cayenne-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ntimof...@apache.org
Subject [1/2] cayenne git commit: Disable XML external entities
Date Tue, 10 Jul 2018 14:21:39 GMT
Repository: cayenne
Updated Branches:
  refs/heads/STABLE-3.1 1e9c4837d -> bf01e60ec


Disable XML external entities


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/5714108e
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/5714108e
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/5714108e

Branch: refs/heads/STABLE-3.1
Commit: 5714108e8a4dabbc89957f562ad46035064ef731
Parents: 1e9c483
Author: Nikita Timofeev <stariy95@gmail.com>
Authored: Tue Jul 10 17:21:11 2018 +0300
Committer: Nikita Timofeev <stariy95@gmail.com>
Committed: Tue Jul 10 17:21:11 2018 +0300

----------------------------------------------------------------------
 .../src/main/java/org/apache/cayenne/util/Util.java      |  3 +++
 .../src/main/java/org/apache/cayenne/xml/XMLUtil.java    | 11 +++++++++++
 .../org/apache/cayenne/project/unit/Project2Case.java    | 11 +++++++++++
 3 files changed, 25 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
index f926430..429258c 100644
--- a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
+++ b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
@@ -402,6 +402,9 @@ public class Util {
 
         // Create a JAXP SAXParser
         SAXParser saxParser = spf.newSAXParser();
+        spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 
         // Get the encapsulated SAX XMLReader
         XMLReader reader = saxParser.getXMLReader();

http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
index 4982d3e..8dcd4b9 100644
--- a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
+++ b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
@@ -59,6 +59,17 @@ class XMLUtil {
     static DocumentBuilder newBuilder() throws CayenneRuntimeException {
         if (sharedFactory == null) {
             sharedFactory = DocumentBuilderFactory.newInstance();
+            sharedFactory.setNamespaceAware(false);
+            sharedFactory.setExpandEntityReferences(false);
+            sharedFactory.setXIncludeAware(false);
+            try {
+                sharedFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl",
true);
+                sharedFactory.setFeature("http://xml.org/sax/features/external-general-entities",
false);
+                sharedFactory.setFeature("http://xml.org/sax/features/external-parameter-entities",
false);
+                sharedFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",
false);
+            } catch (ParserConfigurationException ex) {
+                throw new CayenneRuntimeException("Unable to configure DocumentBuilderFactory",
ex);
+            }
         }
 
         try {

http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
b/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
index 4252b18..07f122d 100644
--- a/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
+++ b/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
@@ -42,6 +42,17 @@ public class Project2Case extends TestCase {
      */
     protected Document toDOMTree(File file) {
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(false);
+        dbf.setExpandEntityReferences(false);
+        dbf.setXIncludeAware(false);
+        try {
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",
false);
+        } catch (ParserConfigurationException ex) {
+            throw new RuntimeException("Unable to configure DocumentBuilderFactory", ex);
+        }
         DocumentBuilder domParser;
         try {
             domParser = dbf.newDocumentBuilder();


Mime
View raw message