
|||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import jdk.xml.internal.SecuritySupport;
|
import jdk.xml.internal.SecuritySupport;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.Document;
|
import org.w3c.dom.Document;
|
||||||
import org.w3c.dom.Element;
|
import org.w3c.dom.Element;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
@ -131,7 +131,7 @@ import org.xml.sax.XMLReader;
|
|||||||
* @author Neil Graham, IBM
|
* @author Neil Graham, IBM
|
||||||
* @author Pavani Mukthipudi, Sun Microsystems
|
* @author Pavani Mukthipudi, Sun Microsystems
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
@SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
|
||||||
public class XSDHandler {
|
public class XSDHandler {
|
||||||
@ -2283,8 +2283,10 @@ public class XSDHandler {
|
|||||||
catch (SAXException se) {}
|
catch (SAXException se) {}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
parser = JdkXmlUtils.getXMLReader(fOverrideDefaultParser,
|
parser = JdkXmlUtils.getXMLReader(fSecurityManager,
|
||||||
fSecurityManager.isSecureProcessing());
|
fOverrideDefaultParser, fSecurityManager.isSecureProcessing(),
|
||||||
|
fUseCatalog,
|
||||||
|
JdkXmlUtils.getCatalogFeatures(fDefer, fCatalogFile, fPrefer, fResolve));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
parser.setFeature(NAMESPACE_PREFIXES, true);
|
parser.setFeature(NAMESPACE_PREFIXES, true);
|
||||||
|
@ -22,7 +22,6 @@ package com.sun.org.apache.xerces.internal.jaxp;
|
|||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.parsers.DOMParser;
|
import com.sun.org.apache.xerces.internal.parsers.DOMParser;
|
||||||
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -32,6 +31,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
|
|||||||
import javax.xml.parsers.ParserConfigurationException;
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
import javax.xml.validation.Schema;
|
import javax.xml.validation.Schema;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
import org.xml.sax.SAXNotRecognizedException;
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
import org.xml.sax.SAXNotSupportedException;
|
||||||
@ -39,7 +39,7 @@ import org.xml.sax.SAXNotSupportedException;
|
|||||||
/**
|
/**
|
||||||
* @author Rajiv Mordani
|
* @author Rajiv Mordani
|
||||||
* @author Edwin Goei
|
* @author Edwin Goei
|
||||||
* @LastModified: Mar 2023
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
||||||
/** These are DocumentBuilderFactory attributes not DOM attributes */
|
/** These are DocumentBuilderFactory attributes not DOM attributes */
|
||||||
@ -79,6 +79,8 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
// read system properties for compatibility
|
||||||
|
fSecurityManager.readSystemProperties();
|
||||||
return new DocumentBuilderImpl(this, attributes, features, fSecureProcess);
|
return new DocumentBuilderImpl(this, attributes, features, fSecureProcess);
|
||||||
} catch (SAXException se) {
|
} catch (SAXException se) {
|
||||||
// Handles both SAXNotSupportedException, SAXNotRecognizedException
|
// Handles both SAXNotSupportedException, SAXNotRecognizedException
|
||||||
@ -232,6 +234,7 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory {
|
|||||||
"jaxp-secureprocessing-feature", null));
|
"jaxp-secureprocessing-feature", null));
|
||||||
}
|
}
|
||||||
fSecureProcess = value;
|
fSecureProcess = value;
|
||||||
|
fSecurityManager.setSecureProcessing(fSecureProcess);
|
||||||
features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
|
features.put(name, value ? Boolean.TRUE : Boolean.FALSE);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2007, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -35,7 +35,6 @@ import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
|
import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
|
||||||
import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
|
import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
|
||||||
import com.sun.org.apache.xerces.internal.parsers.DOMParser;
|
import com.sun.org.apache.xerces.internal.parsers.DOMParser;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State;
|
||||||
@ -47,6 +46,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource;
|
|||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.DOMImplementation;
|
import org.w3c.dom.DOMImplementation;
|
||||||
import org.w3c.dom.Document;
|
import org.w3c.dom.Document;
|
||||||
import org.xml.sax.EntityResolver;
|
import org.xml.sax.EntityResolver;
|
||||||
@ -59,7 +59,7 @@ import org.xml.sax.SAXNotSupportedException;
|
|||||||
/**
|
/**
|
||||||
* @author Rajiv Mordani
|
* @author Rajiv Mordani
|
||||||
* @author Edwin Goei
|
* @author Edwin Goei
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class DocumentBuilderImpl extends DocumentBuilder
|
public class DocumentBuilderImpl extends DocumentBuilder
|
||||||
implements JAXPConstants
|
implements JAXPConstants
|
||||||
@ -140,6 +140,12 @@ public class DocumentBuilderImpl extends DocumentBuilder
|
|||||||
{
|
{
|
||||||
domParser = new DOMParser();
|
domParser = new DOMParser();
|
||||||
|
|
||||||
|
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||||
|
domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||||
|
|
||||||
|
fSecurityManager = dbf.fSecurityManager;
|
||||||
|
domParser.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||||
|
|
||||||
// If validating, provide a default ErrorHandler that prints
|
// If validating, provide a default ErrorHandler that prints
|
||||||
// validation errors with a warning telling the user to set an
|
// validation errors with a warning telling the user to set an
|
||||||
// ErrorHandler
|
// ErrorHandler
|
||||||
@ -173,12 +179,6 @@ public class DocumentBuilderImpl extends DocumentBuilder
|
|||||||
domParser.setFeature(XINCLUDE_FEATURE, true);
|
domParser.setFeature(XINCLUDE_FEATURE, true);
|
||||||
}
|
}
|
||||||
|
|
||||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
|
||||||
domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
|
||||||
|
|
||||||
fSecurityManager = new XMLSecurityManager(secureProcessing);
|
|
||||||
domParser.setProperty(SECURITY_MANAGER, fSecurityManager);
|
|
||||||
|
|
||||||
if (secureProcessing) {
|
if (secureProcessing) {
|
||||||
/**
|
/**
|
||||||
* If secure processing is explicitly set on the factory, the
|
* If secure processing is explicitly set on the factory, the
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -22,6 +22,7 @@ package com.sun.org.apache.xerces.internal.jaxp;
|
|||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.impl.Constants;
|
import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||||
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
||||||
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
@ -29,6 +30,7 @@ import javax.xml.parsers.ParserConfigurationException;
|
|||||||
import javax.xml.parsers.SAXParser;
|
import javax.xml.parsers.SAXParser;
|
||||||
import javax.xml.parsers.SAXParserFactory;
|
import javax.xml.parsers.SAXParserFactory;
|
||||||
import javax.xml.validation.Schema;
|
import javax.xml.validation.Schema;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
import org.xml.sax.SAXNotRecognizedException;
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
import org.xml.sax.SAXNotSupportedException;
|
||||||
@ -41,6 +43,7 @@ import org.xml.sax.SAXNotSupportedException;
|
|||||||
* @author Rajiv Mordani
|
* @author Rajiv Mordani
|
||||||
* @author Edwin Goei
|
* @author Edwin Goei
|
||||||
*
|
*
|
||||||
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class SAXParserFactoryImpl extends SAXParserFactory {
|
public class SAXParserFactoryImpl extends SAXParserFactory {
|
||||||
|
|
||||||
@ -65,6 +68,10 @@ public class SAXParserFactoryImpl extends SAXParserFactory {
|
|||||||
*/
|
*/
|
||||||
private boolean fSecureProcess = true;
|
private boolean fSecureProcess = true;
|
||||||
|
|
||||||
|
// Security Managers
|
||||||
|
XMLSecurityManager fSecurityManager = new XMLSecurityManager(true);
|
||||||
|
XMLSecurityPropertyManager fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a new instance of <code>SAXParser</code> using the currently
|
* Creates a new instance of <code>SAXParser</code> using the currently
|
||||||
* configured factory parameters.
|
* configured factory parameters.
|
||||||
@ -75,6 +82,8 @@ public class SAXParserFactoryImpl extends SAXParserFactory {
|
|||||||
{
|
{
|
||||||
SAXParser saxParserImpl;
|
SAXParser saxParserImpl;
|
||||||
try {
|
try {
|
||||||
|
// read system properties for compatibility
|
||||||
|
fSecurityManager.readSystemProperties();
|
||||||
saxParserImpl = new SAXParserImpl(this, features, fSecureProcess);
|
saxParserImpl = new SAXParserImpl(this, features, fSecureProcess);
|
||||||
} catch (SAXException se) {
|
} catch (SAXException se) {
|
||||||
// Translate to ParserConfigurationException
|
// Translate to ParserConfigurationException
|
||||||
@ -122,6 +131,7 @@ public class SAXParserFactoryImpl extends SAXParserFactory {
|
|||||||
"jaxp-secureprocessing-feature", null));
|
"jaxp-secureprocessing-feature", null));
|
||||||
}
|
}
|
||||||
fSecureProcess = value;
|
fSecureProcess = value;
|
||||||
|
fSecurityManager.setSecureProcessing(fSecureProcess);
|
||||||
putInFeatures(name, value);
|
putInFeatures(name, value);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2010, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2010, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -26,7 +26,6 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
|
|||||||
import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
|
import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer;
|
||||||
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.util.Status;
|
import com.sun.org.apache.xerces.internal.util.Status;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
|
||||||
@ -45,6 +44,7 @@ import javax.xml.XMLConstants;
|
|||||||
import javax.xml.validation.Schema;
|
import javax.xml.validation.Schema;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.EntityResolver;
|
import org.xml.sax.EntityResolver;
|
||||||
import org.xml.sax.ErrorHandler;
|
import org.xml.sax.ErrorHandler;
|
||||||
import org.xml.sax.HandlerBase;
|
import org.xml.sax.HandlerBase;
|
||||||
@ -63,7 +63,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
|||||||
* @author Rajiv Mordani
|
* @author Rajiv Mordani
|
||||||
* @author Edwin Goei
|
* @author Edwin Goei
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
||||||
@ -131,8 +131,8 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
|||||||
SAXParserImpl(SAXParserFactoryImpl spf, Map<String, Boolean> features, boolean secureProcessing)
|
SAXParserImpl(SAXParserFactoryImpl spf, Map<String, Boolean> features, boolean secureProcessing)
|
||||||
throws SAXException
|
throws SAXException
|
||||||
{
|
{
|
||||||
fSecurityManager = new XMLSecurityManager(secureProcessing);
|
fSecurityManager = spf.fSecurityManager;
|
||||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
fSecurityPropertyMgr = spf.fSecurityPropertyMgr;
|
||||||
// Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader
|
// Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader
|
||||||
xmlReader = new JAXPSAXParser(this, fSecurityPropertyMgr, fSecurityManager);
|
xmlReader = new JAXPSAXParser(this, fSecurityPropertyMgr, fSecurityManager);
|
||||||
|
|
||||||
@ -412,6 +412,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
|||||||
*/
|
*/
|
||||||
if (fSecurityManager == null) {
|
if (fSecurityManager == null) {
|
||||||
fSecurityManager = new XMLSecurityManager(true);
|
fSecurityManager = new XMLSecurityManager(true);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
super.setProperty(SECURITY_MANAGER, fSecurityManager);
|
super.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||||
} catch (SAXException e) {
|
} catch (SAXException e) {
|
||||||
@ -419,16 +420,16 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
|||||||
SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
|
SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
|
||||||
"property-not-recognized", new Object [] {SECURITY_MANAGER}), e);
|
"property-not-recognized", new Object [] {SECURITY_MANAGER}), e);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if (fSecurityPropertyMgr == null) {
|
if (fSecurityPropertyMgr == null) {
|
||||||
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
fSecurityPropertyMgr = new XMLSecurityPropertyManager();
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||||
} catch (SAXException e) {
|
} catch (SAXException e) {
|
||||||
throw new UnsupportedOperationException(
|
throw new UnsupportedOperationException(
|
||||||
SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
|
SAXMessageFormatter.formatMessage(fConfiguration.getLocale(),
|
||||||
"property-not-recognized", new Object [] {SECURITY_MANAGER}), e);
|
"property-not-recognized", new Object [] {XML_SECURITY_PROPERTY_MANAGER}), e);
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -562,6 +563,11 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser
|
|||||||
setSchemaValidatorProperty(name, value);
|
setSchemaValidatorProperty(name, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (SECURITY_MANAGER.equals(name)) {
|
||||||
|
fSecurityManager = XMLSecurityManager.convert(value, fSecurityManager);
|
||||||
|
super.setProperty(name, value);
|
||||||
|
}
|
||||||
|
|
||||||
//check if the property is managed by security manager
|
//check if the property is managed by security manager
|
||||||
if (fSecurityManager == null ||
|
if (fSecurityManager == null ||
|
||||||
!fSecurityManager.setLimit(name, JdkProperty.State.APIPROPERTY, value)) {
|
!fSecurityManager.setLimit(name, JdkProperty.State.APIPROPERTY, value)) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -26,7 +26,6 @@
|
|||||||
package com.sun.org.apache.xerces.internal.jaxp.validation;
|
package com.sun.org.apache.xerces.internal.jaxp.validation;
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.impl.Constants;
|
import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import javax.xml.transform.Result;
|
import javax.xml.transform.Result;
|
||||||
import javax.xml.transform.Source;
|
import javax.xml.transform.Source;
|
||||||
@ -40,6 +39,7 @@ import javax.xml.transform.sax.TransformerHandler;
|
|||||||
import javax.xml.transform.stax.StAXResult;
|
import javax.xml.transform.stax.StAXResult;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -69,22 +69,9 @@ public final class StAXValidatorHelper implements ValidatorHelper {
|
|||||||
if( identityTransformer1==null ) {
|
if( identityTransformer1==null ) {
|
||||||
try {
|
try {
|
||||||
SAXTransformerFactory tf = JdkXmlUtils.getSAXTransformFactory(
|
SAXTransformerFactory tf = JdkXmlUtils.getSAXTransformFactory(
|
||||||
|
(XMLSecurityManager)fComponentManager.getProperty(Constants.SECURITY_MANAGER),
|
||||||
fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER));
|
fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER));
|
||||||
|
|
||||||
XMLSecurityManager securityManager =
|
|
||||||
(XMLSecurityManager)fComponentManager.getProperty(Constants.SECURITY_MANAGER);
|
|
||||||
if (securityManager != null) {
|
|
||||||
for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
|
|
||||||
if (securityManager.isSet(limit.ordinal())){
|
|
||||||
tf.setAttribute(limit.apiProperty(),
|
|
||||||
securityManager.getLimitValueAsString(limit));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (securityManager.printEntityCountInfo()) {
|
|
||||||
tf.setAttribute(JdkConstants.JDK_DEBUG_LIMIT, "yes");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
identityTransformer1 = tf.newTransformer();
|
identityTransformer1 = tf.newTransformer();
|
||||||
identityTransformer2 = tf.newTransformerHandler();
|
identityTransformer2 = tf.newTransformerHandler();
|
||||||
} catch (TransformerConfigurationException e) {
|
} catch (TransformerConfigurationException e) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -23,7 +23,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
|
||||||
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.parsers.XML11Configuration;
|
import com.sun.org.apache.xerces.internal.parsers.XML11Configuration;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLParseException;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLParseException;
|
||||||
@ -31,18 +31,15 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.ref.SoftReference;
|
import java.lang.ref.SoftReference;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
import javax.xml.catalog.CatalogFeatures;
|
|
||||||
import javax.xml.transform.Result;
|
import javax.xml.transform.Result;
|
||||||
import javax.xml.transform.Source;
|
import javax.xml.transform.Source;
|
||||||
import javax.xml.transform.TransformerConfigurationException;
|
import javax.xml.transform.TransformerConfigurationException;
|
||||||
import javax.xml.transform.TransformerFactory;
|
|
||||||
import javax.xml.transform.TransformerFactoryConfigurationError;
|
import javax.xml.transform.TransformerFactoryConfigurationError;
|
||||||
import javax.xml.transform.sax.SAXTransformerFactory;
|
import javax.xml.transform.sax.SAXTransformerFactory;
|
||||||
import javax.xml.transform.sax.TransformerHandler;
|
import javax.xml.transform.sax.TransformerHandler;
|
||||||
import javax.xml.transform.stream.StreamResult;
|
import javax.xml.transform.stream.StreamResult;
|
||||||
import javax.xml.transform.stream.StreamSource;
|
import javax.xml.transform.stream.StreamSource;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlFeatures;
|
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
|
|
||||||
@ -52,7 +49,7 @@ import org.xml.sax.SAXException;
|
|||||||
*
|
*
|
||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
* @author Sunitha Reddy
|
* @author Sunitha Reddy
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
final class StreamValidatorHelper implements ValidatorHelper {
|
final class StreamValidatorHelper implements ValidatorHelper {
|
||||||
|
|
||||||
@ -141,6 +138,7 @@ final class StreamValidatorHelper implements ValidatorHelper {
|
|||||||
if (result != null) {
|
if (result != null) {
|
||||||
try {
|
try {
|
||||||
SAXTransformerFactory tf = JdkXmlUtils.getSAXTransformFactory(
|
SAXTransformerFactory tf = JdkXmlUtils.getSAXTransformFactory(
|
||||||
|
(XMLSecurityManager)fComponentManager.getProperty(Constants.SECURITY_MANAGER),
|
||||||
fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER));
|
fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER));
|
||||||
|
|
||||||
identityTransformerHandler = tf.newTransformerHandler();
|
identityTransformerHandler = tf.newTransformerHandler();
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -27,7 +27,6 @@ import com.sun.org.apache.xerces.internal.impl.dv.XSSimpleType;
|
|||||||
import com.sun.org.apache.xerces.internal.impl.validation.EntityState;
|
import com.sun.org.apache.xerces.internal.impl.validation.EntityState;
|
||||||
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
|
import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager;
|
||||||
import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
|
import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator;
|
||||||
import com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl;
|
|
||||||
import com.sun.org.apache.xerces.internal.util.AttributesProxy;
|
import com.sun.org.apache.xerces.internal.util.AttributesProxy;
|
||||||
import com.sun.org.apache.xerces.internal.util.SAXLocatorWrapper;
|
import com.sun.org.apache.xerces.internal.util.SAXLocatorWrapper;
|
||||||
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
||||||
@ -36,7 +35,6 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
|||||||
import com.sun.org.apache.xerces.internal.util.URI;
|
import com.sun.org.apache.xerces.internal.util.URI;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
||||||
@ -63,7 +61,6 @@ import java.util.HashMap;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
import javax.xml.parsers.FactoryConfigurationError;
|
import javax.xml.parsers.FactoryConfigurationError;
|
||||||
import javax.xml.parsers.SAXParserFactory;
|
|
||||||
import javax.xml.transform.Result;
|
import javax.xml.transform.Result;
|
||||||
import javax.xml.transform.Source;
|
import javax.xml.transform.Source;
|
||||||
import javax.xml.transform.sax.SAXResult;
|
import javax.xml.transform.sax.SAXResult;
|
||||||
@ -71,6 +68,7 @@ import javax.xml.transform.sax.SAXSource;
|
|||||||
import javax.xml.validation.TypeInfoProvider;
|
import javax.xml.validation.TypeInfoProvider;
|
||||||
import javax.xml.validation.ValidatorHandler;
|
import javax.xml.validation.ValidatorHandler;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
import org.w3c.dom.TypeInfo;
|
import org.w3c.dom.TypeInfo;
|
||||||
import org.w3c.dom.ls.LSInput;
|
import org.w3c.dom.ls.LSInput;
|
||||||
@ -95,7 +93,7 @@ import org.xml.sax.ext.EntityResolver2;
|
|||||||
* @author Kohsuke Kawaguchi
|
* @author Kohsuke Kawaguchi
|
||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
final class ValidatorHandlerImpl extends ValidatorHandler implements
|
final class ValidatorHandlerImpl extends ValidatorHandler implements
|
||||||
DTDHandler, EntityState, PSVIProvider, ValidatorHelper, XMLDocumentHandler {
|
DTDHandler, EntityState, PSVIProvider, ValidatorHelper, XMLDocumentHandler {
|
||||||
@ -676,8 +674,12 @@ final class ValidatorHandlerImpl extends ValidatorHandler implements
|
|||||||
XMLReader reader = saxSource.getXMLReader();
|
XMLReader reader = saxSource.getXMLReader();
|
||||||
if( reader==null ) {
|
if( reader==null ) {
|
||||||
// create one now
|
// create one now
|
||||||
reader = JdkXmlUtils.getXMLReader(fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER),
|
reader = JdkXmlUtils.getXMLReader(
|
||||||
fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
|
(XMLSecurityManager)fComponentManager.getProperty(SECURITY_MANAGER),
|
||||||
|
fComponentManager.getFeature(JdkConstants.OVERRIDE_PARSER),
|
||||||
|
fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING),
|
||||||
|
fComponentManager.getFeature(XMLConstants.USE_CATALOG),
|
||||||
|
null);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// If this is a Xerces SAX parser, set the security manager if there is one
|
// If this is a Xerces SAX parser, set the security manager if there is one
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2007, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -30,7 +30,6 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
|||||||
import com.sun.org.apache.xerces.internal.util.StAXInputSource;
|
import com.sun.org.apache.xerces.internal.util.StAXInputSource;
|
||||||
import com.sun.org.apache.xerces.internal.util.Status;
|
import com.sun.org.apache.xerces.internal.util.Status;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
|
import com.sun.org.apache.xerces.internal.xni.grammars.Grammar;
|
||||||
@ -56,6 +55,7 @@ import jdk.xml.internal.JdkProperty;
|
|||||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
||||||
import jdk.xml.internal.JdkXmlFeatures;
|
import jdk.xml.internal.JdkXmlFeatures;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
import org.w3c.dom.ls.LSResourceResolver;
|
import org.w3c.dom.ls.LSResourceResolver;
|
||||||
import org.xml.sax.ErrorHandler;
|
import org.xml.sax.ErrorHandler;
|
||||||
@ -70,7 +70,7 @@ import org.xml.sax.SAXParseException;
|
|||||||
*
|
*
|
||||||
* @author Kohsuke Kawaguchi
|
* @author Kohsuke Kawaguchi
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public final class XMLSchemaFactory extends SchemaFactory {
|
public final class XMLSchemaFactory extends SchemaFactory {
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2006, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -41,7 +41,6 @@ import com.sun.org.apache.xerces.internal.util.PropertyState;
|
|||||||
import com.sun.org.apache.xerces.internal.util.Status;
|
import com.sun.org.apache.xerces.internal.util.Status;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent;
|
||||||
@ -50,7 +49,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException;
|
|||||||
import javax.xml.catalog.CatalogFeatures;
|
import javax.xml.catalog.CatalogFeatures;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.ls.LSResourceResolver;
|
import org.w3c.dom.ls.LSResourceResolver;
|
||||||
import org.xml.sax.ErrorHandler;
|
import org.xml.sax.ErrorHandler;
|
||||||
|
|
||||||
@ -58,7 +57,7 @@ import org.xml.sax.ErrorHandler;
|
|||||||
* <p>An implementation of XMLComponentManager for a schema validator.</p>
|
* <p>An implementation of XMLComponentManager for a schema validator.</p>
|
||||||
*
|
*
|
||||||
* @author Michael Glavassevich, IBM
|
* @author Michael Glavassevich, IBM
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettings implements
|
final class XMLSchemaValidatorComponentManager extends ParserConfigurationSettings implements
|
||||||
XMLComponentManager {
|
XMLComponentManager {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2017, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -28,7 +28,6 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
|||||||
import com.sun.org.apache.xerces.internal.util.Status;
|
import com.sun.org.apache.xerces.internal.util.Status;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolHash;
|
import com.sun.org.apache.xerces.internal.util.SymbolHash;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
||||||
import com.sun.org.apache.xerces.internal.xni.QName;
|
import com.sun.org.apache.xerces.internal.xni.QName;
|
||||||
@ -50,6 +49,8 @@ import java.io.CharConversionException;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import javax.xml.XMLConstants;
|
import javax.xml.XMLConstants;
|
||||||
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.AttributeList;
|
import org.xml.sax.AttributeList;
|
||||||
import org.xml.sax.ContentHandler;
|
import org.xml.sax.ContentHandler;
|
||||||
import org.xml.sax.DTDHandler;
|
import org.xml.sax.DTDHandler;
|
||||||
@ -78,7 +79,7 @@ import org.xml.sax.helpers.LocatorImpl;
|
|||||||
* @author Arnaud Le Hors, IBM
|
* @author Arnaud Le Hors, IBM
|
||||||
* @author Andy Clark, IBM
|
* @author Andy Clark, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: Sep 2019
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
public abstract class AbstractSAXParser
|
public abstract class AbstractSAXParser
|
||||||
@ -1669,12 +1670,12 @@ public abstract class AbstractSAXParser
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
// Handle security setting
|
||||||
// Default handling
|
if (!securityManager.setLimit(featureId, JdkProperty.State.APIPROPERTY, state)) {
|
||||||
//
|
//fall back to the default configuration
|
||||||
|
|
||||||
fConfiguration.setFeature(featureId, state);
|
fConfiguration.setFeature(featureId, state);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
catch (XMLConfigurationException e) {
|
catch (XMLConfigurationException e) {
|
||||||
String identifier = e.getIdentifier();
|
String identifier = e.getIdentifier();
|
||||||
if (e.getType() == Status.NOT_RECOGNIZED) {
|
if (e.getType() == Status.NOT_RECOGNIZED) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -29,7 +29,6 @@ import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper;
|
|||||||
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
|
||||||
import com.sun.org.apache.xerces.internal.util.Status;
|
import com.sun.org.apache.xerces.internal.util.Status;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
||||||
@ -42,6 +41,7 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
|||||||
import java.io.CharConversionException;
|
import java.io.CharConversionException;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
import org.xml.sax.EntityResolver;
|
import org.xml.sax.EntityResolver;
|
||||||
import org.xml.sax.ErrorHandler;
|
import org.xml.sax.ErrorHandler;
|
||||||
@ -60,7 +60,7 @@ import org.xml.sax.helpers.LocatorImpl;
|
|||||||
*
|
*
|
||||||
* @author Arnaud Le Hors, IBM
|
* @author Arnaud Le Hors, IBM
|
||||||
* @author Andy Clark, IBM
|
* @author Andy Clark, IBM
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class DOMParser
|
public class DOMParser
|
||||||
extends AbstractDOMParser {
|
extends AbstractDOMParser {
|
||||||
@ -450,12 +450,12 @@ public class DOMParser
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
//
|
if (!securityManager.setLimit(featureId, JdkProperty.State.APIPROPERTY, state)) {
|
||||||
// Default handling
|
//fall back to the default configuration
|
||||||
//
|
|
||||||
|
|
||||||
fConfiguration.setFeature(featureId, state);
|
fConfiguration.setFeature(featureId, state);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
catch (XMLConfigurationException e) {
|
catch (XMLConfigurationException e) {
|
||||||
String identifier = e.getIdentifier();
|
String identifier = e.getIdentifier();
|
||||||
if (e.getType() == Status.NOT_RECOGNIZED) {
|
if (e.getType() == Status.NOT_RECOGNIZED) {
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -22,12 +22,12 @@ package com.sun.org.apache.xerces.internal.parsers;
|
|||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.impl.Constants;
|
import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkProperty;
|
import jdk.xml.internal.JdkProperty;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
import org.xml.sax.SAXNotRecognizedException;
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
import org.xml.sax.SAXNotSupportedException;
|
||||||
|
|
||||||
@ -39,7 +39,7 @@ import org.xml.sax.SAXNotSupportedException;
|
|||||||
* @author Arnaud Le Hors, IBM
|
* @author Arnaud Le Hors, IBM
|
||||||
* @author Andy Clark, IBM
|
* @author Andy Clark, IBM
|
||||||
*
|
*
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class SAXParser
|
public class SAXParser
|
||||||
extends AbstractSAXParser {
|
extends AbstractSAXParser {
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* reserved comment block
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT REMOVE OR ALTER!
|
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -25,7 +24,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants;
|
|||||||
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager;
|
||||||
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
import com.sun.org.apache.xerces.internal.util.SymbolTable;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This configuration allows Xerces to behave in a security-conscious manner; that is,
|
* This configuration allows Xerces to behave in a security-conscious manner; that is,
|
||||||
@ -44,7 +43,7 @@ import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
* @author Neil Graham, IBM
|
* @author Neil Graham, IBM
|
||||||
*
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class SecurityConfiguration extends XIncludeAwareParserConfiguration
|
public class SecurityConfiguration extends XIncludeAwareParserConfiguration
|
||||||
{
|
{
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -23,13 +23,12 @@ package com.sun.org.apache.xerces.internal.parsers;
|
|||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.impl.Constants;
|
import com.sun.org.apache.xerces.internal.impl.Constants;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
|
||||||
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.SAXNotSupportedException;
|
import org.xml.sax.SAXNotSupportedException;
|
||||||
import org.xml.sax.SAXNotRecognizedException;
|
import org.xml.sax.SAXNotRecognizedException;
|
||||||
|
|
||||||
@ -49,7 +48,7 @@ import org.xml.sax.SAXNotRecognizedException;
|
|||||||
*
|
*
|
||||||
* @author Arnaud Le Hors, IBM
|
* @author Arnaud Le Hors, IBM
|
||||||
* @author Andy Clark, IBM
|
* @author Andy Clark, IBM
|
||||||
* @LastModified: May 2021
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public abstract class XMLParser {
|
public abstract class XMLParser {
|
||||||
|
|
||||||
|
@ -1,251 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation. Oracle designates this
|
|
||||||
* particular file as subject to the "Classpath" exception as provided
|
|
||||||
* by Oracle in the LICENSE file that accompanied this code.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.sun.org.apache.xerces.internal.utils;
|
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
|
|
||||||
import java.util.Formatter;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.Map;
|
|
||||||
import jdk.xml.internal.JdkConstants;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* A helper for analyzing entity expansion limits
|
|
||||||
*
|
|
||||||
* @author Joe Wang Oracle Corp.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public final class XMLLimitAnalyzer {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Map old property names with the new ones
|
|
||||||
*/
|
|
||||||
public static enum NameMap {
|
|
||||||
ENTITY_EXPANSION_LIMIT(JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT),
|
|
||||||
MAX_OCCUR_NODE_LIMIT(JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT),
|
|
||||||
ELEMENT_ATTRIBUTE_LIMIT(JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT);
|
|
||||||
|
|
||||||
final String newName;
|
|
||||||
final String oldName;
|
|
||||||
|
|
||||||
NameMap(String newName, String oldName) {
|
|
||||||
this.newName = newName;
|
|
||||||
this.oldName = oldName;
|
|
||||||
}
|
|
||||||
|
|
||||||
String getOldName(String newName) {
|
|
||||||
if (newName.equals(this.newName)) {
|
|
||||||
return oldName;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Max value accumulated for each property
|
|
||||||
*/
|
|
||||||
private final int[] values;
|
|
||||||
/**
|
|
||||||
* Names of the entities corresponding to their max values
|
|
||||||
*/
|
|
||||||
private final String[] names;
|
|
||||||
/**
|
|
||||||
* Total value of accumulated entities
|
|
||||||
*/
|
|
||||||
private final int[] totalValue;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Maintain values of the top 10 elements in the process of parsing
|
|
||||||
*/
|
|
||||||
private final Map<String, Integer>[] caches;
|
|
||||||
|
|
||||||
private String entityStart, entityEnd;
|
|
||||||
/**
|
|
||||||
* Default constructor. Establishes default values for known security
|
|
||||||
* vulnerabilities.
|
|
||||||
*/
|
|
||||||
@SuppressWarnings({"rawtypes", "unchecked"})
|
|
||||||
public XMLLimitAnalyzer() {
|
|
||||||
values = new int[Limit.values().length];
|
|
||||||
totalValue = new int[Limit.values().length];
|
|
||||||
names = new String[Limit.values().length];
|
|
||||||
caches = new Map[Limit.values().length];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add the value to the current max count for the specified property
|
|
||||||
* To find the max value of all entities, set no limit
|
|
||||||
*
|
|
||||||
* @param limit the type of the property
|
|
||||||
* @param entityName the name of the entity
|
|
||||||
* @param value the value of the entity
|
|
||||||
*/
|
|
||||||
public void addValue(Limit limit, String entityName, int value) {
|
|
||||||
addValue(limit.ordinal(), entityName, value);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add the value to the current count by the index of the property
|
|
||||||
* @param index the index of the property
|
|
||||||
* @param entityName the name of the entity
|
|
||||||
* @param value the value of the entity
|
|
||||||
*/
|
|
||||||
public void addValue(int index, String entityName, int value) {
|
|
||||||
if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
|
|
||||||
index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.ENTITY_REPLACEMENT_LIMIT.ordinal()
|
|
||||||
) {
|
|
||||||
totalValue[index] += value;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
|
|
||||||
index == Limit.MAX_NAME_LIMIT.ordinal()) {
|
|
||||||
values[index] = value;
|
|
||||||
totalValue[index] = value;
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
Map<String, Integer> cache;
|
|
||||||
if (caches[index] == null) {
|
|
||||||
cache = new HashMap<>(10);
|
|
||||||
caches[index] = cache;
|
|
||||||
} else {
|
|
||||||
cache = caches[index];
|
|
||||||
}
|
|
||||||
|
|
||||||
int accumulatedValue = value;
|
|
||||||
if (cache.containsKey(entityName)) {
|
|
||||||
accumulatedValue += cache.get(entityName);
|
|
||||||
cache.put(entityName, accumulatedValue);
|
|
||||||
} else {
|
|
||||||
cache.put(entityName, value);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (accumulatedValue > values[index]) {
|
|
||||||
values[index] = accumulatedValue;
|
|
||||||
names[index] = entityName;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
|
|
||||||
totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the value of the current max count for the specified property
|
|
||||||
*
|
|
||||||
* @param limit the property
|
|
||||||
* @return the value of the property
|
|
||||||
*/
|
|
||||||
public int getValue(Limit limit) {
|
|
||||||
return getValue(limit.ordinal());
|
|
||||||
}
|
|
||||||
|
|
||||||
public int getValue(int index) {
|
|
||||||
if (index == Limit.ENTITY_REPLACEMENT_LIMIT.ordinal()) {
|
|
||||||
return totalValue[index];
|
|
||||||
}
|
|
||||||
return values[index];
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Return the total value accumulated so far
|
|
||||||
*
|
|
||||||
* @param limit the property
|
|
||||||
* @return the accumulated value of the property
|
|
||||||
*/
|
|
||||||
public int getTotalValue(Limit limit) {
|
|
||||||
return totalValue[limit.ordinal()];
|
|
||||||
}
|
|
||||||
|
|
||||||
public int getTotalValue(int index) {
|
|
||||||
return totalValue[index];
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Return the current max value (count or length) by the index of a property
|
|
||||||
* @param index the index of a property
|
|
||||||
* @return count of a property
|
|
||||||
*/
|
|
||||||
public int getValueByIndex(int index) {
|
|
||||||
return values[index];
|
|
||||||
}
|
|
||||||
|
|
||||||
public void startEntity(String name) {
|
|
||||||
entityStart = name;
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isTracking(String name) {
|
|
||||||
if (entityStart == null) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return entityStart.equals(name);
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Stop tracking the entity
|
|
||||||
* @param limit the limit property
|
|
||||||
* @param name the name of an entity
|
|
||||||
*/
|
|
||||||
public void endEntity(Limit limit, String name) {
|
|
||||||
entityStart = "";
|
|
||||||
Map<String, Integer> cache = caches[limit.ordinal()];
|
|
||||||
if (cache != null) {
|
|
||||||
cache.remove(name);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Resets the current value of the specified limit.
|
|
||||||
* @param limit The limit to be reset.
|
|
||||||
*/
|
|
||||||
public void reset(Limit limit) {
|
|
||||||
if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
|
|
||||||
totalValue[limit.ordinal()] = 0;
|
|
||||||
} else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
|
|
||||||
names[limit.ordinal()] = null;
|
|
||||||
values[limit.ordinal()] = 0;
|
|
||||||
caches[limit.ordinal()] = null;
|
|
||||||
totalValue[limit.ordinal()] = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void debugPrint(XMLSecurityManager securityManager) {
|
|
||||||
Formatter formatter = new Formatter();
|
|
||||||
System.out.println(formatter.format("%30s %15s %15s %15s %30s",
|
|
||||||
"Property","Limit","Total size","Size","Entity Name"));
|
|
||||||
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
formatter = new Formatter();
|
|
||||||
System.out.println(formatter.format("%30s %15d %15d %15d %30s",
|
|
||||||
limit.name(),
|
|
||||||
securityManager.getLimit(limit),
|
|
||||||
totalValue[limit.ordinal()],
|
|
||||||
values[limit.ordinal()],
|
|
||||||
names[limit.ordinal()]));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,638 +0,0 @@
|
|||||||
/*
|
|
||||||
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
||||||
*
|
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
|
||||||
* under the terms of the GNU General Public License version 2 only, as
|
|
||||||
* published by the Free Software Foundation. Oracle designates this
|
|
||||||
* particular file as subject to the "Classpath" exception as provided
|
|
||||||
* by Oracle in the LICENSE file that accompanied this code.
|
|
||||||
*
|
|
||||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
||||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
||||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
||||||
* version 2 for more details (a copy is included in the LICENSE file that
|
|
||||||
* accompanied this code).
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU General Public License version
|
|
||||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
||||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
*
|
|
||||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
||||||
* or visit www.oracle.com if you need additional information or have any
|
|
||||||
* questions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package com.sun.org.apache.xerces.internal.utils;
|
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.util.SecurityManager;
|
|
||||||
import java.util.concurrent.CopyOnWriteArrayList;
|
|
||||||
import jdk.xml.internal.JdkConstants;
|
|
||||||
import jdk.xml.internal.JdkProperty.State;
|
|
||||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
|
||||||
import jdk.xml.internal.SecuritySupport;
|
|
||||||
import org.xml.sax.SAXException;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This class manages standard and implementation-specific limitations.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public final class XMLSecurityManager {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Limits managed by the security manager
|
|
||||||
*/
|
|
||||||
@SuppressWarnings("deprecation")
|
|
||||||
public static enum Limit {
|
|
||||||
|
|
||||||
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit",
|
|
||||||
JdkConstants.JDK_ENTITY_EXPANSION_LIMIT, JdkConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
|
|
||||||
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit",
|
|
||||||
JdkConstants.JDK_MAX_OCCUR_LIMIT, JdkConstants.SP_MAX_OCCUR_LIMIT, 0, 5000),
|
|
||||||
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit",
|
|
||||||
JdkConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
|
|
||||||
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit",
|
|
||||||
JdkConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, JdkConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
|
|
||||||
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
|
|
||||||
JdkConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT, JdkConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
|
|
||||||
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
|
|
||||||
JdkConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, JdkConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
|
|
||||||
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit",
|
|
||||||
JdkConstants.JDK_MAX_ELEMENT_DEPTH, JdkConstants.SP_MAX_ELEMENT_DEPTH, 0, 0),
|
|
||||||
MAX_NAME_LIMIT("MaxXMLNameLimit",
|
|
||||||
JdkConstants.JDK_XML_NAME_LIMIT, JdkConstants.SP_XML_NAME_LIMIT, 1000, 1000),
|
|
||||||
ENTITY_REPLACEMENT_LIMIT("EntityReplacementLimit",
|
|
||||||
JdkConstants.JDK_ENTITY_REPLACEMENT_LIMIT, JdkConstants.SP_ENTITY_REPLACEMENT_LIMIT, 0, 3000000);
|
|
||||||
|
|
||||||
final String key;
|
|
||||||
final String apiProperty;
|
|
||||||
final String systemProperty;
|
|
||||||
final int defaultValue;
|
|
||||||
final int secureValue;
|
|
||||||
|
|
||||||
Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
|
|
||||||
this.key = key;
|
|
||||||
this.apiProperty = apiProperty;
|
|
||||||
this.systemProperty = systemProperty;
|
|
||||||
this.defaultValue = value;
|
|
||||||
this.secureValue = secureValue;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Checks whether the specified name is a limit. Checks both the
|
|
||||||
* property and System Property which is now the new property name.
|
|
||||||
*
|
|
||||||
* @param name the specified name
|
|
||||||
* @return true if there is a match, false otherwise
|
|
||||||
*/
|
|
||||||
public boolean is(String name) {
|
|
||||||
// current spec: new property name == systemProperty
|
|
||||||
return (systemProperty != null && systemProperty.equals(name)) ||
|
|
||||||
// current spec: apiProperty is legacy
|
|
||||||
(apiProperty.equals(name));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the state of a property name. By the specification as of JDK 17,
|
|
||||||
* the "jdk.xml." prefixed System property name is also the current API
|
|
||||||
* name. The URI-based qName is legacy.
|
|
||||||
*
|
|
||||||
* @param name the property name
|
|
||||||
* @return the state of the property name, null if no match
|
|
||||||
*/
|
|
||||||
public State getState(String name) {
|
|
||||||
if (systemProperty != null && systemProperty.equals(name)) {
|
|
||||||
return State.APIPROPERTY;
|
|
||||||
} else if (apiProperty.equals(name)) {
|
|
||||||
//the URI-style qName is legacy
|
|
||||||
return State.LEGACY_APIPROPERTY;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String key() {
|
|
||||||
return key;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String apiProperty() {
|
|
||||||
return apiProperty;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String systemProperty() {
|
|
||||||
return systemProperty;
|
|
||||||
}
|
|
||||||
|
|
||||||
public int defaultValue() {
|
|
||||||
return defaultValue;
|
|
||||||
}
|
|
||||||
|
|
||||||
int secureValue() {
|
|
||||||
return secureValue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Map old property names with the new ones
|
|
||||||
*/
|
|
||||||
public static enum NameMap {
|
|
||||||
|
|
||||||
ENTITY_EXPANSION_LIMIT(JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT),
|
|
||||||
MAX_OCCUR_NODE_LIMIT(JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT),
|
|
||||||
ELEMENT_ATTRIBUTE_LIMIT(JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT);
|
|
||||||
final String newName;
|
|
||||||
final String oldName;
|
|
||||||
|
|
||||||
NameMap(String newName, String oldName) {
|
|
||||||
this.newName = newName;
|
|
||||||
this.oldName = oldName;
|
|
||||||
}
|
|
||||||
|
|
||||||
String getOldName(String newName) {
|
|
||||||
if (newName.equals(this.newName)) {
|
|
||||||
return oldName;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
private static final int NO_LIMIT = 0;
|
|
||||||
/**
|
|
||||||
* Values of the properties
|
|
||||||
*/
|
|
||||||
private final int[] values;
|
|
||||||
/**
|
|
||||||
* States of the settings for each property
|
|
||||||
*/
|
|
||||||
private State[] states;
|
|
||||||
/**
|
|
||||||
* Flag indicating if secure processing is set
|
|
||||||
*/
|
|
||||||
boolean secureProcessing;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* States that determine if properties are set explicitly
|
|
||||||
*/
|
|
||||||
private boolean[] isSet;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Index of the special entityCountInfo property
|
|
||||||
*/
|
|
||||||
private final int indexEntityCountInfo = 10000;
|
|
||||||
private String printEntityCountInfo = "";
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Default constructor. Establishes default values for known security
|
|
||||||
* vulnerabilities.
|
|
||||||
*/
|
|
||||||
public XMLSecurityManager() {
|
|
||||||
this(false);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Instantiate Security Manager in accordance with the status of
|
|
||||||
* secure processing
|
|
||||||
* @param secureProcessing
|
|
||||||
*/
|
|
||||||
public XMLSecurityManager(boolean secureProcessing) {
|
|
||||||
values = new int[Limit.values().length];
|
|
||||||
states = new State[Limit.values().length];
|
|
||||||
isSet = new boolean[Limit.values().length];
|
|
||||||
this.secureProcessing = secureProcessing;
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
if (secureProcessing) {
|
|
||||||
values[limit.ordinal()] = limit.secureValue;
|
|
||||||
states[limit.ordinal()] = State.FSP;
|
|
||||||
} else {
|
|
||||||
values[limit.ordinal()] = limit.defaultValue();
|
|
||||||
states[limit.ordinal()] = State.DEFAULT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//read system properties or jaxp.properties
|
|
||||||
readSystemProperties();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Setting FEATURE_SECURE_PROCESSING explicitly
|
|
||||||
*/
|
|
||||||
public void setSecureProcessing(boolean secure) {
|
|
||||||
secureProcessing = secure;
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
if (secure) {
|
|
||||||
setLimit(limit.ordinal(), State.FSP, limit.secureValue());
|
|
||||||
} else {
|
|
||||||
setLimit(limit.ordinal(), State.FSP, limit.defaultValue());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the state of secure processing
|
|
||||||
* @return the state of secure processing
|
|
||||||
*/
|
|
||||||
public boolean isSecureProcessing() {
|
|
||||||
return secureProcessing;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Finds a limit's new name with the given property name.
|
|
||||||
* @param propertyName the property name specified
|
|
||||||
* @return the limit's new name if found, null otherwise
|
|
||||||
*/
|
|
||||||
public String find(String propertyName) {
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
if (limit.is(propertyName)) {
|
|
||||||
// current spec: new property name == systemProperty
|
|
||||||
return limit.systemProperty();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//ENTITYCOUNT's new name is qName
|
|
||||||
if (ImplPropMap.ENTITYCOUNT.is(propertyName)) {
|
|
||||||
return ImplPropMap.ENTITYCOUNT.qName();
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set limit by property name and state
|
|
||||||
* @param propertyName property name
|
|
||||||
* @param state the state of the property
|
|
||||||
* @param value the value of the property
|
|
||||||
* @return true if the property is managed by the security manager; false
|
|
||||||
* if otherwise.
|
|
||||||
*/
|
|
||||||
public boolean setLimit(String propertyName, State state, Object value) {
|
|
||||||
int index = getIndex(propertyName);
|
|
||||||
if (index > -1) {
|
|
||||||
State pState = state;
|
|
||||||
if (index != indexEntityCountInfo && state == State.APIPROPERTY) {
|
|
||||||
pState = (Limit.values()[index]).getState(propertyName);
|
|
||||||
}
|
|
||||||
setLimit(index, pState, value);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the value for a specific limit.
|
|
||||||
*
|
|
||||||
* @param limit the limit
|
|
||||||
* @param state the state of the property
|
|
||||||
* @param value the value of the property
|
|
||||||
*/
|
|
||||||
public void setLimit(Limit limit, State state, int value) {
|
|
||||||
setLimit(limit.ordinal(), state, value);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the value of a property by its index
|
|
||||||
*
|
|
||||||
* @param index the index of the property
|
|
||||||
* @param state the state of the property
|
|
||||||
* @param value the value of the property
|
|
||||||
*/
|
|
||||||
public void setLimit(int index, State state, Object value) {
|
|
||||||
if (index == indexEntityCountInfo) {
|
|
||||||
printEntityCountInfo = (String)value;
|
|
||||||
} else {
|
|
||||||
int temp;
|
|
||||||
if (value instanceof Integer) {
|
|
||||||
temp = (Integer)value;
|
|
||||||
} else {
|
|
||||||
temp = Integer.parseInt((String) value);
|
|
||||||
if (temp < 0) {
|
|
||||||
temp = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
setLimit(index, state, temp);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Set the value of a property by its index
|
|
||||||
*
|
|
||||||
* @param index the index of the property
|
|
||||||
* @param state the state of the property
|
|
||||||
* @param value the value of the property
|
|
||||||
*/
|
|
||||||
public void setLimit(int index, State state, int value) {
|
|
||||||
if (index == indexEntityCountInfo) {
|
|
||||||
//if it's explicitly set, it's treated as yes no matter the value
|
|
||||||
printEntityCountInfo = JdkConstants.JDK_YES;
|
|
||||||
} else {
|
|
||||||
//only update if it shall override
|
|
||||||
if (state.compareTo(states[index]) >= 0) {
|
|
||||||
values[index] = value;
|
|
||||||
states[index] = state;
|
|
||||||
isSet[index] = true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the value of the specified property
|
|
||||||
*
|
|
||||||
* @param propertyName the property name
|
|
||||||
* @return the value of the property as a string. If a property is managed
|
|
||||||
* by this manager, its value shall not be null.
|
|
||||||
*/
|
|
||||||
public String getLimitAsString(String propertyName) {
|
|
||||||
int index = getIndex(propertyName);
|
|
||||||
if (index > -1) {
|
|
||||||
return getLimitValueByIndex(index);
|
|
||||||
}
|
|
||||||
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Return the value of the specified property
|
|
||||||
*
|
|
||||||
* @param limit the property
|
|
||||||
* @return the value of the property
|
|
||||||
*/
|
|
||||||
public int getLimit(Limit limit) {
|
|
||||||
return values[limit.ordinal()];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the value of a property by its ordinal
|
|
||||||
*
|
|
||||||
* @param limit the property
|
|
||||||
* @return value of a property
|
|
||||||
*/
|
|
||||||
public String getLimitValueAsString(Limit limit) {
|
|
||||||
return Integer.toString(values[limit.ordinal()]);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the value of a property by its ordinal
|
|
||||||
*
|
|
||||||
* @param index the index of a property
|
|
||||||
* @return limit of a property as a string
|
|
||||||
*/
|
|
||||||
public String getLimitValueByIndex(int index) {
|
|
||||||
if (index == indexEntityCountInfo) {
|
|
||||||
return printEntityCountInfo;
|
|
||||||
}
|
|
||||||
|
|
||||||
return Integer.toString(values[index]);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the state of the limit property
|
|
||||||
*
|
|
||||||
* @param limit the limit
|
|
||||||
* @return the state of the limit property
|
|
||||||
*/
|
|
||||||
public State getState(Limit limit) {
|
|
||||||
return states[limit.ordinal()];
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return the state of the limit property
|
|
||||||
*
|
|
||||||
* @param limit the limit
|
|
||||||
* @return the state of the limit property
|
|
||||||
*/
|
|
||||||
public String getStateLiteral(Limit limit) {
|
|
||||||
return states[limit.ordinal()].literal();
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the index by property name
|
|
||||||
*
|
|
||||||
* @param propertyName property name
|
|
||||||
* @return the index of the property if found; return -1 if not
|
|
||||||
*/
|
|
||||||
public int getIndex(String propertyName) {
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
// see JDK-8265248, accept both the URL and jdk.xml as prefix
|
|
||||||
if (limit.is(propertyName)) {
|
|
||||||
//internally, ordinal is used as index
|
|
||||||
return limit.ordinal();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//special property to return entity count info
|
|
||||||
if (ImplPropMap.ENTITYCOUNT.is(propertyName)) {
|
|
||||||
return indexEntityCountInfo;
|
|
||||||
}
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check if there's no limit defined by the Security Manager
|
|
||||||
* @param limit
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
public boolean isNoLimit(int limit) {
|
|
||||||
return limit==NO_LIMIT;
|
|
||||||
}
|
|
||||||
/**
|
|
||||||
* Check if the size (length or count) of the specified limit property is
|
|
||||||
* over the limit
|
|
||||||
*
|
|
||||||
* @param limit the type of the limit property
|
|
||||||
* @param entityName the name of the entity
|
|
||||||
* @param size the size (count or length) of the entity
|
|
||||||
* @return true if the size is over the limit, false otherwise
|
|
||||||
*/
|
|
||||||
public boolean isOverLimit(Limit limit, String entityName, int size,
|
|
||||||
XMLLimitAnalyzer limitAnalyzer) {
|
|
||||||
return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check if the value (length or count) of the specified limit property is
|
|
||||||
* over the limit
|
|
||||||
*
|
|
||||||
* @param index the index of the limit property
|
|
||||||
* @param entityName the name of the entity
|
|
||||||
* @param size the size (count or length) of the entity
|
|
||||||
* @return true if the size is over the limit, false otherwise
|
|
||||||
*/
|
|
||||||
public boolean isOverLimit(int index, String entityName, int size,
|
|
||||||
XMLLimitAnalyzer limitAnalyzer) {
|
|
||||||
if (values[index] == NO_LIMIT) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if (size > values[index]) {
|
|
||||||
limitAnalyzer.addValue(index, entityName, size);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Check against cumulated value
|
|
||||||
*
|
|
||||||
* @param limit the type of the limit property
|
|
||||||
* @param size the size (count or length) of the entity
|
|
||||||
* @return true if the size is over the limit, false otherwise
|
|
||||||
*/
|
|
||||||
public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) {
|
|
||||||
return isOverLimit(limit.ordinal(), limitAnalyzer);
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) {
|
|
||||||
if (values[index] == NO_LIMIT) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
|
|
||||||
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
|
|
||||||
index == Limit.ENTITY_REPLACEMENT_LIMIT.ordinal() ||
|
|
||||||
index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
|
|
||||||
index == Limit.MAX_NAME_LIMIT.ordinal()
|
|
||||||
) {
|
|
||||||
return (limitAnalyzer.getTotalValue(index) > values[index]);
|
|
||||||
} else {
|
|
||||||
return (limitAnalyzer.getValue(index) > values[index]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public void debugPrint(XMLLimitAnalyzer limitAnalyzer) {
|
|
||||||
if (printEntityCountInfo.equals(JdkConstants.JDK_YES)) {
|
|
||||||
limitAnalyzer.debugPrint(this);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Indicate if a property is set explicitly
|
|
||||||
* @param index
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
public boolean isSet(int index) {
|
|
||||||
return isSet[index];
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean printEntityCountInfo() {
|
|
||||||
return printEntityCountInfo.equals(JdkConstants.JDK_YES);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Read system properties, or the configuration file
|
|
||||||
*/
|
|
||||||
private void readSystemProperties() {
|
|
||||||
for (Limit limit : Limit.values()) {
|
|
||||||
// attempts to read both the current and old system propery
|
|
||||||
if (!getSystemProperty(limit, limit.systemProperty())
|
|
||||||
&& (!getOldSystemProperty(limit))) {
|
|
||||||
//if system property is not found, try the config file
|
|
||||||
getPropertyConfig(limit, limit.systemProperty());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Array list to store printed warnings for each SAX parser used
|
|
||||||
private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Prints out warnings if a parser does not support the specified feature/property.
|
|
||||||
*
|
|
||||||
* @param parserClassName the name of the parser class
|
|
||||||
* @param propertyName the property name
|
|
||||||
* @param exception the exception thrown by the parser
|
|
||||||
*/
|
|
||||||
public static void printWarning(String parserClassName, String propertyName, SAXException exception) {
|
|
||||||
String key = parserClassName+":"+propertyName;
|
|
||||||
if (printedWarnings.addIfAbsent(key)) {
|
|
||||||
System.err.println( "Warning: "+parserClassName+": "+exception.getMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Reads a system property, sets value and state if found.
|
|
||||||
*
|
|
||||||
* @param limit the limit property
|
|
||||||
* @param sysPropertyName the name of system property
|
|
||||||
*/
|
|
||||||
private boolean getSystemProperty(Limit limit, String sysPropertyName) {
|
|
||||||
try {
|
|
||||||
String value = SecuritySupport.getSystemProperty(sysPropertyName);
|
|
||||||
if (value != null && !value.equals("")) {
|
|
||||||
values[limit.ordinal()] = Integer.parseInt(value);
|
|
||||||
states[limit.ordinal()] = State.SYSTEMPROPERTY;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} catch (NumberFormatException e) {
|
|
||||||
//invalid setting
|
|
||||||
throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty());
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Reads the legacy system property.
|
|
||||||
* @param limit a limit object
|
|
||||||
* @return true if found, false otherwise
|
|
||||||
*/
|
|
||||||
private boolean getOldSystemProperty(Limit limit) {
|
|
||||||
boolean found = false;
|
|
||||||
for (NameMap nameMap : NameMap.values()) {
|
|
||||||
String oldName = nameMap.getOldName(limit.systemProperty());
|
|
||||||
if (oldName != null) {
|
|
||||||
if (getSystemProperty(limit, oldName)) {
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return found;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Reads a property from a configuration file, if any.
|
|
||||||
*
|
|
||||||
* @param limit the limit property
|
|
||||||
* @param sysPropertyName the name of system property
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
private boolean getPropertyConfig(Limit limit, String sysPropertyName) {
|
|
||||||
try {
|
|
||||||
String value = SecuritySupport.readConfig(sysPropertyName);
|
|
||||||
if (value != null && !value.equals("")) {
|
|
||||||
values[limit.ordinal()] = Integer.parseInt(value);
|
|
||||||
states[limit.ordinal()] = State.JAXPDOTPROPERTIES;
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} catch (NumberFormatException e) {
|
|
||||||
//invalid setting
|
|
||||||
throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty());
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Convert a value set through setProperty to XMLSecurityManager.
|
|
||||||
* If the value is an instance of XMLSecurityManager, use it to override the default;
|
|
||||||
* If the value is an old SecurityManager, convert to the new XMLSecurityManager.
|
|
||||||
*
|
|
||||||
* @param value user specified security manager
|
|
||||||
* @param securityManager an instance of XMLSecurityManager
|
|
||||||
* @return an instance of the new security manager XMLSecurityManager
|
|
||||||
*/
|
|
||||||
public static XMLSecurityManager convert(Object value, XMLSecurityManager securityManager) {
|
|
||||||
if (value == null) {
|
|
||||||
if (securityManager == null) {
|
|
||||||
securityManager = new XMLSecurityManager(true);
|
|
||||||
}
|
|
||||||
return securityManager;
|
|
||||||
}
|
|
||||||
if (value instanceof XMLSecurityManager) {
|
|
||||||
return (XMLSecurityManager)value;
|
|
||||||
} else {
|
|
||||||
if (securityManager == null) {
|
|
||||||
securityManager = new XMLSecurityManager(true);
|
|
||||||
}
|
|
||||||
if (value instanceof SecurityManager) {
|
|
||||||
SecurityManager origSM = (SecurityManager)value;
|
|
||||||
securityManager.setLimit(Limit.MAX_OCCUR_NODE_LIMIT, State.APIPROPERTY, origSM.getMaxOccurNodeLimit());
|
|
||||||
securityManager.setLimit(Limit.ENTITY_EXPANSION_LIMIT, State.APIPROPERTY, origSM.getEntityExpansionLimit());
|
|
||||||
securityManager.setLimit(Limit.ELEMENT_ATTRIBUTE_LIMIT, State.APIPROPERTY, origSM.getElementAttrLimit());
|
|
||||||
}
|
|
||||||
return securityManager;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2006, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2006, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -39,7 +39,6 @@ import com.sun.org.apache.xerces.internal.util.XMLChar;
|
|||||||
import com.sun.org.apache.xerces.internal.util.XMLLocatorWrapper;
|
import com.sun.org.apache.xerces.internal.util.XMLLocatorWrapper;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
|
import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl;
|
||||||
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
import com.sun.org.apache.xerces.internal.util.XMLSymbols;
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
|
||||||
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
import com.sun.org.apache.xerces.internal.xni.Augmentations;
|
||||||
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
import com.sun.org.apache.xerces.internal.xni.NamespaceContext;
|
||||||
@ -80,6 +79,7 @@ import javax.xml.catalog.CatalogResolver;
|
|||||||
import javax.xml.transform.Source;
|
import javax.xml.transform.Source;
|
||||||
import jdk.xml.internal.JdkConstants;
|
import jdk.xml.internal.JdkConstants;
|
||||||
import jdk.xml.internal.JdkXmlUtils;
|
import jdk.xml.internal.JdkXmlUtils;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -128,7 +128,7 @@ import org.xml.sax.InputSource;
|
|||||||
*
|
*
|
||||||
*
|
*
|
||||||
* @see XIncludeNamespaceSupport
|
* @see XIncludeNamespaceSupport
|
||||||
* @LastModified: July 2022
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XIncludeHandler
|
public class XIncludeHandler
|
||||||
implements XMLComponent, XMLDocumentFilter, XMLDTDFilter {
|
implements XMLComponent, XMLDocumentFilter, XMLDTDFilter {
|
||||||
@ -1731,6 +1731,11 @@ public class XIncludeHandler
|
|||||||
fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
|
fChildConfig.setProperty(SECURITY_MANAGER, fSecurityManager);
|
||||||
fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
fChildConfig.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr);
|
||||||
fChildConfig.setProperty(BUFFER_SIZE, fBufferSize);
|
fChildConfig.setProperty(BUFFER_SIZE, fBufferSize);
|
||||||
|
fChildConfig.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), fCatalogFile);
|
||||||
|
fChildConfig.setProperty(CatalogFeatures.Feature.DEFER.getPropertyName(), fDefer);
|
||||||
|
fChildConfig.setProperty(CatalogFeatures.Feature.PREFER.getPropertyName(), fPrefer);
|
||||||
|
fChildConfig.setProperty(CatalogFeatures.Feature.RESOLVE.getPropertyName(), fResolve);
|
||||||
|
fChildConfig.setFeature(XMLConstants.USE_CATALOG, fUseCatalog);
|
||||||
|
|
||||||
// features must be copied to child configuration
|
// features must be copied to child configuration
|
||||||
fNeedCopyFeatures = true;
|
fNeedCopyFeatures = true;
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* reserved comment block
|
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT REMOVE OR ALTER!
|
|
||||||
*/
|
*/
|
||||||
/*
|
/*
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
@ -21,9 +20,9 @@
|
|||||||
|
|
||||||
package com.sun.org.apache.xerces.internal.xni.parser;
|
package com.sun.org.apache.xerces.internal.xni.parser;
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer;
|
|
||||||
import java.io.IOException;
|
|
||||||
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
import com.sun.org.apache.xerces.internal.xni.XNIException;
|
||||||
|
import java.io.IOException;
|
||||||
|
import jdk.xml.internal.XMLLimitAnalyzer;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This interface defines a generic DTD scanner. This interface
|
* This interface defines a generic DTD scanner. This interface
|
||||||
@ -39,6 +38,7 @@ import com.sun.org.apache.xerces.internal.xni.XNIException;
|
|||||||
* </blockquote>
|
* </blockquote>
|
||||||
*
|
*
|
||||||
* @author Andy Clark, IBM
|
* @author Andy Clark, IBM
|
||||||
|
* @LastModified: July 2023
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public interface XMLDTDScanner
|
public interface XMLDTDScanner
|
||||||
|
@ -37,7 +37,7 @@ import org.xml.sax.XMLReader;
|
|||||||
* Creates XMLReader objects and caches them for re-use.
|
* Creates XMLReader objects and caches them for re-use.
|
||||||
* This class follows the singleton pattern.
|
* This class follows the singleton pattern.
|
||||||
*
|
*
|
||||||
* @LastModified: Jan 2023
|
* @LastModified: July 2023
|
||||||
*/
|
*/
|
||||||
public class XMLReaderManager {
|
public class XMLReaderManager {
|
||||||
|
|
||||||
@ -123,8 +123,11 @@ public class XMLReaderManager {
|
|||||||
(rw.overrideDefaultParser == m_overrideDefaultParser) &&
|
(rw.overrideDefaultParser == m_overrideDefaultParser) &&
|
||||||
( factory == null || reader.getClass().getName().equals(factory))) {
|
( factory == null || reader.getClass().getName().equals(factory))) {
|
||||||
m_inUse.put(reader, Boolean.TRUE);
|
m_inUse.put(reader, Boolean.TRUE);
|
||||||
|
JdkXmlUtils.setReaderProperty(reader, _xmlSecurityManager, _useCatalog,
|
||||||
|
_catalogFeatures);
|
||||||
} else {
|
} else {
|
||||||
reader = JdkXmlUtils.getXMLReader(m_overrideDefaultParser, _secureProcessing);
|
reader = JdkXmlUtils.getXMLReader(_xmlSecurityManager, m_overrideDefaultParser,
|
||||||
|
_secureProcessing, _useCatalog, _catalogFeatures);
|
||||||
|
|
||||||
// Cache the XMLReader if this is the first time we've created
|
// Cache the XMLReader if this is the first time we've created
|
||||||
// a reader for this thread.
|
// a reader for this thread.
|
||||||
@ -141,42 +144,6 @@ public class XMLReaderManager {
|
|||||||
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
|
||||||
_cdataChunkSize, false);
|
_cdataChunkSize, false);
|
||||||
|
|
||||||
String lastProperty = "";
|
|
||||||
try {
|
|
||||||
if (_xmlSecurityManager != null) {
|
|
||||||
for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
|
|
||||||
if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
|
|
||||||
lastProperty = limit.apiProperty();
|
|
||||||
reader.setProperty(lastProperty,
|
|
||||||
_xmlSecurityManager.getLimitValueAsString(limit));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (_xmlSecurityManager.printEntityCountInfo()) {
|
|
||||||
lastProperty = JdkConstants.JDK_DEBUG_LIMIT;
|
|
||||||
reader.setProperty(lastProperty, JdkConstants.JDK_YES);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
} catch (SAXException se) {
|
|
||||||
XMLSecurityManager.printWarning(reader.getClass().getName(), lastProperty, se);
|
|
||||||
}
|
|
||||||
|
|
||||||
boolean supportCatalog = true;
|
|
||||||
try {
|
|
||||||
reader.setFeature(JdkXmlUtils.USE_CATALOG, _useCatalog);
|
|
||||||
}
|
|
||||||
catch (SAXNotRecognizedException | SAXNotSupportedException e) {
|
|
||||||
supportCatalog = false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (supportCatalog && _useCatalog && _catalogFeatures != null) {
|
|
||||||
try {
|
|
||||||
for (CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
|
|
||||||
reader.setProperty(f.getPropertyName(), _catalogFeatures.get(f));
|
|
||||||
}
|
|
||||||
} catch (SAXNotRecognizedException e) {
|
|
||||||
//shall not happen for internal settings
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return reader;
|
return reader;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -287,7 +287,17 @@ public final class JdkConstants {
|
|||||||
* System Property for the Configuration File
|
* System Property for the Configuration File
|
||||||
* @since 21
|
* @since 21
|
||||||
*/
|
*/
|
||||||
public static final String CONFIG_FILE = "java.xml.config.file";
|
public static final String CONFIG_FILE_PROPNAME = "java.xml.config.file";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* System Property for the DTD property
|
||||||
|
*/
|
||||||
|
public static final String DTD_PROPNAME = "jdk.xml.dtd.support";
|
||||||
|
|
||||||
|
// DTD property values
|
||||||
|
public static final int ALLOW = 0;
|
||||||
|
public static final int IGNORE = 1;
|
||||||
|
public static final int DENY = 2;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Values for a feature
|
* Values for a feature
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -50,6 +50,9 @@ import org.xml.sax.XMLReader;
|
|||||||
* Constants for use across JAXP processors.
|
* Constants for use across JAXP processors.
|
||||||
*/
|
*/
|
||||||
public class JdkXmlUtils {
|
public class JdkXmlUtils {
|
||||||
|
public static final boolean IS_WINDOWS = SecuritySupport.getSystemProperty("os.name").contains("Windows");
|
||||||
|
public static final String JAVA_HOME = SecuritySupport.getSystemProperty("java.home");
|
||||||
|
|
||||||
private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory";
|
private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory";
|
||||||
private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory";
|
private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory";
|
||||||
private static final String SAX_DRIVER = "org.xml.sax.driver";
|
private static final String SAX_DRIVER = "org.xml.sax.driver";
|
||||||
@ -61,7 +64,9 @@ public class JdkXmlUtils {
|
|||||||
Constants.SAX_FEATURE_PREFIX + Constants.NAMESPACES_FEATURE;
|
Constants.SAX_FEATURE_PREFIX + Constants.NAMESPACES_FEATURE;
|
||||||
public static final String NAMESPACE_PREFIXES_FEATURE =
|
public static final String NAMESPACE_PREFIXES_FEATURE =
|
||||||
Constants.SAX_FEATURE_PREFIX + Constants.NAMESPACE_PREFIXES_FEATURE;
|
Constants.SAX_FEATURE_PREFIX + Constants.NAMESPACE_PREFIXES_FEATURE;
|
||||||
|
/** Property identifier: security manager. */
|
||||||
|
private static final String SECURITY_MANAGER =
|
||||||
|
Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Catalog features
|
* Catalog features
|
||||||
@ -73,7 +78,10 @@ public class JdkXmlUtils {
|
|||||||
public final static String CATALOG_PREFER = CatalogFeatures.Feature.PREFER.getPropertyName();
|
public final static String CATALOG_PREFER = CatalogFeatures.Feature.PREFER.getPropertyName();
|
||||||
public final static String CATALOG_RESOLVE = CatalogFeatures.Feature.RESOLVE.getPropertyName();
|
public final static String CATALOG_RESOLVE = CatalogFeatures.Feature.RESOLVE.getPropertyName();
|
||||||
|
|
||||||
|
//values for the Resolve property
|
||||||
|
public static final String RESOLVE_STRICT = "strict";
|
||||||
|
public static final String RESOLVE_CONTINUE = "continue";
|
||||||
|
public static final String RESOLVE_IGNORE = "ignore";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default value of USE_CATALOG. This will read the System property
|
* Default value of USE_CATALOG. This will read the System property
|
||||||
@ -162,21 +170,30 @@ public class JdkXmlUtils {
|
|||||||
|
|
||||||
CatalogFeatures.Builder builder = CatalogFeatures.builder();
|
CatalogFeatures.Builder builder = CatalogFeatures.builder();
|
||||||
if (file != null) {
|
if (file != null) {
|
||||||
builder = builder.with(CatalogFeatures.Feature.FILES, file);
|
builder = builder.with(Feature.FILES, file);
|
||||||
}
|
}
|
||||||
if (prefer != null) {
|
if (prefer != null) {
|
||||||
builder = builder.with(CatalogFeatures.Feature.PREFER, prefer);
|
builder = builder.with(Feature.PREFER, prefer);
|
||||||
}
|
}
|
||||||
if (defer != null) {
|
if (defer != null) {
|
||||||
builder = builder.with(CatalogFeatures.Feature.DEFER, defer);
|
builder = builder.with(Feature.DEFER, defer);
|
||||||
}
|
}
|
||||||
if (resolve != null) {
|
if (resolve != null) {
|
||||||
builder = builder.with(CatalogFeatures.Feature.RESOLVE, resolve);
|
builder = builder.with(Feature.RESOLVE, resolve);
|
||||||
}
|
}
|
||||||
|
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether the RESOLVE feature in the CatalogFeatures is continue.
|
||||||
|
* @param cf the specified CatalogFeatures
|
||||||
|
* @return true if the RESOLVE feature is
|
||||||
|
*/
|
||||||
|
public static boolean isResolveContinue(CatalogFeatures cf) {
|
||||||
|
return (cf == null || cf.get(Feature.RESOLVE).equals(RESOLVE_CONTINUE));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Passing on the CatalogFeatures settings from one Xerces configuration
|
* Passing on the CatalogFeatures settings from one Xerces configuration
|
||||||
* object to another.
|
* object to another.
|
||||||
@ -237,17 +254,22 @@ public class JdkXmlUtils {
|
|||||||
* SAXParserFactory or XMLReaderFactory, otherwise use the system-default
|
* SAXParserFactory or XMLReaderFactory, otherwise use the system-default
|
||||||
* SAXParserFactory to locate an XMLReader.
|
* SAXParserFactory to locate an XMLReader.
|
||||||
*
|
*
|
||||||
|
* Note: parameter useXMLReaderFactory was removed. The method instead checks
|
||||||
|
* the SAX_DRIVER property for whether the XMLReader should be created using
|
||||||
|
* XMLReaderFactory for compatibility. (see JDK-6490921).
|
||||||
|
*
|
||||||
|
* @param sm the XMLSecurityManager
|
||||||
* @param overrideDefaultParser a flag indicating whether a 3rd party's
|
* @param overrideDefaultParser a flag indicating whether a 3rd party's
|
||||||
* parser implementation may be used to override the system-default one
|
* parser implementation may be used to override the system-default one
|
||||||
* @param secureProcessing a flag indicating whether secure processing is
|
* @param secureProcessing a flag indicating whether secure processing is
|
||||||
* requested
|
* requested
|
||||||
* @param useXMLReaderFactory a flag indicating when the XMLReader should be
|
* @param useCatalog a flag indicating whether Catalog is enabled
|
||||||
* created using XMLReaderFactory. True is a compatibility mode that honors
|
* @param catalogFeatures the CatalogFeatures
|
||||||
* the property org.xml.sax.driver (see JDK-6490921).
|
|
||||||
* @return an XMLReader instance
|
* @return an XMLReader instance
|
||||||
*/
|
*/
|
||||||
public static XMLReader getXMLReader(boolean overrideDefaultParser,
|
public static XMLReader getXMLReader(XMLSecurityManager sm,
|
||||||
boolean secureProcessing) {
|
boolean overrideDefaultParser, boolean secureProcessing,
|
||||||
|
boolean useCatalog, CatalogFeatures catalogFeatures) {
|
||||||
SAXParserFactory saxFactory;
|
SAXParserFactory saxFactory;
|
||||||
XMLReader reader = null;
|
XMLReader reader = null;
|
||||||
String spSAXDriver = SecuritySupport.getSystemProperty(SAX_DRIVER);
|
String spSAXDriver = SecuritySupport.getSystemProperty(SAX_DRIVER);
|
||||||
@ -272,9 +294,7 @@ public class JdkXmlUtils {
|
|||||||
} catch (SAXException se) {
|
} catch (SAXException se) {
|
||||||
// older version of a parser
|
// older version of a parser
|
||||||
}
|
}
|
||||||
return reader;
|
} else {
|
||||||
}
|
|
||||||
|
|
||||||
// use the system-default
|
// use the system-default
|
||||||
saxFactory = defaultSAXFactory;
|
saxFactory = defaultSAXFactory;
|
||||||
|
|
||||||
@ -283,9 +303,54 @@ public class JdkXmlUtils {
|
|||||||
} catch (ParserConfigurationException | SAXException ex) {
|
} catch (ParserConfigurationException | SAXException ex) {
|
||||||
// shall not happen with the system-default reader
|
// shall not happen with the system-default reader
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
setReaderProperty(reader, sm, useCatalog, catalogFeatures);
|
||||||
|
|
||||||
return reader;
|
return reader;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets properties on the reader, including XMLSecurityManager and Catalog
|
||||||
|
* features.
|
||||||
|
*
|
||||||
|
* @param reader the XMLReader
|
||||||
|
* @param sm the XMLSecurityManager
|
||||||
|
* @param useCatalog the USE_CATALOG property
|
||||||
|
* @param catalogFeatures the Catalog features
|
||||||
|
*/
|
||||||
|
public static void setReaderProperty(XMLReader reader, XMLSecurityManager sm,
|
||||||
|
boolean useCatalog, CatalogFeatures catalogFeatures) {
|
||||||
|
if (reader != null) {
|
||||||
|
try {
|
||||||
|
reader.setProperty(SECURITY_MANAGER, sm);
|
||||||
|
} catch (SAXException ex) {
|
||||||
|
// internal setting, shouldn't happen
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean supportCatalog = true;
|
||||||
|
try {
|
||||||
|
reader.setFeature(JdkXmlUtils.USE_CATALOG, useCatalog);
|
||||||
|
}
|
||||||
|
catch (SAXException e) {
|
||||||
|
supportCatalog = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (catalogFeatures != null) {
|
||||||
|
CatalogFeatures cf = catalogFeatures;
|
||||||
|
if (supportCatalog && useCatalog) {
|
||||||
|
try {
|
||||||
|
for (CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
|
||||||
|
reader.setProperty(f.getPropertyName(), cf.get(f));
|
||||||
|
}
|
||||||
|
} catch (SAXException e) {
|
||||||
|
//shall not happen for internal settings
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Creates a system-default DOM Document.
|
* Creates a system-default DOM Document.
|
||||||
*
|
*
|
||||||
@ -353,10 +418,29 @@ public class JdkXmlUtils {
|
|||||||
return factory;
|
return factory;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static SAXTransformerFactory getSAXTransformFactory(boolean overrideDefaultParser) {
|
/**
|
||||||
|
* Returns an instance of SAXTransformerFactory with the current XMLSecurityManager
|
||||||
|
* and the setting of the OVERRIDE_PARSER property.
|
||||||
|
* @param sm the XMLSecurityManager
|
||||||
|
* @param overrideDefaultParser the setting of the OVERRIDE_PARSER property
|
||||||
|
* @return an instance of SAXTransformerFactory
|
||||||
|
*/
|
||||||
|
public static SAXTransformerFactory getSAXTransformFactory(XMLSecurityManager sm,
|
||||||
|
boolean overrideDefaultParser) {
|
||||||
SAXTransformerFactory tf = overrideDefaultParser
|
SAXTransformerFactory tf = overrideDefaultParser
|
||||||
? (SAXTransformerFactory) SAXTransformerFactory.newInstance()
|
? (SAXTransformerFactory) SAXTransformerFactory.newInstance()
|
||||||
: (SAXTransformerFactory) new TransformerFactoryImpl();
|
: (SAXTransformerFactory) new TransformerFactoryImpl();
|
||||||
|
if (sm != null) {
|
||||||
|
for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
|
||||||
|
if (sm.isSet(limit)){
|
||||||
|
tf.setAttribute(limit.apiProperty(), sm.getLimitValueAsString(limit));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (sm.printEntityCountInfo()) {
|
||||||
|
tf.setAttribute(JdkConstants.JDK_DEBUG_LIMIT, "yes");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
tf.setFeature(OVERRIDE_PARSER, overrideDefaultParser);
|
tf.setFeature(OVERRIDE_PARSER, overrideDefaultParser);
|
||||||
} catch (TransformerConfigurationException ex) {
|
} catch (TransformerConfigurationException ex) {
|
||||||
|
@ -212,7 +212,7 @@ public class SecuritySupport {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// load the custom configure on top of the default if any
|
// load the custom configure on top of the default if any
|
||||||
String configFile = SecuritySupport.getSystemProperty(JdkConstants.CONFIG_FILE);
|
String configFile = SecuritySupport.getSystemProperty(JdkConstants.CONFIG_FILE_PROPNAME);
|
||||||
if (configFile != null) {
|
if (configFile != null) {
|
||||||
loadProperties(configFile);
|
loadProperties(configFile);
|
||||||
}
|
}
|
||||||
|
@ -26,7 +26,13 @@ package jdk.xml.internal;
|
|||||||
|
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.util.SecurityManager;
|
import com.sun.org.apache.xerces.internal.util.SecurityManager;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.concurrent.CopyOnWriteArrayList;
|
import java.util.concurrent.CopyOnWriteArrayList;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
import javax.xml.stream.XMLInputFactory;
|
||||||
import jdk.xml.internal.JdkProperty.State;
|
import jdk.xml.internal.JdkProperty.State;
|
||||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
||||||
import org.xml.sax.SAXException;
|
import org.xml.sax.SAXException;
|
||||||
@ -37,52 +43,93 @@ import org.xml.sax.SAXException;
|
|||||||
*/
|
*/
|
||||||
public final class XMLSecurityManager {
|
public final class XMLSecurityManager {
|
||||||
|
|
||||||
|
public static final String DTD_KEY = JdkConstants.DTD_PROPNAME;
|
||||||
|
|
||||||
|
// Xerces Feature
|
||||||
|
public static final String DISALLOW_DTD = "http://apache.org/xml/features/disallow-doctype-decl";
|
||||||
|
public static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
|
||||||
|
|
||||||
|
// StAX feature
|
||||||
|
public static final String ZEPHYR_PROPERTY_PREFIX = "http://java.sun.com/xml/stream/properties/" ;
|
||||||
|
public static final String IGNORE_EXTERNAL_DTD = ZEPHYR_PROPERTY_PREFIX + "ignore-external-dtd";
|
||||||
|
|
||||||
|
// Valid values for the DTD property
|
||||||
|
public static final String DTD_ALLOW = "allow";
|
||||||
|
public static final String DTD_IGNORE = "ignore";
|
||||||
|
public static final String DTD_DENY = "deny";
|
||||||
|
static final Map<String, Integer> DTD_MAP;
|
||||||
|
// Source Level JDK 8
|
||||||
|
static {
|
||||||
|
Map<String, Integer> map = new HashMap<>();
|
||||||
|
map.put(DTD_ALLOW, 0);
|
||||||
|
map.put(DTD_IGNORE, 1);
|
||||||
|
map.put(DTD_DENY, 2);
|
||||||
|
DTD_MAP = Collections.unmodifiableMap(map);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Value converter for properties of type Boolean
|
||||||
|
private static final BooleanMapper BOOLMAPPER = new BooleanMapper();
|
||||||
|
|
||||||
|
// Value converter for properties of type Integer
|
||||||
|
private static final IntegerMapper INTMAPPER = new IntegerMapper();
|
||||||
|
|
||||||
|
// DTD value map
|
||||||
|
private static final StringMapper DTDMAPPER = new StringMapper(DTD_MAP);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Limits managed by the security manager
|
* Limits managed by the security manager
|
||||||
*/
|
*/
|
||||||
@SuppressWarnings("deprecation")
|
@SuppressWarnings("deprecation")
|
||||||
public static enum Limit {
|
public static enum Limit {
|
||||||
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", JdkConstants.JDK_ENTITY_EXPANSION_LIMIT,
|
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", JdkConstants.JDK_ENTITY_EXPANSION_LIMIT,
|
||||||
JdkConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000, Processor.PARSER),
|
JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT, 0, 64000, Processor.PARSER, INTMAPPER),
|
||||||
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", JdkConstants.JDK_MAX_OCCUR_LIMIT,
|
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", JdkConstants.JDK_MAX_OCCUR_LIMIT,
|
||||||
JdkConstants.SP_MAX_OCCUR_LIMIT, 0, 5000, Processor.PARSER),
|
JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT, 0, 5000, Processor.PARSER, INTMAPPER),
|
||||||
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", JdkConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
|
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", JdkConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
|
||||||
JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000, Processor.PARSER),
|
JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT, 0, 10000, Processor.PARSER, INTMAPPER),
|
||||||
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", JdkConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
|
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", JdkConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
|
||||||
JdkConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000, Processor.PARSER),
|
JdkConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, null, 0, 50000000, Processor.PARSER, INTMAPPER),
|
||||||
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
|
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT,
|
||||||
JdkConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0, Processor.PARSER),
|
JdkConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, null, 0, 0, Processor.PARSER, INTMAPPER),
|
||||||
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
|
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", JdkConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
|
||||||
JdkConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000, Processor.PARSER),
|
JdkConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, null, 0, 1000000, Processor.PARSER, INTMAPPER),
|
||||||
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", JdkConstants.JDK_MAX_ELEMENT_DEPTH,
|
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", JdkConstants.JDK_MAX_ELEMENT_DEPTH,
|
||||||
JdkConstants.SP_MAX_ELEMENT_DEPTH, 0, 0, Processor.PARSER),
|
JdkConstants.SP_MAX_ELEMENT_DEPTH, null, 0, 0, Processor.PARSER, INTMAPPER),
|
||||||
MAX_NAME_LIMIT("MaxXMLNameLimit", JdkConstants.JDK_XML_NAME_LIMIT,
|
MAX_NAME_LIMIT("MaxXMLNameLimit", JdkConstants.JDK_XML_NAME_LIMIT,
|
||||||
JdkConstants.SP_XML_NAME_LIMIT, 1000, 1000, Processor.PARSER),
|
JdkConstants.SP_XML_NAME_LIMIT, null, 1000, 1000, Processor.PARSER, INTMAPPER),
|
||||||
ENTITY_REPLACEMENT_LIMIT("EntityReplacementLimit", JdkConstants.JDK_ENTITY_REPLACEMENT_LIMIT,
|
ENTITY_REPLACEMENT_LIMIT("EntityReplacementLimit", JdkConstants.JDK_ENTITY_REPLACEMENT_LIMIT,
|
||||||
JdkConstants.SP_ENTITY_REPLACEMENT_LIMIT, 0, 3000000, Processor.PARSER),
|
JdkConstants.SP_ENTITY_REPLACEMENT_LIMIT, null, 0, 3000000, Processor.PARSER, INTMAPPER),
|
||||||
XPATH_GROUP_LIMIT("XPathGroupLimit", JdkConstants.XPATH_GROUP_LIMIT,
|
XPATH_GROUP_LIMIT("XPathGroupLimit", JdkConstants.XPATH_GROUP_LIMIT,
|
||||||
JdkConstants.XPATH_GROUP_LIMIT, 10, 10, Processor.XPATH),
|
JdkConstants.XPATH_GROUP_LIMIT, null, 10, 10, Processor.XPATH, INTMAPPER),
|
||||||
XPATH_OP_LIMIT("XPathExprOpLimit", JdkConstants.XPATH_OP_LIMIT,
|
XPATH_OP_LIMIT("XPathExprOpLimit", JdkConstants.XPATH_OP_LIMIT,
|
||||||
JdkConstants.XPATH_OP_LIMIT, 100, 100, Processor.XPATH),
|
JdkConstants.XPATH_OP_LIMIT, null, 100, 100, Processor.XPATH, INTMAPPER),
|
||||||
XPATH_TOTALOP_LIMIT("XPathTotalOpLimit", JdkConstants.XPATH_TOTALOP_LIMIT,
|
XPATH_TOTALOP_LIMIT("XPathTotalOpLimit", JdkConstants.XPATH_TOTALOP_LIMIT,
|
||||||
JdkConstants.XPATH_TOTALOP_LIMIT, 10000, 10000, Processor.XPATH)
|
JdkConstants.XPATH_TOTALOP_LIMIT, null, 10000, 10000, Processor.XPATH, INTMAPPER),
|
||||||
|
DTD("DTDProperty", JdkConstants.DTD_PROPNAME, JdkConstants.DTD_PROPNAME, null,
|
||||||
|
JdkConstants.ALLOW, JdkConstants.ALLOW, Processor.PARSER, DTDMAPPER),
|
||||||
|
XERCES_DISALLOW_DTD("disallowDTD", DISALLOW_DTD, null, null, 0, 0, Processor.PARSER, BOOLMAPPER),
|
||||||
|
STAX_SUPPORT_DTD("supportDTD", XMLInputFactory.SUPPORT_DTD, null, null, 1, 1, Processor.PARSER, BOOLMAPPER),
|
||||||
;
|
;
|
||||||
|
|
||||||
final String key;
|
final String key;
|
||||||
final String apiProperty;
|
final String apiProperty;
|
||||||
final String systemProperty;
|
final String systemProperty;
|
||||||
|
final String spOld;
|
||||||
final int defaultValue;
|
final int defaultValue;
|
||||||
final int secureValue;
|
final int secureValue;
|
||||||
final Processor processor;
|
final Processor processor;
|
||||||
|
final ValueMapper mapper;
|
||||||
|
|
||||||
Limit(String key, String apiProperty, String systemProperty, int value,
|
Limit(String key, String apiProperty, String systemProperty, String spOld, int value,
|
||||||
int secureValue, Processor processor) {
|
int secureValue, Processor processor, ValueMapper mapper) {
|
||||||
this.key = key;
|
this.key = key;
|
||||||
this.apiProperty = apiProperty;
|
this.apiProperty = apiProperty;
|
||||||
this.systemProperty = systemProperty;
|
this.systemProperty = systemProperty;
|
||||||
|
this.spOld = spOld;
|
||||||
this.defaultValue = value;
|
this.defaultValue = value;
|
||||||
this.secureValue = secureValue;
|
this.secureValue = secureValue;
|
||||||
this.processor = processor;
|
this.processor = processor;
|
||||||
|
this.mapper = mapper;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -129,6 +176,11 @@ public final class XMLSecurityManager {
|
|||||||
return systemProperty;
|
return systemProperty;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// returns legacy System Property
|
||||||
|
public String spOld() {
|
||||||
|
return spOld;
|
||||||
|
}
|
||||||
|
|
||||||
public int defaultValue() {
|
public int defaultValue() {
|
||||||
return defaultValue;
|
return defaultValue;
|
||||||
}
|
}
|
||||||
@ -140,29 +192,9 @@ public final class XMLSecurityManager {
|
|||||||
int secureValue() {
|
int secureValue() {
|
||||||
return secureValue;
|
return secureValue;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
public ValueMapper mapper() {
|
||||||
* Map old property names with the new ones
|
return mapper;
|
||||||
*/
|
|
||||||
public static enum NameMap {
|
|
||||||
|
|
||||||
ENTITY_EXPANSION_LIMIT(JdkConstants.SP_ENTITY_EXPANSION_LIMIT, JdkConstants.ENTITY_EXPANSION_LIMIT),
|
|
||||||
MAX_OCCUR_NODE_LIMIT(JdkConstants.SP_MAX_OCCUR_LIMIT, JdkConstants.MAX_OCCUR_LIMIT),
|
|
||||||
ELEMENT_ATTRIBUTE_LIMIT(JdkConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, JdkConstants.ELEMENT_ATTRIBUTE_LIMIT);
|
|
||||||
final String newName;
|
|
||||||
final String oldName;
|
|
||||||
|
|
||||||
NameMap(String newName, String oldName) {
|
|
||||||
this.newName = newName;
|
|
||||||
this.oldName = oldName;
|
|
||||||
}
|
|
||||||
|
|
||||||
String getOldName(String newName) {
|
|
||||||
if (newName.equals(this.newName)) {
|
|
||||||
return oldName;
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -170,6 +202,7 @@ public final class XMLSecurityManager {
|
|||||||
* Supported processors
|
* Supported processors
|
||||||
*/
|
*/
|
||||||
public static enum Processor {
|
public static enum Processor {
|
||||||
|
ANY,
|
||||||
PARSER,
|
PARSER,
|
||||||
XPATH,
|
XPATH,
|
||||||
}
|
}
|
||||||
@ -230,7 +263,8 @@ public final class XMLSecurityManager {
|
|||||||
states[limit.ordinal()] = State.DEFAULT;
|
states[limit.ordinal()] = State.DEFAULT;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//read system properties or jaxp.properties
|
|
||||||
|
//read system properties or the config file (jaxp.properties by default)
|
||||||
readSystemProperties();
|
readSystemProperties();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -284,13 +318,20 @@ public final class XMLSecurityManager {
|
|||||||
* if otherwise.
|
* if otherwise.
|
||||||
*/
|
*/
|
||||||
public boolean setLimit(String propertyName, State state, Object value) {
|
public boolean setLimit(String propertyName, State state, Object value) {
|
||||||
int index = getIndex(propertyName);
|
// special property to return entity count info
|
||||||
if (index > -1) {
|
if (ImplPropMap.ENTITYCOUNT.is(propertyName)) {
|
||||||
State pState = state;
|
printEntityCountInfo = (String)value;
|
||||||
if (index != indexEntityCountInfo && state == State.APIPROPERTY) {
|
return true;
|
||||||
pState = (Limit.values()[index]).getState(propertyName);
|
|
||||||
}
|
}
|
||||||
setLimit(index, pState, value);
|
|
||||||
|
Limit limit = getEnumValue(propertyName);
|
||||||
|
if (limit != null) {
|
||||||
|
State pState = state;
|
||||||
|
if (state == State.APIPROPERTY) {
|
||||||
|
// ordinal is the index of the value array
|
||||||
|
pState = (Limit.values()[limit.ordinal()]).getState(propertyName);
|
||||||
|
}
|
||||||
|
setLimit(limit, pState, value);
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
@ -308,27 +349,19 @@ public final class XMLSecurityManager {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the value of a property by its index
|
* Sets the value of a property by its enum name
|
||||||
*
|
*
|
||||||
* @param index the index of the property
|
* @param limit the limit
|
||||||
* @param state the state of the property
|
* @param state the state of the property
|
||||||
* @param value the value of the property
|
* @param value the value of the property
|
||||||
*/
|
*/
|
||||||
public void setLimit(int index, State state, Object value) {
|
public void setLimit(Limit limit, State state, Object value) {
|
||||||
if (index == indexEntityCountInfo) {
|
int intValue = limit.mapper().toInt(value);
|
||||||
printEntityCountInfo = (String)value;
|
if (intValue < 0) {
|
||||||
} else {
|
intValue = 0;
|
||||||
int temp;
|
|
||||||
if (value instanceof Integer) {
|
|
||||||
temp = (Integer)value;
|
|
||||||
} else {
|
|
||||||
temp = Integer.parseInt((String) value);
|
|
||||||
if (temp < 0) {
|
|
||||||
temp = 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
setLimit(index, state, temp);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setLimit(limit.ordinal(), state, intValue);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -384,7 +417,7 @@ public final class XMLSecurityManager {
|
|||||||
* @return value of a property
|
* @return value of a property
|
||||||
*/
|
*/
|
||||||
public String getLimitValueAsString(Limit limit) {
|
public String getLimitValueAsString(Limit limit) {
|
||||||
return Integer.toString(values[limit.ordinal()]);
|
return limit.mapper().toString(values[limit.ordinal()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -398,7 +431,8 @@ public final class XMLSecurityManager {
|
|||||||
return printEntityCountInfo;
|
return printEntityCountInfo;
|
||||||
}
|
}
|
||||||
|
|
||||||
return Integer.toString(values[index]);
|
Limit limit = Limit.values()[index];
|
||||||
|
return limit.mapper().toString(values[index]);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -421,6 +455,22 @@ public final class XMLSecurityManager {
|
|||||||
return states[limit.ordinal()].literal();
|
return states[limit.ordinal()].literal();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the enum value by its property name.
|
||||||
|
*
|
||||||
|
* @param propertyName property name
|
||||||
|
* @return the enum value if found; null otherwise
|
||||||
|
*/
|
||||||
|
public Limit getEnumValue(String propertyName) {
|
||||||
|
for (Limit limit : Limit.values()) {
|
||||||
|
if (limit.is(propertyName)) {
|
||||||
|
return limit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the index by property name
|
* Get the index by property name
|
||||||
*
|
*
|
||||||
@ -523,11 +573,35 @@ public final class XMLSecurityManager {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Indicate if a property is set explicitly
|
* Indicate if a property is set explicitly
|
||||||
* @param index
|
* @param limit the limit
|
||||||
* @return
|
* @return true if the limit is set, false otherwise
|
||||||
*/
|
*/
|
||||||
public boolean isSet(int index) {
|
public boolean isSet(Limit limit) {
|
||||||
return isSet[index];
|
return isSet[limit.ordinal()];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether the specified {@link Limit} is set and the value is
|
||||||
|
* as specified.
|
||||||
|
*
|
||||||
|
* @param limit the {@link Limit}
|
||||||
|
* @param value the value
|
||||||
|
* @return true if the {@code Limit} is set and the values match
|
||||||
|
*/
|
||||||
|
public boolean is(Limit limit, int value) {
|
||||||
|
return getLimit(limit) == value;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks whether the specified {@link Limit} is set and the value is
|
||||||
|
* 1 (true for a property of boolean type).
|
||||||
|
*
|
||||||
|
* @param limit the {@link Limit}
|
||||||
|
*
|
||||||
|
* @return true if the {@code Limit} is set and the value is 1
|
||||||
|
*/
|
||||||
|
public boolean is(Limit limit) {
|
||||||
|
return getLimit(limit) == 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean printEntityCountInfo() {
|
public boolean printEntityCountInfo() {
|
||||||
@ -537,16 +611,21 @@ public final class XMLSecurityManager {
|
|||||||
/**
|
/**
|
||||||
* Read system properties, or the configuration file
|
* Read system properties, or the configuration file
|
||||||
*/
|
*/
|
||||||
private void readSystemProperties() {
|
public void readSystemProperties() {
|
||||||
for (Limit limit : Limit.values()) {
|
for (Limit limit : Limit.values()) {
|
||||||
|
if (State.SYSTEMPROPERTY.compareTo(states[limit.ordinal()]) >= 0 &&
|
||||||
|
limit.systemProperty() != null) {
|
||||||
// attempts to read both the current and old system propery
|
// attempts to read both the current and old system propery
|
||||||
if (!getSystemProperty(limit, limit.systemProperty())
|
if (!getSystemProperty(limit, limit.systemProperty())
|
||||||
&& (!getOldSystemProperty(limit))) {
|
&& (!getSystemProperty(limit, limit.spOld()))) {
|
||||||
//if system property is not found, try the config file
|
//if system property is not found, try the config file
|
||||||
|
if (State.JAXPDOTPROPERTIES.compareTo(states[limit.ordinal()]) >= 0) {
|
||||||
getPropertyConfig(limit, limit.systemProperty());
|
getPropertyConfig(limit, limit.systemProperty());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Array list to store printed warnings for each SAX parser used
|
// Array list to store printed warnings for each SAX parser used
|
||||||
private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>();
|
private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>();
|
||||||
@ -572,11 +651,12 @@ public final class XMLSecurityManager {
|
|||||||
* @param sysPropertyName the name of system property
|
* @param sysPropertyName the name of system property
|
||||||
*/
|
*/
|
||||||
private boolean getSystemProperty(Limit limit, String sysPropertyName) {
|
private boolean getSystemProperty(Limit limit, String sysPropertyName) {
|
||||||
|
if (sysPropertyName == null) return false;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
String value = SecuritySupport.getSystemProperty(sysPropertyName);
|
String value = SecuritySupport.getSystemProperty(sysPropertyName);
|
||||||
if (value != null && !value.equals("")) {
|
if (value != null && !value.equals("")) {
|
||||||
values[limit.ordinal()] = Integer.parseInt(value);
|
setLimit(limit, State.SYSTEMPROPERTY, value);
|
||||||
states[limit.ordinal()] = State.SYSTEMPROPERTY;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} catch (NumberFormatException e) {
|
} catch (NumberFormatException e) {
|
||||||
@ -586,25 +666,6 @@ public final class XMLSecurityManager {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Reads the legacy system property.
|
|
||||||
* @param limit a limit object
|
|
||||||
* @return true if found, false otherwise
|
|
||||||
*/
|
|
||||||
private boolean getOldSystemProperty(Limit limit) {
|
|
||||||
boolean found = false;
|
|
||||||
for (NameMap nameMap : NameMap.values()) {
|
|
||||||
String oldName = nameMap.getOldName(limit.systemProperty());
|
|
||||||
if (oldName != null) {
|
|
||||||
if (getSystemProperty(limit, oldName)) {
|
|
||||||
found = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return found;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Reads a property from a configuration file, if any.
|
* Reads a property from a configuration file, if any.
|
||||||
*
|
*
|
||||||
@ -616,8 +677,7 @@ public final class XMLSecurityManager {
|
|||||||
try {
|
try {
|
||||||
String value = SecuritySupport.readConfig(sysPropertyName);
|
String value = SecuritySupport.readConfig(sysPropertyName);
|
||||||
if (value != null && !value.equals("")) {
|
if (value != null && !value.equals("")) {
|
||||||
values[limit.ordinal()] = Integer.parseInt(value);
|
setLimit(limit, State.JAXPDOTPROPERTIES, value);
|
||||||
states[limit.ordinal()] = State.JAXPDOTPROPERTIES;
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} catch (NumberFormatException e) {
|
} catch (NumberFormatException e) {
|
||||||
@ -658,4 +718,161 @@ public final class XMLSecurityManager {
|
|||||||
return securityManager;
|
return securityManager;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a mapper for properties of type String. The input is expected
|
||||||
|
* to be a String or Object. If there is a map, the mappings are between the
|
||||||
|
* keys and values within the map.
|
||||||
|
*/
|
||||||
|
public static class StringMapper extends ValueMapper {
|
||||||
|
private final Map<String, Integer> map;
|
||||||
|
private final Map<Integer, String> reverseMap;
|
||||||
|
|
||||||
|
public StringMapper(Map<String, Integer> map) {
|
||||||
|
this.map = map;
|
||||||
|
if (map != null) {
|
||||||
|
reverseMap = map.entrySet().stream()
|
||||||
|
.collect(Collectors.toMap(Map.Entry::getValue, Map.Entry::getKey));
|
||||||
|
} else {
|
||||||
|
reverseMap = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Finds the mapping int value with the specified property value. This
|
||||||
|
* method will try to convert the provided value to an integer if no
|
||||||
|
* mapping is found.
|
||||||
|
* @param value the property value
|
||||||
|
* @return the mapping int value if found, null otherwise
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public int toInt(Object value) {
|
||||||
|
Objects.requireNonNull(value);
|
||||||
|
Integer iVal;
|
||||||
|
if (map != null) {
|
||||||
|
iVal = map.get(((String)value).toLowerCase());
|
||||||
|
iVal = (iVal == null) ? 0 : iVal;
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
iVal = (int)Double.parseDouble((String)value);
|
||||||
|
} catch (NumberFormatException e) {
|
||||||
|
// Note: this is the currently expected behavior. It may be
|
||||||
|
// appropriate for the setter to catch it.
|
||||||
|
throw new NumberFormatException("Invalid setting " + value
|
||||||
|
+ " for a property of Integer type.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return iVal;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toObject(int value) {
|
||||||
|
if (reverseMap != null) {
|
||||||
|
return reverseMap.get(value);
|
||||||
|
}
|
||||||
|
return Integer.toString(value);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString(int value) {
|
||||||
|
return toObject(value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a mapper for properties of type Integer. The input is expected
|
||||||
|
* to be either an Integer or String.
|
||||||
|
*/
|
||||||
|
public static class IntegerMapper extends ValueMapper {
|
||||||
|
@Override
|
||||||
|
public int toInt(Object value) {
|
||||||
|
Objects.requireNonNull(value);
|
||||||
|
|
||||||
|
Integer iVal;
|
||||||
|
if (value instanceof Integer) {
|
||||||
|
iVal = (Integer)value;
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
iVal = Integer.parseInt((String)value);
|
||||||
|
} catch (NumberFormatException e) {
|
||||||
|
// Note: this is the currently expected behavior. It may be
|
||||||
|
// appropriate for the setter to catch it.
|
||||||
|
throw new NumberFormatException("Invalid setting " + value
|
||||||
|
+ " for a property of Integer type.");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return iVal;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Integer toObject(int value) {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString(int value) {
|
||||||
|
return Integer.toString(value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a mapper for properties of type Boolean. The input is expected
|
||||||
|
* to be either a Boolean or String.
|
||||||
|
*/
|
||||||
|
public static class BooleanMapper extends ValueMapper {
|
||||||
|
@Override
|
||||||
|
public int toInt(Object value) {
|
||||||
|
Objects.requireNonNull(value);
|
||||||
|
|
||||||
|
Boolean bVal;
|
||||||
|
if (value instanceof Boolean) {
|
||||||
|
bVal = (Boolean)value;
|
||||||
|
} else {
|
||||||
|
bVal = ((String)value).equalsIgnoreCase("true");
|
||||||
|
}
|
||||||
|
|
||||||
|
return bVal ? 1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Boolean toObject(int value) {
|
||||||
|
return value != 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String toString(int value) {
|
||||||
|
return Boolean.toString(value != 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a mapper of property values between int and other types, such as
|
||||||
|
* Boolean, String, and Object.
|
||||||
|
*/
|
||||||
|
public static abstract class ValueMapper {
|
||||||
|
// converts to an int value from that of the specified type
|
||||||
|
public abstract int toInt(Object value);
|
||||||
|
// converts the int value back to the original type
|
||||||
|
public abstract Object toObject(int value);
|
||||||
|
// converts the int value of a property to a String representation
|
||||||
|
public abstract String toString(int value);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a mapper of property values between int and other types, such as
|
||||||
|
* Boolean, String, and Object.
|
||||||
|
*
|
||||||
|
* @param <T> the value type to be mapped with an int value
|
||||||
|
*/
|
||||||
|
public abstract class ValueMapper1<T> {
|
||||||
|
// converts to an int value from that of the specified type
|
||||||
|
public abstract int toInt(T value);
|
||||||
|
// converts the int value back to the original type
|
||||||
|
public abstract T toObject(int value);
|
||||||
|
// converts the int value of a property to a String representation
|
||||||
|
public abstract String toString(int value);
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -752,7 +752,7 @@
|
|||||||
* <td id="ExtFunc">{@systemProperty jdk.xml.enableExtensionFunctions}</td>
|
* <td id="ExtFunc">{@systemProperty jdk.xml.enableExtensionFunctions}</td>
|
||||||
* <td>Determines if XSLT and XPath extension functions are to be allowed.
|
* <td>Determines if XSLT and XPath extension functions are to be allowed.
|
||||||
* </td>
|
* </td>
|
||||||
* <td style="text-align:center" rowspan="3">yes</td>
|
* <td style="text-align:center" rowspan="4">yes</td>
|
||||||
* <td style="text-align:center" rowspan="3">Boolean</td>
|
* <td style="text-align:center" rowspan="3">Boolean</td>
|
||||||
* <td>
|
* <td>
|
||||||
* true or false. True indicates that extension functions are allowed; False otherwise.
|
* true or false. True indicates that extension functions are allowed; False otherwise.
|
||||||
@ -808,6 +808,40 @@
|
|||||||
* <td style="text-align:center"><a href="#Processor">Method 2</a></td>
|
* <td style="text-align:center"><a href="#Processor">Method 2</a></td>
|
||||||
* <td style="text-align:center">9</td>
|
* <td style="text-align:center">9</td>
|
||||||
* </tr>
|
* </tr>
|
||||||
|
* <tr>
|
||||||
|
* <td id="DTD">{@systemProperty jdk.xml.dtd.support}<a href="#Note7">[7]</a></td>
|
||||||
|
* <td>Instructs the parser to handle DTDs in accordance with the setting of this property.
|
||||||
|
* The options are:
|
||||||
|
* <ul>
|
||||||
|
* <li><p>
|
||||||
|
* {@code allow} -- indicates that the parser shall continue processing DTDs;
|
||||||
|
* </li>
|
||||||
|
* <li><p>
|
||||||
|
* {@code ignore} -- indicates that the parser shall skip DTDs;
|
||||||
|
* </li>
|
||||||
|
* <li><p>
|
||||||
|
* {@code deny} -- indicates that the parser shall reject DTDs as an error.
|
||||||
|
* The parser shall report the error in accordance with its relevant specification.
|
||||||
|
* </li>
|
||||||
|
* </ul>
|
||||||
|
* </td>
|
||||||
|
* <td style="text-align:center">String</td>
|
||||||
|
* <td>
|
||||||
|
* {@code allow, ignore, and deny}. Values are case-insensitive.
|
||||||
|
* </td>
|
||||||
|
* <td style="text-align:center">allow</td>
|
||||||
|
* <td style="text-align:center">No</td>
|
||||||
|
* <td style="text-align:center">Yes</td>
|
||||||
|
* <td style="text-align:center">
|
||||||
|
* <a href="#DOM">DOM</a><br>
|
||||||
|
* <a href="#SAX">SAX</a><br>
|
||||||
|
* <a href="#StAX">StAX</a><br>
|
||||||
|
* <a href="#Validation">Validation</a><br>
|
||||||
|
* <a href="#Transform">Transform</a>
|
||||||
|
* </td>
|
||||||
|
* <td style="text-align:center"><a href="#Processor">Method 1</a></td>
|
||||||
|
* <td style="text-align:center">22</td>
|
||||||
|
* </tr>
|
||||||
* </tbody>
|
* </tbody>
|
||||||
* </table>
|
* </table>
|
||||||
* <p id="Note1">
|
* <p id="Note1">
|
||||||
@ -838,6 +872,19 @@
|
|||||||
* are as shown in the table <a href="#Processor">Processors</a>.
|
* are as shown in the table <a href="#Processor">Processors</a>.
|
||||||
* <p id="Note6">
|
* <p id="Note6">
|
||||||
* <b>[6]</b> Indicates the initial release the property is introduced.
|
* <b>[6]</b> Indicates the initial release the property is introduced.
|
||||||
|
* <p id="Note7">
|
||||||
|
* <b>[7]</b> The {@code jdk.xml.dtd.support} property complements the two existing
|
||||||
|
* DTD-related properties, {@code disallow-doctype-decl}(fully qualified name:
|
||||||
|
* {@code http://apache.org/xml/features/disallow-doctype-decl}) and supportDTD
|
||||||
|
* ({@code javax.xml.stream.supportDTD}), by providing a uniformed support for the
|
||||||
|
* processors listed and a system property that can be used in the
|
||||||
|
* <a href="#Conf_CF">JAXP Configuration File</a>. When {@code disallow-doctype-decl} is
|
||||||
|
* set on the DOM or SAX factory, or supportDTD on StAX factory, the {@code jdk.xml.dtd.support}
|
||||||
|
* property will have no effect.
|
||||||
|
* <p>
|
||||||
|
* These three properties control whether DTDs as a whole shall be processed. When
|
||||||
|
* they are set to deny or ignore, other properties that regulate a part or an
|
||||||
|
* aspect of DTD shall have no effect.
|
||||||
*
|
*
|
||||||
* <h3 id="IN_Legacy">Legacy Property Names (deprecated)</h3>
|
* <h3 id="IN_Legacy">Legacy Property Names (deprecated)</h3>
|
||||||
* JDK releases prior to JDK 17 support the use of URI style prefix for properties.
|
* JDK releases prior to JDK 17 support the use of URI style prefix for properties.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
|
* Copyright (c) 2021, 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
*
|
*
|
||||||
* This code is free software; you can redistribute it and/or modify it
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
@ -22,7 +22,6 @@
|
|||||||
*/
|
*/
|
||||||
package common;
|
package common;
|
||||||
|
|
||||||
import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit;
|
|
||||||
import java.util.EnumSet;
|
import java.util.EnumSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import javax.xml.parsers.DocumentBuilderFactory;
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
@ -34,6 +33,11 @@ import javax.xml.transform.TransformerFactory;
|
|||||||
import javax.xml.validation.SchemaFactory;
|
import javax.xml.validation.SchemaFactory;
|
||||||
import javax.xml.xpath.XPathFactory;
|
import javax.xml.xpath.XPathFactory;
|
||||||
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
import jdk.xml.internal.JdkProperty.ImplPropMap;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.BooleanMapper;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.IntegerMapper;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.Limit;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.StringMapper;
|
||||||
|
import jdk.xml.internal.XMLSecurityManager.ValueMapper;
|
||||||
import org.testng.Assert;
|
import org.testng.Assert;
|
||||||
import org.testng.annotations.Test;
|
import org.testng.annotations.Test;
|
||||||
import org.w3c.dom.DOMConfiguration;
|
import org.w3c.dom.DOMConfiguration;
|
||||||
@ -90,8 +94,21 @@ public class ImplPropertyTest {
|
|||||||
Processor.StAX, Processor.VALIDATION, Processor.TRANSFORM);
|
Processor.StAX, Processor.VALIDATION, Processor.TRANSFORM);
|
||||||
|
|
||||||
for (Limit limit : Limit.values()) {
|
for (Limit limit : Limit.values()) {
|
||||||
|
Object value1 = null, value2 = null;
|
||||||
|
ValueMapper mapper = limit.mapper();
|
||||||
|
if (mapper instanceof StringMapper) {
|
||||||
|
value1 = mapper.toObject(0);
|
||||||
|
value2 = mapper.toObject(1);
|
||||||
|
} else if (mapper instanceof BooleanMapper) {
|
||||||
|
value1 = true;
|
||||||
|
value2 = false;
|
||||||
|
} else if (mapper instanceof IntegerMapper) {
|
||||||
|
value1 = 100;
|
||||||
|
value2 = 200;
|
||||||
|
}
|
||||||
for (Processor p : pLimit) {
|
for (Processor p : pLimit) {
|
||||||
testProperties(p, limit.apiProperty(), 100, limit.systemProperty(), 200, true);
|
testProperties(p, limit.apiProperty(), value1, limit.systemProperty(), value2,
|
||||||
|
(limit.systemProperty() != null && !limit.apiProperty().equals(limit.systemProperty())));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -176,7 +193,6 @@ public class ImplPropertyTest {
|
|||||||
private void testProperties(Processor processor, String name1, Object value1,
|
private void testProperties(Processor processor, String name1, Object value1,
|
||||||
String name2, Object value2, boolean differ)
|
String name2, Object value2, boolean differ)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
||||||
Object ret1 = null;
|
Object ret1 = null;
|
||||||
Object ret2 = null;
|
Object ret2 = null;
|
||||||
switch (processor) {
|
switch (processor) {
|
||||||
@ -265,8 +281,15 @@ public class ImplPropertyTest {
|
|||||||
}
|
}
|
||||||
if ((value1 instanceof Integer) && ret1 instanceof String) {
|
if ((value1 instanceof Integer) && ret1 instanceof String) {
|
||||||
ret1 = Integer.parseInt((String)ret1);
|
ret1 = Integer.parseInt((String)ret1);
|
||||||
|
if (differ) {
|
||||||
ret2 = Integer.parseInt((String)ret2);
|
ret2 = Integer.parseInt((String)ret2);
|
||||||
}
|
}
|
||||||
|
} else if ((value1 instanceof Boolean) && ret1 instanceof String) {
|
||||||
|
ret1 = Boolean.parseBoolean((String)ret1);
|
||||||
|
if (differ) {
|
||||||
|
ret2 = Boolean.parseBoolean((String)ret2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// name1 is set, expected return value: value1 (set with the old name)
|
// name1 is set, expected return value: value1 (set with the old name)
|
||||||
Assert.assertEquals(ret1, value1);
|
Assert.assertEquals(ret1, value1);
|
||||||
|
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
# ---- For DTD test ----
|
||||||
|
#
|
||||||
|
# Disallow DTD
|
||||||
|
jdk.xml.dtd.support=deny
|
||||||
|
#
|
||||||
|
# Implementation specific limits:
|
||||||
|
jdk.xml.entityExpansionLimit=1000
|
||||||
|
|
||||||
|
|
29
test/jaxp/javax/xml/jaxp/unittest/common/dtd/DOMTest.java
Normal file
29
test/jaxp/javax/xml/jaxp/unittest/common/dtd/DOMTest.java
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test @bug 8306632
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @modules java.xml/jdk.xml.internal
|
||||||
|
* @run driver common.dtd.DOMTest 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.DOMTest 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.DOMTest 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.DOMTest 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.DOMTest 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.DOMTest 5 // verifies disallow-doctype-decl=false
|
||||||
|
* @run driver common.dtd.DOMTest 6 // verifies disallow-doctype-decl=true
|
||||||
|
* @summary verifies DOM's support of the property jdk.xml.dtd.support.
|
||||||
|
*/
|
||||||
|
public class DOMTest extends DTDTestBase {
|
||||||
|
public static void main(String args[]) throws Exception {
|
||||||
|
new DOMTest().run(args[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run(String index) throws Exception {
|
||||||
|
paramMap(Processor.DOM, null, index);
|
||||||
|
super.testDOM(filename, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
}
|
||||||
|
}
|
300
test/jaxp/javax/xml/jaxp/unittest/common/dtd/DTDTestBase.java
Normal file
300
test/jaxp/javax/xml/jaxp/unittest/common/dtd/DTDTestBase.java
Normal file
@ -0,0 +1,300 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
|
import javax.xml.parsers.SAXParser;
|
||||||
|
import javax.xml.stream.XMLInputFactory;
|
||||||
|
import javax.xml.transform.TransformerFactory;
|
||||||
|
import javax.xml.validation.SchemaFactory;
|
||||||
|
import common.util.TestBase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @bug 8306632
|
||||||
|
* @summary tests the DTD property jdk.xml.dtd.support.
|
||||||
|
* The DTD property controls how DTDs are processed.
|
||||||
|
*/
|
||||||
|
public class DTDTestBase extends TestBase {
|
||||||
|
static final String SRC_DIR;
|
||||||
|
static {
|
||||||
|
String srcDir = System.getProperty("test.src", ".");
|
||||||
|
if (IS_WINDOWS) {
|
||||||
|
srcDir = srcDir.replace('\\', '/');
|
||||||
|
}
|
||||||
|
SRC_DIR = srcDir;
|
||||||
|
TEST_SOURCE_DIR = srcDir + "/../xmlfiles/";
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testDOM(String filename, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
DocumentBuilderFactory dbf = getDBF(fsp, state, config, sysProp, apiProp);
|
||||||
|
process(filename, dbf, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testSAX(String filename, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
SAXParser parser = getSAXParser(fsp, state, config, sysProp, apiProp);
|
||||||
|
process(filename, parser, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testStAX(String filename, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
XMLInputFactory xif = getXMLInputFactory(state, config, sysProp, apiProp);
|
||||||
|
process(filename, xif, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testSchema1(String filename, String xsd, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
SchemaFactory sf = getSchemaFactory(fsp, state, config, sysProp, apiProp);
|
||||||
|
process(filename, sf, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testSchema2(String filename, String xsd, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
testSchema1(filename, xsd, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testValidation(String filename, String xsd, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
SchemaFactory sf = getSchemaFactory(fsp, state, config, sysProp, apiProp);
|
||||||
|
validate(filename, sf, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testStylesheet(String filename, String xsl, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
TransformerFactory tf = getTransformerFactory(fsp, state, config, sysProp, apiProp);
|
||||||
|
process(filename, tf, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void testTransform(String filename, String xsl, Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp,
|
||||||
|
boolean expectError, String error) throws Exception {
|
||||||
|
|
||||||
|
TransformerFactory tf = getTransformerFactory(fsp, state, config, sysProp, apiProp);
|
||||||
|
transform(filename, xsl, tf, expectError, error);
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* DataProvider for testing configuring properties for parsers.
|
||||||
|
*
|
||||||
|
* Fields:
|
||||||
|
* file, FSP, state of setting, config file, system property, api property,
|
||||||
|
* Custom Catalog, error expected, error code or expected result
|
||||||
|
*/
|
||||||
|
public Object[][] getConfigs(Processor processor) {
|
||||||
|
// file with an external DTD that's not in JdkCatalog
|
||||||
|
String fileDTDNotInC = "properties1.xml";
|
||||||
|
|
||||||
|
// error code when DTD=deny; The cause for DOM
|
||||||
|
String errCode = "JAXP00010008";
|
||||||
|
|
||||||
|
// Xerces error message when DTD is disallowed
|
||||||
|
String errXerces = "disallow-doctype-decl";
|
||||||
|
|
||||||
|
// error (not from catalog) is expect when CATALOG=continue
|
||||||
|
boolean isErrExpected = true;
|
||||||
|
String expected1 = "invalid.site.com";
|
||||||
|
|
||||||
|
// expected when DTD is ignored
|
||||||
|
String expected = "";
|
||||||
|
|
||||||
|
switch (processor) {
|
||||||
|
case SAX:
|
||||||
|
//errCode = "JAXP00090001";
|
||||||
|
break;
|
||||||
|
case STAX:
|
||||||
|
errCode = "JAXP00010008";
|
||||||
|
// StAX is non-validating parser
|
||||||
|
isErrExpected = false;
|
||||||
|
expected = ".*[\\w\\s]+(value1)[\\w\\s]+.*";
|
||||||
|
expected1 = expected;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Object[][]{
|
||||||
|
// Case 1: external reference pointing to an invalid site
|
||||||
|
/**
|
||||||
|
* Case 1-1: DTD=allow by default; no Config file;
|
||||||
|
* Expect: error as the parser processes DTD and tries to access the invalid site
|
||||||
|
* Error: JAXP00010008 java.net.UnknownHostException: invalid.site.com
|
||||||
|
*/
|
||||||
|
{fileDTDNotInC, null, null, null, null, null, isErrExpected, expected},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-2: DTD=deny in config file
|
||||||
|
* Expect: Exception since DTD is denied
|
||||||
|
*/
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE, Properties.CONFIG_FILE_DTD2, null, null, true, errCode},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-3: DTD=allow with the System Property
|
||||||
|
* Expect: error as Case 1-1
|
||||||
|
*/
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, null, isErrExpected, expected1},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-4: DTD=deny with the API property
|
||||||
|
* Expect: Exception as Case 1-2
|
||||||
|
*/
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.DTD2}, true, errCode},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-5: DTD=ignore with the API property
|
||||||
|
* Expect: no error, DTD is ignored
|
||||||
|
*/
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.DTD1}, false, expected},
|
||||||
|
|
||||||
|
// Case 2: repeat Case 1-3 (allow), 1-4 (deny) with the Xerces property on the factory
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.XERCES_ALLOW_DTD}, isErrExpected, expected1},
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.XERCES_DISALLOW_DTD}, true, errXerces},
|
||||||
|
|
||||||
|
// Case 3: repeat Case 1-3 (allow), 1-5 (ignore) with the StAX property on the factory
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.SUPPORT_DTD}, isErrExpected, expected1},
|
||||||
|
{fileDTDNotInC, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.SUPPORT_DTD_FALSE}, false, expected},
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* DataProvider for testing configuring properties for validation or transform.
|
||||||
|
*
|
||||||
|
* Fields:
|
||||||
|
* xml file, xsd or xsl file, FSP, state of setting, config file, system property,
|
||||||
|
* api property, Custom Catalog, error expected, error code or expected result
|
||||||
|
*/
|
||||||
|
public Object[][] getConfig(String m) {
|
||||||
|
// SchemaTest1: Schema Import
|
||||||
|
String xmlFile = "XSDImport_company.xsd";
|
||||||
|
String xsdOrXsl = null;
|
||||||
|
String expected = "";
|
||||||
|
boolean errOnIgnore = false;
|
||||||
|
String ignoreExpected = "";
|
||||||
|
String errCode = "JAXP00010008";
|
||||||
|
|
||||||
|
switch (m) {
|
||||||
|
case "SchemaTest2":
|
||||||
|
// Schema Include
|
||||||
|
xmlFile = "XSDInclude_company.xsd";
|
||||||
|
break;
|
||||||
|
case "Validation":
|
||||||
|
// Schema Location
|
||||||
|
xmlFile = "val_test.xml";
|
||||||
|
errOnIgnore = true;
|
||||||
|
ignoreExpected = "x1";
|
||||||
|
break;
|
||||||
|
case "Stylesheet":
|
||||||
|
xmlFile = "XSLDTD.xsl";
|
||||||
|
break;
|
||||||
|
case "Transform":
|
||||||
|
xmlFile = "XSLPI.xml";
|
||||||
|
xsdOrXsl = "<?xml version='1.0'?>"
|
||||||
|
+ "<!DOCTYPE top SYSTEM 'test.dtd'"
|
||||||
|
+ "["
|
||||||
|
+ "<!ENTITY % pe \"x\">"
|
||||||
|
+ "<!ENTITY x1 \"AAAAA\">"
|
||||||
|
+ "<!ENTITY x2 \"bbb\">"
|
||||||
|
+"]>"
|
||||||
|
+ "<?xml-stylesheet href=\""
|
||||||
|
+ TEST_SOURCE_DIR
|
||||||
|
+ "/XSLPI_target.xsl\" type=\"text/xml\"?>"
|
||||||
|
+ "<xsl:stylesheet "
|
||||||
|
+ " xmlns:xsl='http://www.w3.org/1999/XSL/Transform' "
|
||||||
|
+ " version='1.0'>"
|
||||||
|
+ "</xsl:stylesheet> ";
|
||||||
|
errCode = "JAXP00010008";
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return new Object[][]{
|
||||||
|
// Case 1: external reference pointing to an invalid site
|
||||||
|
/**
|
||||||
|
* Case 1-1: default setting, DTD=allow
|
||||||
|
* Expect: pass without error
|
||||||
|
*/
|
||||||
|
{xmlFile, xsdOrXsl, null, null, null, null, null, false, expected},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-2: DTD=deny in config file
|
||||||
|
* Expect: Exception since DTD is denied
|
||||||
|
*/
|
||||||
|
{xmlFile, xsdOrXsl, null, PropertyState.CONFIG_FILE, Properties.CONFIG_FILE_DTD2, null, null, true, errCode},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-3: DTD=allow with the System Property
|
||||||
|
* Expect: error as Case 1-1
|
||||||
|
*/
|
||||||
|
{xmlFile, xsdOrXsl, null, PropertyState.CONFIG_FILE_SYSTEM, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, null, false, expected},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-4: DTD=deny with the API property
|
||||||
|
* Expect: Exception as Case 1-2
|
||||||
|
*/
|
||||||
|
{xmlFile, xsdOrXsl, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.DTD2}, true, errCode},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Case 1-5: DTD=ignore with the API property
|
||||||
|
* Expect: no error, DTD is ignored
|
||||||
|
*/
|
||||||
|
{xmlFile, xsdOrXsl, null, PropertyState.CONFIG_FILE_SYSTEM_API, Properties.CONFIG_FILE_DTD2, new Properties[]{Properties.DTD0}, new Properties[]{Properties.DTD1}, errOnIgnore, ignoreExpected},
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns absolute path
|
||||||
|
static String getPath(String file) {
|
||||||
|
String temp = TEST_SOURCE_DIR + file;
|
||||||
|
if (IS_WINDOWS) {
|
||||||
|
temp = "/" + temp;
|
||||||
|
}
|
||||||
|
return temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
// parameters in the same order as the test method
|
||||||
|
String filename; String xsd; String xsl; Properties fsp; PropertyState state;
|
||||||
|
Properties config; Properties[] sysProp; Properties[] apiProp;
|
||||||
|
boolean expectError; String error;
|
||||||
|
|
||||||
|
// Maps the DataProvider array to individual parameters
|
||||||
|
public void paramMap(Processor processor, String method, String index) {
|
||||||
|
int i = 0;
|
||||||
|
Object[][] params;
|
||||||
|
if (processor == Processor.VALIDATOR ||
|
||||||
|
processor == Processor.TRANSFORMER) {
|
||||||
|
params = getConfig(method);
|
||||||
|
i = 1;
|
||||||
|
} else {
|
||||||
|
params = getConfigs(processor);
|
||||||
|
}
|
||||||
|
Object[] param = params[Integer.parseInt(index)];
|
||||||
|
filename = (String)param[0];
|
||||||
|
if (processor == Processor.VALIDATOR) {
|
||||||
|
xsd = (String)param[i];
|
||||||
|
} else if (processor == Processor.TRANSFORMER) {
|
||||||
|
xsl = (String)param[i];
|
||||||
|
}
|
||||||
|
fsp = (Properties)param[i + 1];
|
||||||
|
state = (PropertyState)param[i + 2];
|
||||||
|
config = (Properties)param[i + 3];
|
||||||
|
sysProp = (Properties[])param[i + 4];
|
||||||
|
apiProp = (Properties[])param[i + 5];
|
||||||
|
expectError = (boolean)param[i + 6];
|
||||||
|
error = (String)param[i + 7];
|
||||||
|
}
|
||||||
|
}
|
31
test/jaxp/javax/xml/jaxp/unittest/common/dtd/SAXTest.java
Normal file
31
test/jaxp/javax/xml/jaxp/unittest/common/dtd/SAXTest.java
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
import common.util.TestBase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test @bug 8306632
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @modules java.xml/jdk.xml.internal
|
||||||
|
* @run driver common.dtd.SAXTest 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.SAXTest 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.SAXTest 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.SAXTest 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.SAXTest 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.SAXTest 5 // verifies disallow-doctype-decl=false
|
||||||
|
* @run driver common.dtd.SAXTest 6 // verifies disallow-doctype-decl=true
|
||||||
|
* @summary verifies SAX's support of the property jdk.xml.dtd.support.
|
||||||
|
*/
|
||||||
|
public class SAXTest extends DTDTestBase {
|
||||||
|
public static void main(String args[]) throws Exception {
|
||||||
|
new SAXTest().run(args[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run(String index) throws Exception {
|
||||||
|
paramMap(TestBase.Processor.SAX, null, index);
|
||||||
|
super.testSAX(filename, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
}
|
||||||
|
}
|
48
test/jaxp/javax/xml/jaxp/unittest/common/dtd/SchemaTest.java
Normal file
48
test/jaxp/javax/xml/jaxp/unittest/common/dtd/SchemaTest.java
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test @bug 8306632
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @modules java.xml/jdk.xml.internal
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest1 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest1 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest1 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest1 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest1 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest2 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest2 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest2 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest2 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.SchemaTest SchemaTest2 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.SchemaTest Validation 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.SchemaTest Validation 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.SchemaTest Validation 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.SchemaTest Validation 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.SchemaTest Validation 4 // verifies DTD=ignore
|
||||||
|
* @summary verifies Schema and Validation's support of the property jdk.xml.dtd.support.
|
||||||
|
*/
|
||||||
|
public class SchemaTest extends DTDTestBase {
|
||||||
|
|
||||||
|
public static void main(String args[]) throws Exception {
|
||||||
|
new SchemaTest().run(args[0], args[1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run(String method, String index) throws Exception {
|
||||||
|
paramMap(Processor.VALIDATOR, method, index);
|
||||||
|
switch (method) {
|
||||||
|
case "SchemaTest1":
|
||||||
|
super.testSchema1(filename, xsd, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
break;
|
||||||
|
case "SchemaTest2":
|
||||||
|
super.testSchema2(filename, xsd, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
break;
|
||||||
|
case "Validation":
|
||||||
|
super.testValidation(filename, xsd, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
34
test/jaxp/javax/xml/jaxp/unittest/common/dtd/StAXTest.java
Normal file
34
test/jaxp/javax/xml/jaxp/unittest/common/dtd/StAXTest.java
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
import common.util.TestBase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test @bug 8306632
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @modules java.xml/jdk.xml.internal
|
||||||
|
* @run driver common.dtd.StAXTest 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.StAXTest 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.StAXTest 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.StAXTest 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.StAXTest 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.StAXTest 5 // verifies disallow-doctype-decl=false
|
||||||
|
* @run driver common.dtd.StAXTest 6 // verifies disallow-doctype-decl=true
|
||||||
|
* @run driver common.dtd.StAXTest 7 // verifies supportDTD=true
|
||||||
|
* @run driver common.dtd.StAXTest 8 // verifies supportDTD=false
|
||||||
|
* @summary verifies StAX's support of the property jdk.xml.dtd.support.
|
||||||
|
*/
|
||||||
|
public class StAXTest extends DTDTestBase {
|
||||||
|
|
||||||
|
public static void main(String args[]) throws Exception {
|
||||||
|
new StAXTest().run(args[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run(String index) throws Exception {
|
||||||
|
paramMap(TestBase.Processor.STAX, null, index);
|
||||||
|
super.testStAX(filename, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,42 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
||||||
|
*/
|
||||||
|
package common.dtd;
|
||||||
|
|
||||||
|
import common.util.TestBase;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @test @bug 8306632
|
||||||
|
* @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
|
||||||
|
* @modules java.xml/jdk.xml.internal
|
||||||
|
* @run driver common.dtd.TransformTest Stylesheet 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.TransformTest Stylesheet 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.TransformTest Stylesheet 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.TransformTest Stylesheet 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.TransformTest Stylesheet 4 // verifies DTD=ignore
|
||||||
|
* @run driver common.dtd.TransformTest Transform 0 // verifies default setting dtd.support=allow
|
||||||
|
* @run driver common.dtd.TransformTest Transform 1 // verifies overriding with config file
|
||||||
|
* @run driver common.dtd.TransformTest Transform 2 // verifies overriding with system property
|
||||||
|
* @run driver common.dtd.TransformTest Transform 3 // verifies overriding with factory setting (DTD=deny)
|
||||||
|
* @run driver common.dtd.TransformTest Transform 4 // verifies DTD=ignore
|
||||||
|
* @summary verifies Transform's support of the property jdk.xml.dtd.support.
|
||||||
|
*/
|
||||||
|
public class TransformTest extends DTDTestBase {
|
||||||
|
|
||||||
|
public static void main(String args[]) throws Exception {
|
||||||
|
new TransformTest().run(args[0], args[1]);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void run(String method, String index) throws Exception {
|
||||||
|
paramMap(TestBase.Processor.TRANSFORMER, method, index);
|
||||||
|
switch (method) {
|
||||||
|
case "Stylesheet":
|
||||||
|
super.testStylesheet(filename, xsl, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
break;
|
||||||
|
case "Transform":
|
||||||
|
super.testTransform(filename, xsl, fsp, state, config, sysProp, apiProp, expectError, error);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
635
test/jaxp/javax/xml/jaxp/unittest/common/util/TestBase.java
Normal file
635
test/jaxp/javax/xml/jaxp/unittest/common/util/TestBase.java
Normal file
@ -0,0 +1,635 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
package common.util;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.FileNotFoundException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.io.StringReader;
|
||||||
|
import java.io.StringWriter;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
import javax.xml.XMLConstants;
|
||||||
|
import javax.xml.catalog.CatalogFeatures;
|
||||||
|
import javax.xml.parsers.DocumentBuilder;
|
||||||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
|
import javax.xml.parsers.SAXParser;
|
||||||
|
import javax.xml.parsers.SAXParserFactory;
|
||||||
|
import javax.xml.stream.XMLInputFactory;
|
||||||
|
import javax.xml.stream.XMLResolver;
|
||||||
|
import javax.xml.stream.XMLStreamConstants;
|
||||||
|
import javax.xml.stream.XMLStreamException;
|
||||||
|
import javax.xml.stream.XMLStreamReader;
|
||||||
|
import javax.xml.transform.Source;
|
||||||
|
import javax.xml.transform.Transformer;
|
||||||
|
import javax.xml.transform.TransformerFactory;
|
||||||
|
import javax.xml.transform.dom.DOMSource;
|
||||||
|
import javax.xml.transform.sax.SAXSource;
|
||||||
|
import javax.xml.transform.stax.StAXSource;
|
||||||
|
import javax.xml.transform.stream.StreamResult;
|
||||||
|
import javax.xml.transform.stream.StreamSource;
|
||||||
|
import javax.xml.validation.Schema;
|
||||||
|
import javax.xml.validation.SchemaFactory;
|
||||||
|
import javax.xml.validation.Validator;
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.xml.sax.InputSource;
|
||||||
|
import org.xml.sax.helpers.DefaultHandler;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test base for common/dtd
|
||||||
|
*/
|
||||||
|
public class TestBase {
|
||||||
|
static final boolean DEBUG = true;
|
||||||
|
public static final String ORACLE_JAXP_PROPERTY_PREFIX =
|
||||||
|
"http://www.oracle.com/xml/jaxp/properties/";
|
||||||
|
public static final String JDK_ENTITY_COUNT_INFO =
|
||||||
|
ORACLE_JAXP_PROPERTY_PREFIX + "getEntityCountInfo";
|
||||||
|
public static final String CATALOG_FILE = CatalogFeatures.Feature.FILES.getPropertyName();
|
||||||
|
public static final boolean IS_WINDOWS = System.getProperty("os.name").contains("Windows");
|
||||||
|
public static String SRC_DIR = System.getProperty("test.src", ".");
|
||||||
|
public static String TEST_SOURCE_DIR;
|
||||||
|
|
||||||
|
|
||||||
|
// configuration file system property
|
||||||
|
private static final String CONFIG_FILE = "java.xml.config.file";
|
||||||
|
|
||||||
|
// Xerces Property
|
||||||
|
public static final String DISALLOW_DTD = "http://apache.org/xml/features/disallow-doctype-decl";
|
||||||
|
public static final String LOAD_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
|
||||||
|
|
||||||
|
// Zephyr Properties
|
||||||
|
public static final String ZEPHYR_PROPERTY_PREFIX = "http://java.sun.com/xml/stream/properties/" ;
|
||||||
|
public static final String IGNORE_EXTERNAL_DTD = ZEPHYR_PROPERTY_PREFIX + "ignore-external-dtd";
|
||||||
|
|
||||||
|
// Impl Specific Properties
|
||||||
|
public static final String SP_DTD = "jdk.xml.dtd.support";
|
||||||
|
public static final String OVERRIDE_PARSER = "jdk.xml.overrideDefaultParser";
|
||||||
|
|
||||||
|
// DTD/CATALOG constants
|
||||||
|
public static final String RESOLVE_CONTINUE = "continue";
|
||||||
|
public static final String RESOLVE_IGNORE = "ignore";
|
||||||
|
public static final String RESOLVE_STRICT = "strict";
|
||||||
|
|
||||||
|
public static final String DTD_ALLOW = "allow";
|
||||||
|
public static final String DTD_IGNORE = "ignore";
|
||||||
|
public static final String DTD_DENY = "deny";
|
||||||
|
|
||||||
|
// JAXP Configuration File(JCF) location
|
||||||
|
// DTD = deny
|
||||||
|
public static final String JCF_DTD2 = "../config/files/dtd2.properties";
|
||||||
|
|
||||||
|
|
||||||
|
String xmlExternalEntity, xmlExternalEntityId;
|
||||||
|
String xmlGE_Expansion, xmlGE_ExpansionId;
|
||||||
|
|
||||||
|
public static enum Processor { DOM, SAX, STAX, VALIDATOR, TRANSFORMER };
|
||||||
|
static enum SourceType { STREAM, SAX, STAX, DOM };
|
||||||
|
|
||||||
|
public static enum Properties {
|
||||||
|
CONFIG_FILE_DTD2(null, CONFIG_FILE, Type.FEATURE, getPath(JCF_DTD2)),
|
||||||
|
FSP(XMLConstants.FEATURE_SECURE_PROCESSING, null, Type.FEATURE, "true"),
|
||||||
|
FSP_FALSE(XMLConstants.FEATURE_SECURE_PROCESSING, null, Type.FEATURE, "false"),
|
||||||
|
|
||||||
|
// properties
|
||||||
|
DTD0(SP_DTD, "ditto", Type.PROPERTY, DTD_ALLOW),
|
||||||
|
DTD1(SP_DTD, "ditto", Type.PROPERTY, DTD_IGNORE),
|
||||||
|
DTD2(SP_DTD, "ditto", Type.PROPERTY, DTD_DENY),
|
||||||
|
|
||||||
|
// StAX properties
|
||||||
|
SUPPORT_DTD(XMLInputFactory.SUPPORT_DTD, null, Type.FEATURE, "true"),
|
||||||
|
SUPPORT_DTD_FALSE(XMLInputFactory.SUPPORT_DTD, null, Type.FEATURE, "false"),
|
||||||
|
SUPPORT_EXTERNAL_ENTITIES(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, null, Type.FEATURE, "true"),
|
||||||
|
SUPPORT_EXTERNAL_ENTITIES_FALSE(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, null, Type.FEATURE, "false"),
|
||||||
|
REPLACE_ENTITY_REF(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, null, Type.FEATURE, "true"),
|
||||||
|
REPLACE_ENTITY_REF_FALSE(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, null, Type.FEATURE, "false"),
|
||||||
|
ZEPHY_IGNORE_EXTERNAL_DTD(IGNORE_EXTERNAL_DTD, null, Type.FEATURE, "true"),
|
||||||
|
ZEPHY_IGNORE_EXTERNAL_DTD_FALSE(IGNORE_EXTERNAL_DTD, null, Type.FEATURE, "false"),
|
||||||
|
|
||||||
|
// Xerces properties
|
||||||
|
XERCES_DISALLOW_DTD(DISALLOW_DTD, null, Type.FEATURE, "true"),
|
||||||
|
XERCES_ALLOW_DTD(DISALLOW_DTD, null, Type.FEATURE, "false"),
|
||||||
|
XERCES_LOAD_EXTERNAL_DTD(LOAD_EXTERNAL_DTD, null, Type.FEATURE, "true"),
|
||||||
|
XERCES_LOAD_EXTERNAL_DTD_FALSE(LOAD_EXTERNAL_DTD, null, Type.FEATURE, "false"),
|
||||||
|
|
||||||
|
;
|
||||||
|
|
||||||
|
final String apiName, spName;
|
||||||
|
final Type type;
|
||||||
|
final String value;
|
||||||
|
|
||||||
|
String file, resolve;
|
||||||
|
Properties(String apiName, String spName, Type t, String value) {
|
||||||
|
this.apiName = apiName;
|
||||||
|
// if spName not specified, it's the same as the API name
|
||||||
|
if ("ditto".equals(spName)) {
|
||||||
|
this.spName = apiName;
|
||||||
|
} else {
|
||||||
|
this.spName = spName;
|
||||||
|
}
|
||||||
|
this.type = t;
|
||||||
|
this.value = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Type type() {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String value() {
|
||||||
|
return value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static enum Type {
|
||||||
|
CONFIGFILE,
|
||||||
|
FEATURE,
|
||||||
|
PROPERTY,
|
||||||
|
LIMIT,
|
||||||
|
}
|
||||||
|
|
||||||
|
// the state of property setting
|
||||||
|
public static enum PropertyState {
|
||||||
|
// set through the factories
|
||||||
|
API,
|
||||||
|
// set through the System Property
|
||||||
|
SYSTEM,
|
||||||
|
// set in the Config file
|
||||||
|
CONFIG_FILE,
|
||||||
|
// set with both the Config file and System Property, the later shall prevail
|
||||||
|
CONFIG_FILE_SYSTEM,
|
||||||
|
// set: Config file, System Property and API, the later shall prevail
|
||||||
|
CONFIG_FILE_SYSTEM_API,
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void process(String filename, DocumentBuilderFactory dbf, boolean expectError,
|
||||||
|
String error) throws Exception {
|
||||||
|
//dbf.setAttribute(CatalogFeatures.Feature.RESOLVE.getPropertyName(), "continue");
|
||||||
|
DocumentBuilder builder = dbf.newDocumentBuilder();
|
||||||
|
File file = new File(getPath(filename));
|
||||||
|
try {
|
||||||
|
Document document = builder.parse(file);
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
processError(expectError, error, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void process(String filename, SAXParser parser, boolean expectError,
|
||||||
|
String error) throws Exception {
|
||||||
|
|
||||||
|
File file = new File(getPath(filename));
|
||||||
|
try {
|
||||||
|
parser.parse(file, new DefaultHandler());
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
//e.printStackTrace();
|
||||||
|
processError(expectError, error, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void process(String filename, XMLInputFactory xif, boolean expectError,
|
||||||
|
String expected) throws Exception {
|
||||||
|
|
||||||
|
String xml = getPath(filename);
|
||||||
|
try {
|
||||||
|
InputStream entityxml = new FileInputStream(xml);
|
||||||
|
XMLStreamReader streamReader = xif.createXMLStreamReader(xml, entityxml);
|
||||||
|
String text = getText(streamReader, XMLStreamConstants.CHARACTERS);
|
||||||
|
System.out.println("Text: [" + text.trim() + "]");
|
||||||
|
Assert.assertTrue(Pattern.matches(expected, text.trim()));
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
processError(expectError, expected, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void process(String filename, SchemaFactory sf, boolean expectError,
|
||||||
|
String expected) throws Exception {
|
||||||
|
|
||||||
|
String xsd = getPath(filename);
|
||||||
|
try {
|
||||||
|
Schema schema = sf.newSchema(new StreamSource(new File(xsd)));
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
processError(expectError, expected, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void process(String filename, TransformerFactory tf, boolean expectError,
|
||||||
|
String expected) throws Exception {
|
||||||
|
String xsl = getPath(filename);
|
||||||
|
try {
|
||||||
|
SAXSource xslSource = new SAXSource(new InputSource(xsl));
|
||||||
|
xslSource.setSystemId(xsl);
|
||||||
|
Transformer transformer = tf.newTransformer(xslSource);
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
//e.printStackTrace();
|
||||||
|
processError(expectError, expected, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void transform(String xmlFile, String xsl, TransformerFactory tf,
|
||||||
|
boolean expectError, String expected) throws Exception {
|
||||||
|
String xmlSysId = getPath(xmlFile);
|
||||||
|
try {
|
||||||
|
SAXSource xslSource = new SAXSource(new InputSource(new StringReader(xsl)));
|
||||||
|
//SAXSource xslSource = new SAXSource(new InputSource(xslSysId));
|
||||||
|
xslSource.setSystemId(xmlSysId);
|
||||||
|
Transformer transformer = tf.newTransformer(xslSource);
|
||||||
|
StringWriter sw = new StringWriter();
|
||||||
|
transformer.transform(getSource(SourceType.STREAM, xmlSysId), new StreamResult(sw));
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
processError(expectError, expected, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void validate(String filename, SchemaFactory sf, boolean expectError,
|
||||||
|
String expected) throws Exception {
|
||||||
|
String xml = getPath(filename);
|
||||||
|
try {
|
||||||
|
Schema schema = sf.newSchema();
|
||||||
|
Validator validator = schema.newValidator();
|
||||||
|
validator.validate(new StreamSource(new File(xml)));
|
||||||
|
Assert.assertTrue(!expectError);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
processError(expectError, expected, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void processError(boolean expectError, String error, Exception e)
|
||||||
|
throws Exception {
|
||||||
|
//e.printStackTrace();
|
||||||
|
String str = e.getMessage();
|
||||||
|
// System.out.println("Exp Msg: " + str);
|
||||||
|
//e.printStackTrace();
|
||||||
|
if (!expectError) {
|
||||||
|
Assert.assertTrue(false, "Expected pass, but Exception is thrown " +
|
||||||
|
str);
|
||||||
|
} else {
|
||||||
|
Assert.assertTrue((str != null) && str.contains(error));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a DocumentBuilderFactory with settings as specified.
|
||||||
|
*
|
||||||
|
* @param fsp FSP setting
|
||||||
|
* @param state the setting method
|
||||||
|
* @param config the configuration file setting
|
||||||
|
* @param sysProp properties to be set through the System Property API
|
||||||
|
* @param apiProp the properties to be set via the factory
|
||||||
|
* @return a DocumentBuilderFactory
|
||||||
|
*/
|
||||||
|
protected DocumentBuilderFactory getDBF(Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp) {
|
||||||
|
setSystemProperty(config, state, sysProp);
|
||||||
|
|
||||||
|
DocumentBuilderFactory dbf = DocumentBuilderFactory.newDefaultNSInstance();
|
||||||
|
dbf.setXIncludeAware(true);
|
||||||
|
if (fsp != null) {
|
||||||
|
try {
|
||||||
|
dbf.setFeature(fsp.apiName, Boolean.parseBoolean(fsp.value));
|
||||||
|
} catch (ParserConfigurationException ex) {
|
||||||
|
// shouldn't happen
|
||||||
|
//ex.printStackTrace();
|
||||||
|
Assert.fail("Test error: setting " + fsp.apiName + " to " + fsp.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
if (property.type == Type.FEATURE) {
|
||||||
|
try {
|
||||||
|
dbf.setFeature(property.apiName, Boolean.parseBoolean(property.value));
|
||||||
|
} catch (ParserConfigurationException ex) {
|
||||||
|
Assert.fail("Test error: setting " + fsp.apiName + " to " + fsp.value);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
dbf.setAttribute(property.apiName, property.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clearSystemProperty(state, sysProp);
|
||||||
|
|
||||||
|
return dbf;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns an instance of SAXParser with a catalog if one is provided.
|
||||||
|
*
|
||||||
|
* @param fsp Feature Secure Processing
|
||||||
|
* @param state the state of property settings
|
||||||
|
* @param config the config file
|
||||||
|
* @param sysProp the system properties
|
||||||
|
* @param apiProp the properties to be set via the factory
|
||||||
|
* @return an instance of SAXParser
|
||||||
|
* @throws ParserConfigurationException
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
public SAXParser getSAXParser(Properties fsp, PropertyState state, Properties config,
|
||||||
|
Properties[] sysProp, Properties[] apiProp) throws Exception {
|
||||||
|
setSystemProperty(config, state, sysProp);
|
||||||
|
|
||||||
|
SAXParserFactory spf = SAXParserFactory.newDefaultNSInstance();
|
||||||
|
spf.setXIncludeAware(true);
|
||||||
|
if (fsp != null) {
|
||||||
|
try {
|
||||||
|
spf.setFeature(fsp.apiName, Boolean.parseBoolean(fsp.value));
|
||||||
|
} catch (ParserConfigurationException ex) {
|
||||||
|
Assert.fail("Test error: setting " + fsp.apiName + " to " + fsp.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
if (property.type == Type.FEATURE) {
|
||||||
|
try {
|
||||||
|
spf.setFeature(property.apiName, Boolean.parseBoolean(property.value));
|
||||||
|
} catch (ParserConfigurationException ex) {
|
||||||
|
Assert.fail("Test error: setting " + fsp.apiName + " to " + fsp.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
SAXParser parser = spf.newSAXParser();
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
if (property.type != Type.FEATURE) {
|
||||||
|
parser.setProperty(property.apiName, property.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clearSystemProperty(state, sysProp);
|
||||||
|
return parser;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected XMLInputFactory getXMLInputFactory(PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp) {
|
||||||
|
setSystemProperty(config, state, sysProp);
|
||||||
|
XMLInputFactory factory = XMLInputFactory.newInstance();
|
||||||
|
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
factory.setProperty(property.apiName, property.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clearSystemProperty(state, sysProp);
|
||||||
|
|
||||||
|
return factory;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected SchemaFactory getSchemaFactory(Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp)
|
||||||
|
throws Exception {
|
||||||
|
setSystemProperty(config, state, sysProp);
|
||||||
|
SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
|
||||||
|
|
||||||
|
if (fsp != null) {
|
||||||
|
factory.setFeature(fsp.apiName, Boolean.parseBoolean(fsp.value));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
if (property.type == Type.FEATURE) {
|
||||||
|
factory.setFeature(property.apiName, Boolean.parseBoolean(property.value));
|
||||||
|
} else {
|
||||||
|
factory.setProperty(property.apiName, property.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clearSystemProperty(state, sysProp);
|
||||||
|
|
||||||
|
return factory;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected TransformerFactory getTransformerFactory(Properties fsp, PropertyState state,
|
||||||
|
Properties config, Properties[] sysProp, Properties[] apiProp)
|
||||||
|
throws Exception {
|
||||||
|
setSystemProperty(config, state, sysProp);
|
||||||
|
TransformerFactory tf = TransformerFactory.newInstance();
|
||||||
|
//tf.setAttribute(JDK_ENTITY_COUNT_INFO, "yes");
|
||||||
|
if (fsp != null) {
|
||||||
|
tf.setFeature(fsp.apiName, Boolean.parseBoolean(fsp.value));
|
||||||
|
}
|
||||||
|
if (state == PropertyState.API || state == PropertyState.CONFIG_FILE_SYSTEM_API) {
|
||||||
|
for (Properties property : apiProp) {
|
||||||
|
if (property.type == Type.FEATURE) {
|
||||||
|
tf.setFeature(property.apiName, Boolean.parseBoolean(property.value));
|
||||||
|
} else {
|
||||||
|
tf.setAttribute(property.apiName, property.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
clearSystemProperty(state, sysProp);
|
||||||
|
|
||||||
|
return tf;
|
||||||
|
}
|
||||||
|
|
||||||
|
XMLStreamReader getStreamReader(boolean setUseCatalog, boolean useCatalog,
|
||||||
|
String catalog, String xml, XMLResolver resolver)
|
||||||
|
throws FileNotFoundException, XMLStreamException {
|
||||||
|
XMLInputFactory factory = XMLInputFactory.newInstance();
|
||||||
|
if (catalog != null) {
|
||||||
|
factory.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), catalog);
|
||||||
|
}
|
||||||
|
|
||||||
|
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
|
||||||
|
factory.setProperty(XMLInputFactory.IS_COALESCING, true);
|
||||||
|
|
||||||
|
if (resolver != null) {
|
||||||
|
factory.setProperty(XMLInputFactory.RESOLVER, resolver);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (setUseCatalog) {
|
||||||
|
factory.setProperty(XMLConstants.USE_CATALOG, useCatalog);
|
||||||
|
}
|
||||||
|
|
||||||
|
InputStream entityxml = new FileInputStream(xml);
|
||||||
|
XMLStreamReader streamReader = factory.createXMLStreamReader(xml, entityxml);
|
||||||
|
return streamReader;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the accumulated text of an event type.
|
||||||
|
*
|
||||||
|
* @param streamReader the XMLStreamReader
|
||||||
|
* @param type the type of event requested
|
||||||
|
* @return the text of the accumulated text for the request type
|
||||||
|
* @throws XMLStreamException
|
||||||
|
*/
|
||||||
|
String getText(XMLStreamReader streamReader, int type) throws XMLStreamException {
|
||||||
|
StringBuilder text = new StringBuilder();
|
||||||
|
StringBuilder entityRef = new StringBuilder();
|
||||||
|
|
||||||
|
while(streamReader.hasNext()){
|
||||||
|
int eventType = streamReader.next();
|
||||||
|
switch (eventType) {
|
||||||
|
case XMLStreamConstants.START_ELEMENT:
|
||||||
|
break;
|
||||||
|
case XMLStreamConstants.CHARACTERS:
|
||||||
|
text.append(streamReader.getText());
|
||||||
|
break;
|
||||||
|
case XMLStreamConstants.ENTITY_REFERENCE:
|
||||||
|
entityRef.append(streamReader.getText());
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (type == XMLStreamConstants.CHARACTERS) {
|
||||||
|
return text.toString();
|
||||||
|
} else {
|
||||||
|
return entityRef.toString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Build a Source for _xmlFile depending on the value of sourceType.
|
||||||
|
* @return
|
||||||
|
* @throws FileNotFoundException
|
||||||
|
* @throws XMLStreamException
|
||||||
|
*/
|
||||||
|
private Source getSource(SourceType sourceType, String xmlFile)
|
||||||
|
throws FileNotFoundException, XMLStreamException {
|
||||||
|
if (sourceType == null) {
|
||||||
|
throw new Error("Test Bug: Please check that sourceType is set");
|
||||||
|
}
|
||||||
|
switch(sourceType) {
|
||||||
|
case SAX: return new SAXSource(new InputSource(xmlFile));
|
||||||
|
case STAX: return new StAXSource(XMLInputFactory.newFactory()
|
||||||
|
.createXMLEventReader(xmlFile, new FileInputStream(xmlFile)));
|
||||||
|
case DOM: return new DOMSource(null,xmlFile);
|
||||||
|
default: return new StreamSource(xmlFile);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the System Property via the System Property API and/or the Config file.
|
||||||
|
*
|
||||||
|
* @param config the configuration file setting
|
||||||
|
* @param state the setting method
|
||||||
|
* @param sysProp properties to be set through the System Property API
|
||||||
|
*/
|
||||||
|
protected void setSystemProperty(Properties config, PropertyState state, Properties[] sysProp) {
|
||||||
|
// no System Property
|
||||||
|
if (state == null) return;
|
||||||
|
if (sysProp != null) {
|
||||||
|
for (Properties property : sysProp) {
|
||||||
|
setSystemProperty1(config, state, property);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
setSystemProperty1(config, state, null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void setSystemProperty1(Properties config, PropertyState state, Properties property) {
|
||||||
|
switch (state) {
|
||||||
|
case SYSTEM:
|
||||||
|
System.setProperty(property.spName, property.value);
|
||||||
|
break;
|
||||||
|
case CONFIG_FILE:
|
||||||
|
System.setProperty(CONFIG_FILE, config.value);
|
||||||
|
break;
|
||||||
|
case CONFIG_FILE_SYSTEM:
|
||||||
|
case CONFIG_FILE_SYSTEM_API:
|
||||||
|
System.setProperty(CONFIG_FILE, config.value);
|
||||||
|
if (property != null) {
|
||||||
|
System.setProperty(property.spName, property.value);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Clears the System Properties.
|
||||||
|
*
|
||||||
|
* @param state the state of setting, refer to {@link PropertyState}.
|
||||||
|
* @param sysProp the system properties
|
||||||
|
*/
|
||||||
|
protected void clearSystemProperty(PropertyState state, Properties[] sysProp) {
|
||||||
|
if (state == null) return;
|
||||||
|
if (sysProp != null) {
|
||||||
|
for (Properties property : sysProp) {
|
||||||
|
clearSystemProperty1(state, property);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
clearSystemProperty1(state, null);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
protected void clearSystemProperty1(PropertyState m, Properties property) {
|
||||||
|
if (m == null) return;
|
||||||
|
switch (m) {
|
||||||
|
case SYSTEM:
|
||||||
|
System.clearProperty(property.spName);
|
||||||
|
break;
|
||||||
|
case CONFIG_FILE:
|
||||||
|
System.clearProperty(CONFIG_FILE);
|
||||||
|
break;
|
||||||
|
case CONFIG_FILE_SYSTEM:
|
||||||
|
case CONFIG_FILE_SYSTEM_API:
|
||||||
|
System.clearProperty(CONFIG_FILE);
|
||||||
|
if (property != null) {
|
||||||
|
System.clearProperty(property.spName);
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static String getPath(String file) {
|
||||||
|
String temp = TEST_SOURCE_DIR + file;
|
||||||
|
if (IS_WINDOWS) {
|
||||||
|
temp = "/" + temp;
|
||||||
|
}
|
||||||
|
return temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
static class Assert {
|
||||||
|
public static void assertTrue(boolean condition) {
|
||||||
|
assertTrue(condition, null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void assertTrue(boolean condition, String message) {
|
||||||
|
if (!condition) {
|
||||||
|
if (message != null) {
|
||||||
|
throw new RuntimeException("Expected true but was false. " + message);
|
||||||
|
} else {
|
||||||
|
throw new RuntimeException("Expected true but was false. ");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void fail(String message) {
|
||||||
|
throw new RuntimeException("Test failed. " + message);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,28 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<!DOCTYPE top SYSTEM 'test.dtd'
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.company.org"
|
||||||
|
xmlns="http://www.company.org"
|
||||||
|
elementFormDefault="unqualified"
|
||||||
|
xmlns:per="http://www.person.org"
|
||||||
|
xmlns:pro="http://www.product.org">
|
||||||
|
<xsd:import namespace="http://www.person.org"
|
||||||
|
schemaLocation="XSDImport_person.xsd"/>
|
||||||
|
<xsd:import namespace="http://www.product.org"
|
||||||
|
schemaLocation="XSDImport_product.xsd"/>
|
||||||
|
<xsd:element name="Company">
|
||||||
|
<xsd:complexType>
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Person" type="per:PersonType"
|
||||||
|
maxOccurs="unbounded"/>
|
||||||
|
<xsd:element name="Product" type="pro:ProductType"
|
||||||
|
maxOccurs="unbounded"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:element>
|
||||||
|
</xsd:schema>
|
@ -0,0 +1,12 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.person.org"
|
||||||
|
xmlns="http://www.person.org"
|
||||||
|
elementFormDefault="unqualified">
|
||||||
|
<xsd:complexType name="PersonType">
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Name" type="xsd:string"/>
|
||||||
|
<xsd:element name="SSN" type="xsd:string"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:schema>
|
@ -0,0 +1,11 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.product.org"
|
||||||
|
xmlns="http://www.product.org"
|
||||||
|
elementFormDefault="unqualified">
|
||||||
|
<xsd:complexType name="ProductType">
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Type" type="xsd:string"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:schema>
|
@ -0,0 +1,24 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<!DOCTYPE top SYSTEM 'test.dtd'
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.company.org"
|
||||||
|
xmlns="http://www.company.org"
|
||||||
|
elementFormDefault="qualified">
|
||||||
|
<xsd:include schemaLocation="XSDInclude_person.xsd"/>
|
||||||
|
<xsd:include schemaLocation="XSDInclude_product.xsd"/>
|
||||||
|
<xsd:element name="Company">
|
||||||
|
<xsd:complexType>
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Person" type="PersonType"
|
||||||
|
maxOccurs="unbounded"/>
|
||||||
|
<xsd:element name="Product" type="ProductType"
|
||||||
|
maxOccurs="unbounded"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:element>
|
||||||
|
</xsd:schema>
|
@ -0,0 +1,12 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.company.org"
|
||||||
|
xmlns="http://www.person.org"
|
||||||
|
elementFormDefault="qualified">
|
||||||
|
<xsd:complexType name="PersonType">
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Name" type="xsd:string"/>
|
||||||
|
<xsd:element name="SSN" type="xsd:string"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:schema>
|
@ -0,0 +1,11 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="http://www.company.org"
|
||||||
|
xmlns="http://www.product.org"
|
||||||
|
elementFormDefault="qualified">
|
||||||
|
<xsd:complexType name="ProductType">
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="Type" type="xsd:string"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
</xsd:schema>
|
108
test/jaxp/javax/xml/jaxp/unittest/common/xmlfiles/XSLDTD.dtd
Normal file
108
test/jaxp/javax/xml/jaxp/unittest/common/xmlfiles/XSLDTD.dtd
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
<?xml version="1.1" encoding="UTF-8"?>
|
||||||
|
<!-- Portions (C) International Organization for Standardization 1986
|
||||||
|
Permission to copy in any form is granted for use with
|
||||||
|
conforming SGML systems and applications as defined in
|
||||||
|
ISO 8879, provided this notice is included in all copies.
|
||||||
|
-->
|
||||||
|
<!-- Character entity set. Typical invocation:
|
||||||
|
<!ENTITY % HTMLlat1 PUBLIC
|
||||||
|
"-//W3C//ENTITIES Latin 1//EN//HTML">
|
||||||
|
%HTMLlat1;
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!ENTITY nbsp " " >
|
||||||
|
<!ENTITY iexcl "¡" >
|
||||||
|
<!ENTITY cent "¢" >
|
||||||
|
<!ENTITY pound "£" >
|
||||||
|
<!ENTITY curren "¤" >
|
||||||
|
<!ENTITY yen "¥" >
|
||||||
|
<!ENTITY brvbar "¦" >
|
||||||
|
<!ENTITY sect "§" >
|
||||||
|
<!ENTITY uml "¨" >
|
||||||
|
<!ENTITY copy "©" >
|
||||||
|
<!ENTITY ordf "ª" >
|
||||||
|
<!ENTITY laquo "«" >
|
||||||
|
<!ENTITY not "¬" >
|
||||||
|
<!ENTITY shy "­" >
|
||||||
|
<!ENTITY reg "®" >
|
||||||
|
<!ENTITY macr "¯" >
|
||||||
|
<!ENTITY deg "°" >
|
||||||
|
<!ENTITY plusmn "±" >
|
||||||
|
<!ENTITY sup2 "²" >
|
||||||
|
<!ENTITY sup3 "³" >
|
||||||
|
<!ENTITY acute "´" >
|
||||||
|
<!ENTITY micro "µ" >
|
||||||
|
<!ENTITY para "¶" >
|
||||||
|
<!ENTITY middot "·" >
|
||||||
|
<!ENTITY cedil "¸" >
|
||||||
|
<!ENTITY sup1 "¹" >
|
||||||
|
<!ENTITY ordm "º" >
|
||||||
|
<!ENTITY raquo "»" >
|
||||||
|
<!ENTITY frac14 "¼" >
|
||||||
|
<!ENTITY frac12 "½" >
|
||||||
|
<!ENTITY frac34 "¾" >
|
||||||
|
<!ENTITY iquest "¿" >
|
||||||
|
<!ENTITY Agrave "À" >
|
||||||
|
<!ENTITY Aacute "Á" >
|
||||||
|
<!ENTITY Acirc "Â" >
|
||||||
|
<!ENTITY Atilde "Ã" >
|
||||||
|
<!ENTITY Auml "Ä" >
|
||||||
|
<!ENTITY Aring "Å" >
|
||||||
|
<!ENTITY AElig "Æ" >
|
||||||
|
<!ENTITY Ccedil "Ç" >
|
||||||
|
<!ENTITY Egrave "È" >
|
||||||
|
<!ENTITY Eacute "É" >
|
||||||
|
<!ENTITY Ecirc "Ê" >
|
||||||
|
<!ENTITY Euml "Ë" >
|
||||||
|
<!ENTITY Igrave "Ì" >
|
||||||
|
<!ENTITY Iacute "Í" >
|
||||||
|
<!ENTITY Icirc "Î" >
|
||||||
|
<!ENTITY Iuml "Ï" >
|
||||||
|
<!ENTITY ETH "Ð" >
|
||||||
|
<!ENTITY Ntilde "Ñ" >
|
||||||
|
<!ENTITY Ograve "Ò" >
|
||||||
|
<!ENTITY Oacute "Ó" >
|
||||||
|
<!ENTITY Ocirc "Ô" >
|
||||||
|
<!ENTITY Otilde "Õ" >
|
||||||
|
<!ENTITY Ouml "Ö" >
|
||||||
|
<!ENTITY times "×" >
|
||||||
|
<!ENTITY Oslash "Ø" >
|
||||||
|
<!ENTITY Ugrave "Ù" >
|
||||||
|
<!ENTITY Uacute "Ú" >
|
||||||
|
<!ENTITY Ucirc "Û" >
|
||||||
|
<!ENTITY Uuml "Ü" >
|
||||||
|
<!ENTITY Yacute "Ý" >
|
||||||
|
<!ENTITY THORN "Þ" >
|
||||||
|
<!ENTITY szlig "ß" >
|
||||||
|
<!ENTITY agrave "à" >
|
||||||
|
<!ENTITY aacute "á" >
|
||||||
|
<!ENTITY acirc "â" >
|
||||||
|
<!ENTITY atilde "ã" >
|
||||||
|
<!ENTITY auml "ä" >
|
||||||
|
<!ENTITY aring "å" >
|
||||||
|
<!ENTITY aelig "æ" >
|
||||||
|
<!ENTITY ccedil "ç" >
|
||||||
|
<!ENTITY egrave "è" >
|
||||||
|
<!ENTITY eacute "é" >
|
||||||
|
<!ENTITY ecirc "ê" >
|
||||||
|
<!ENTITY euml "ë" >
|
||||||
|
<!ENTITY igrave "ì" >
|
||||||
|
<!ENTITY iacute "í" >
|
||||||
|
<!ENTITY icirc "î" >
|
||||||
|
<!ENTITY iuml "ï" >
|
||||||
|
<!ENTITY eth "ð" >
|
||||||
|
<!ENTITY ntilde "ñ" >
|
||||||
|
<!ENTITY ograve "ò" >
|
||||||
|
<!ENTITY oacute "ó" >
|
||||||
|
<!ENTITY ocirc "ô" >
|
||||||
|
<!ENTITY otilde "õ" >
|
||||||
|
<!ENTITY ouml "ö" >
|
||||||
|
<!ENTITY divide "÷" >
|
||||||
|
<!ENTITY oslash "ø" >
|
||||||
|
<!ENTITY ugrave "ù" >
|
||||||
|
<!ENTITY uacute "ú" >
|
||||||
|
<!ENTITY ucirc "û" >
|
||||||
|
<!ENTITY uuml "ü" >
|
||||||
|
<!ENTITY yacute "ý" >
|
||||||
|
<!ENTITY thorn "þ" >
|
||||||
|
<!ENTITY yuml "ÿ" >
|
@ -0,0 +1,8 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<!DOCTYPE top SYSTEM 'test.dtd'
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<doc></doc>
|
21
test/jaxp/javax/xml/jaxp/unittest/common/xmlfiles/XSLDTD.xsl
Normal file
21
test/jaxp/javax/xml/jaxp/unittest/common/xmlfiles/XSLDTD.xsl
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?xml version="1.1" encoding="ISO-8859-1" standalone="no"?>
|
||||||
|
<!DOCTYPE HTMLlat1 SYSTEM "XSLDTD.dtd">
|
||||||
|
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
|
||||||
|
|
||||||
|
<!-- FileName: copy20 -->
|
||||||
|
<!-- Document: http://www.w3.org/TR/xslt -->
|
||||||
|
<!-- DocVersion: 19991116 -->
|
||||||
|
<!-- Section: 11.3 -->
|
||||||
|
<!-- Creator: David Marston -->
|
||||||
|
<!-- Purpose: Test copy-of a string constant containing character entity -->
|
||||||
|
|
||||||
|
<xsl:output method="xml" encoding="UTF-8"/>
|
||||||
|
<!-- With this output encoding, should get two bytes (xC3,xA6) for the æ -->
|
||||||
|
|
||||||
|
<xsl:template match="/">
|
||||||
|
<out>
|
||||||
|
<xsl:copy-of select="'abcdæfgh'"/>
|
||||||
|
</out>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
</xsl:stylesheet>
|
@ -0,0 +1,8 @@
|
|||||||
|
<?xml version="1.1" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE doc SYSTEM 'test.dtd'
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<doc/>
|
@ -0,0 +1,6 @@
|
|||||||
|
<?xml version='1.1'?>
|
||||||
|
<?xml-stylesheet href="XSLPI_target.xsl" type="text/xml"?>
|
||||||
|
<xsl:stylesheet
|
||||||
|
xmlns:xsl='http://www.w3.org/1999/XSL/Transform'
|
||||||
|
version='1.0'>
|
||||||
|
</xsl:stylesheet>
|
@ -0,0 +1,9 @@
|
|||||||
|
<?xml version="1.1" encoding="UTF-8"?>
|
||||||
|
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
|
||||||
|
|
||||||
|
<xsl:template match="footer">
|
||||||
|
<dv id="footer"><xsl:apply-templates/></dv>
|
||||||
|
</xsl:template>
|
||||||
|
|
||||||
|
|
||||||
|
</xsl:stylesheet>
|
@ -0,0 +1,8 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
|
||||||
|
<properties>
|
||||||
|
<comment>java.util.Properties</comment>
|
||||||
|
<entry key="property1">value1</entry>
|
||||||
|
<entry key="property2">value2</entry>
|
||||||
|
<entry key="property3">value3</entry>
|
||||||
|
</properties>
|
@ -0,0 +1,13 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!DOCTYPE properties SYSTEM "http://invalid.site.com/dtd/properties1.dtd"
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<properties>
|
||||||
|
<comment>java.util.Properties</comment>
|
||||||
|
<entry key="property1">value1</entry>
|
||||||
|
<entry key="property2">value2</entry>
|
||||||
|
<entry key="property3">value3</entry>
|
||||||
|
</properties>
|
@ -0,0 +1,6 @@
|
|||||||
|
|
||||||
|
<!ENTITY % bltin "*">
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
|
||||||
|
<!ELEMENT top (#PCDATA)>
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<!DOCTYPE top SYSTEM 'test.dtd'
|
||||||
|
[
|
||||||
|
<!ENTITY % pe "x">
|
||||||
|
<!ENTITY x "AAAAA">
|
||||||
|
<!ENTITY x1 "BBB">
|
||||||
|
]>
|
||||||
|
<test:root xmlns:test="test"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="test val_test.xsd"
|
||||||
|
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
|
||||||
|
<child xsi:type="xsd:string">&x1;</child>
|
||||||
|
</test:root>
|
@ -0,0 +1,16 @@
|
|||||||
|
<?xml version="1.1"?>
|
||||||
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
|
||||||
|
targetNamespace="test">
|
||||||
|
<xsd:element name="root">
|
||||||
|
<xsd:complexType>
|
||||||
|
<xsd:sequence>
|
||||||
|
<xsd:element name="child" type="xsd:anyType"/>
|
||||||
|
</xsd:sequence>
|
||||||
|
</xsd:complexType>
|
||||||
|
|
||||||
|
<xsd:key name="key1">
|
||||||
|
<xsd:selector xpath="."/>
|
||||||
|
<xsd:field xpath="child"/>
|
||||||
|
</xsd:key>
|
||||||
|
</xsd:element>
|
||||||
|
</xsd:schema>
|
Loading…
Reference in New Issue
Block a user