Refine search
/** * Creates a fresh empty DOM document and adds nodes under this document. * @deprecated */ public SAX2DOMEx() throws ParserConfigurationException { DocumentBuilderFactory factory = XmlFactory.createDocumentBuilderFactory(false); factory.setValidating(false); document = factory.newDocumentBuilder().newDocument(); node = document; nodeStack.push(document); }
/** * Obtains a configured XMLReader. * * This method is used when the client-specified * {@link SAXSource} object doesn't have XMLReader. * * {@link Unmarshaller} is not re-entrant, so we will * only use one instance of XMLReader. * * Overriden in order to fix potential security issue. */ @Override protected XMLReader getXMLReader() throws JAXBException { if (reader == null) { try { SAXParserFactory parserFactory = XmlFactory.createParserFactory(context.disableSecurityProcessing); // there is no point in asking a validation because // there is no guarantee that the document will come with // a proper schemaLocation. parserFactory.setValidating(false); reader = parserFactory.newSAXParser().getXMLReader(); } catch (ParserConfigurationException e) { throw new JAXBException(e); } catch (SAXException e) { throw new JAXBException(e); } } return reader; }
/** * Creates a new identity transformer. */ public static TransformerHandler createTransformerHandler(boolean disableSecureProcessing) { try { SAXTransformerFactory tf = (SAXTransformerFactory)XmlFactory.createTransformerFactory(disableSecureProcessing); return tf.newTransformerHandler(); } catch (TransformerConfigurationException e) { throw new Error(e); // impossible } }
/** * Returns properly configured (e.g. security features) schema factory * - namespaceAware == true * - securityProcessing == is set based on security processing property, default is true */ public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException { try { SchemaFactory factory = SchemaFactory.newInstance(language); if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); } factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); return factory; } catch (SAXNotRecognizedException ex) { LOGGER.log(Level.SEVERE, null, ex); throw new IllegalStateException(ex); } catch (SAXNotSupportedException ex) { LOGGER.log(Level.SEVERE, null, ex); throw new IllegalStateException(ex); } catch (AbstractMethodError er) { LOGGER.log(Level.SEVERE, null, er); throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); } }
boolean hadErrors = false; SchemaFactory sf = XmlFactory.createSchemaFactory(W3C_XML_SCHEMA_NS_URI, disableXmlSecurity); XmlFactory.allowExternalAccess(sf, "all", disableXmlSecurity); sf.setErrorHandler(errorFilter); if( entityResolver != null ) { sf.setResourceResolver(new LSResourceResolver() { public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) { try { XmlFactory.allowExternalDTDAccess(sf, "all", disableXmlSecurity); sf.newSchema(getSchemaSource(schemas, entityResolver)); } catch (SAXException e) {
public ValidatorHandler newValidator() { if (schema==null) { synchronized (this) { if (schema == null) { ResourceResolver resourceResolver = null; try (InputStream is = clazz.getResourceAsStream(resourceName)) { StreamSource source = new StreamSource(is); source.setSystemId(resourceName); // do not disable secure processing - these are well-known schemas SchemaFactory sf = XmlFactory.createSchemaFactory(XMLConstants.W3C_XML_SCHEMA_NS_URI, false); SchemaFactory schemaFactory = allowExternalAccess(sf, "file", false); if (createResolver) { resourceResolver = new ResourceResolver(clazz); schemaFactory.setResourceResolver(resourceResolver); } schema = schemaFactory.newSchema(source); } catch (IOException | SAXException e) { InternalError ie = new InternalError(e.getMessage()); ie.initCause(e); throw ie; } finally { if (resourceResolver != null) resourceResolver.closeStreams(); } } } } return schema.newValidatorHandler(); }
disableXmlSecurity = options.disableXmlSecurity; SchemaFactory sf = XmlFactory.createSchemaFactory(W3C_XML_SCHEMA_NS_URI, disableXmlSecurity); ErrorReceiverFilter filter = new ErrorReceiverFilter(errorHandler); sf.setErrorHandler(filter); Set<String> roots = getRootDocuments(); Source[] sources = new Source[roots.size()]; sources[i++] = new DOMSource(get(root),root); sf.newSchema(sources); return !filter.hadError(); } catch (SAXException e) {
allowExternalAccess(sf, "file,http", options.disableXmlSecurity).newSchema(sources.toArray(new SAXSource[0])); } catch (SAXException e) { sf.getErrorHandler().warning( new SAXParseException(Messages.format( Messages.ERR_GENERAL_SCHEMA_CORRECTNESS_ERROR,re.getMessage()),
SchemaFactory sf = XmlFactory.createSchemaFactory(XMLConstants.W3C_XML_SCHEMA_NS_URI, opts.disableXmlSecurity); sf.setResourceResolver(new LSResourceResolver() { public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) { try { sf.setErrorHandler(new DowngradingErrorHandler(this)); forest.weakSchemaCorrectnessCheck(sf); if (hadError)
public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied if (isXMLSecurityDisabled(disableSecureProcessing)) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); } return sf; } if (System.getProperty("javax.xml.accessExternalSchema") != null) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); } return sf; } try { sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value); if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA)); } } catch (SAXException ignored) { // nothing to do; support depends on version JDK or SAX implementation if (LOGGER.isLoggable(Level.CONFIG)) { LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored); } } return sf; }
public DOMForest( InternalizationLogic logic, Options opt ) { if (opt == null) throw new AssertionError("Options object null"); this.options = opt; try { DocumentBuilderFactory dbf = XmlFactory.createDocumentBuilderFactory(opt.disableXmlSecurity); this.documentBuilder = dbf.newDocumentBuilder(); this.parserFactory = XmlFactory.createParserFactory(opt.disableXmlSecurity); } catch( ParserConfigurationException e ) { throw new AssertionError(e); } this.logic = logic; }
/** * Returns properly configured (e.g. security features) factory * - namespaceAware == true * - securityProcessing == is set based on security processing property, default is true */ public static DocumentBuilderFactory createDocumentBuilderFactory(boolean disableSecureProcessing) throws IllegalStateException { try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory); } factory.setNamespaceAware(true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); return factory; } catch (ParserConfigurationException ex) { LOGGER.log(Level.SEVERE, null, ex); throw new IllegalStateException( ex); } catch (AbstractMethodError er) { LOGGER.log(Level.SEVERE, null, er); throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); } }
/** * Returns properly configured (e.g. security features) schema factory * - namespaceAware == true * - securityProcessing == is set based on security processing property, default is true */ public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException { try { SchemaFactory factory = SchemaFactory.newInstance(language); if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); } factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); return factory; } catch (SAXNotRecognizedException ex) { LOGGER.log(Level.SEVERE, null, ex); throw new IllegalStateException(ex); } catch (SAXNotSupportedException ex) { LOGGER.log(Level.SEVERE, null, ex); throw new IllegalStateException(ex); } catch (AbstractMethodError er) { LOGGER.log(Level.SEVERE, null, er); throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); } }
boolean hadErrors = false; SchemaFactory sf = XmlFactory.createSchemaFactory(W3C_XML_SCHEMA_NS_URI, disableXmlSecurity); XmlFactory.allowExternalAccess(sf, "all", disableXmlSecurity); sf.setErrorHandler(errorFilter); if( entityResolver != null ) { sf.setResourceResolver(new LSResourceResolver() { public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) { try { XmlFactory.allowExternalDTDAccess(sf, "all", disableXmlSecurity); sf.newSchema(getSchemaSource(schemas, entityResolver)); } catch (SAXException e) {
public ValidatorHandler newValidator() { if (schema==null) { synchronized (this) { if (schema == null) { ResourceResolver resourceResolver = null; try (InputStream is = clazz.getResourceAsStream(resourceName)) { StreamSource source = new StreamSource(is); source.setSystemId(resourceName); // do not disable secure processing - these are well-known schemas SchemaFactory sf = XmlFactory.createSchemaFactory(XMLConstants.W3C_XML_SCHEMA_NS_URI, false); SchemaFactory schemaFactory = allowExternalAccess(sf, "file", false); if (createResolver) { resourceResolver = new ResourceResolver(clazz); schemaFactory.setResourceResolver(resourceResolver); } schema = schemaFactory.newSchema(source); } catch (IOException | SAXException e) { InternalError ie = new InternalError(e.getMessage()); ie.initCause(e); throw ie; } finally { if (resourceResolver != null) resourceResolver.closeStreams(); } } } } return schema.newValidatorHandler(); }
disableXmlSecurity = options.disableXmlSecurity; SchemaFactory sf = XmlFactory.createSchemaFactory(W3C_XML_SCHEMA_NS_URI, disableXmlSecurity); ErrorReceiverFilter filter = new ErrorReceiverFilter(errorHandler); sf.setErrorHandler(filter); Set<String> roots = getRootDocuments(); Source[] sources = new Source[roots.size()]; sources[i++] = new DOMSource(get(root),root); sf.newSchema(sources); return !filter.hadError(); } catch (SAXException e) {
allowExternalAccess(sf, "file,http", options.disableXmlSecurity).newSchema(sources.toArray(new SAXSource[0])); } catch (SAXException e) { sf.getErrorHandler().warning( new SAXParseException(Messages.format( Messages.ERR_GENERAL_SCHEMA_CORRECTNESS_ERROR,re.getMessage()),
SchemaFactory sf = XmlFactory.createSchemaFactory(XMLConstants.W3C_XML_SCHEMA_NS_URI, opts.disableXmlSecurity); sf.setResourceResolver(new LSResourceResolver() { public LSInput resolveResource(String type, String namespaceURI, String publicId, String systemId, String baseURI) { try { sf.setErrorHandler(new DowngradingErrorHandler(this)); forest.weakSchemaCorrectnessCheck(sf); if (hadError)
public static SchemaFactory allowExternalDTDAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied if (isXMLSecurityDisabled(disableSecureProcessing)) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); } return sf; } if (System.getProperty("javax.xml.accessExternalDTD") != null) { if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); } return sf; } try { sf.setProperty(ACCESS_EXTERNAL_DTD, value); if (LOGGER.isLoggable(Level.FINE)) { LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD)); } } catch (SAXException ignored) { // nothing to do; support depends on version JDK or SAX implementation if (LOGGER.isLoggable(Level.CONFIG)) { LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD), ignored); } } return sf; }
public DOMForest( InternalizationLogic logic, Options opt ) { if (opt == null) throw new AssertionError("Options object null"); this.options = opt; try { DocumentBuilderFactory dbf = XmlFactory.createDocumentBuilderFactory(opt.disableXmlSecurity); this.documentBuilder = dbf.newDocumentBuilder(); this.parserFactory = XmlFactory.createParserFactory(opt.disableXmlSecurity); } catch( ParserConfigurationException e ) { throw new AssertionError(e); } this.logic = logic; }