List of usage examples for javax.xml.parsers DocumentBuilderFactory setIgnoringElementContentWhitespace
public void setIgnoringElementContentWhitespace(boolean whitespace)
From source file:org.codice.ddf.security.idp.server.IdpEndpointTest.java
public static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);// ww w . j a v a 2 s .c o m dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); return db.parse(is); }
From source file:org.codice.ddf.security.servlet.expiry.SessionManagementServiceTest.java
private static Document readXml(InputStream is) throws SAXException, IOException, ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);/* w ww . ja va2s. c o m*/ dbf.setIgnoringComments(false); dbf.setIgnoringElementContentWhitespace(true); dbf.setNamespaceAware(true); DocumentBuilder db = dbf.newDocumentBuilder(); db.setEntityResolver(new DOMUtils.NullResolver()); return db.parse(is); }
From source file:org.cruxframework.crux.core.declarativeui.ViewProcessor.java
/** * Initializes the static resources/*w ww . ja va 2 s . c o m*/ */ private static void init() { if (documentBuilder == null) { lock.lock(); if (documentBuilder == null) { try { DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance(); builderFactory.setNamespaceAware(true); builderFactory.setIgnoringComments(true); builderFactory.setIgnoringElementContentWhitespace(true); documentBuilder = builderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver(new EntityResolver() { @Override public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException { if (systemId.contains("crux-view.dtd")) { return new InputSource(new ByteArrayInputStream(getValidEntities().getBytes())); } else { return null; } } private String getValidEntities() { StringBuffer sb = new StringBuffer(); sb.append("<!ENTITY quot \""\">"); sb.append("<!ENTITY amp \"&\">"); sb.append("<!ENTITY apos \"'\">"); sb.append("<!ENTITY lt \"<\">"); sb.append("<!ENTITY gt \">\">"); sb.append("<!ENTITY nbsp \" \">"); return sb.toString(); } }); initializePreProcessors(); } catch (Throwable e) { log.error("Error initializing cruxToHtmlTransformer.", e); } finally { lock.unlock(); } } } }
From source file:org.cytobank.acs.core.TableOfContents.java
/** * <p>Creates a DocumentBuilder with Cytobank's preferred security settings * applied to it. Specifically turning off external entities and external * DTDs to prevent External Entity Exploits (XXE)</p> * * @throws ParserConfigurationException/* w w w . j a va2 s.c o m*/ * @return DocumentBuilder */ protected DocumentBuilder getDocumentBuilder() throws ParserConfigurationException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilder db = null; String FEATURE = null; // This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented // Xerces 2 only - http://xerces.apache.org/xerces2-j/features.html#disallow-doctype-decl FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; dbf.setFeature(FEATURE, true); // If you can't completely disable DTDs, then at least do the following: // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-general-entities // JDK7+ - http://xml.org/sax/features/external-general-entities FEATURE = "http://xml.org/sax/features/external-general-entities"; dbf.setFeature(FEATURE, false); // Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-parameter-entities // Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-parameter-entities // JDK7+ - http://xml.org/sax/features/external-parameter-entities FEATURE = "http://xml.org/sax/features/external-parameter-entities"; dbf.setFeature(FEATURE, false); // Disable external DTDs as well FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; dbf.setFeature(FEATURE, false); // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" (see reference below) dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); // And, per Timothy Morgan: "If for some reason support for inline DOCTYPEs are a requirement, then // ensure the entity settings are disabled (as shown above) and beware that SSRF attacks // (http://cwe.mitre.org/data/definitions/918.html) and denial // of service attacks (such as billion laughs or decompression bombs via "jar:") are a risk." boolean namespaceAware = true; boolean xsdValidate = false; boolean ignoreWhitespace = false; boolean ignoreComments = false; boolean putCDATAIntoText = false; boolean createEntityRefs = false; dbf.setNamespaceAware(namespaceAware); dbf.setValidating(xsdValidate); dbf.setIgnoringComments(ignoreComments); dbf.setIgnoringElementContentWhitespace(ignoreWhitespace); dbf.setCoalescing(putCDATAIntoText); dbf.setExpandEntityReferences(createEntityRefs); db = dbf.newDocumentBuilder(); return db; }
From source file:org.deegree.portal.owswatch.validator.AbstractValidator.java
/** * Creates a new instance of DocumentBuilder * * @return DocumentBuilder// ww w. j a va 2 s . c om * @throws IOException */ protected DocumentBuilder instantiateParser() throws IOException { DocumentBuilder parser = null; try { DocumentBuilderFactory fac = DocumentBuilderFactory.newInstance(); fac.setNamespaceAware(true); fac.setValidating(false); fac.setIgnoringElementContentWhitespace(false); parser = fac.newDocumentBuilder(); return parser; } catch (ParserConfigurationException e) { throw new IOException("Unable to initialize DocumentBuilder: " + e.getMessage()); } }
From source file:org.drugis.addis.util.ConvertDiabetesDatasetUtil.java
private Document getPubMedXML(PubMedIdList pubmed) throws ParserConfigurationException, IOException, SAXException { String id = pubmed.get(0).getId(); String url = PubMedIDRetriever.PUBMED_API + "efetch.fcgi?db=pubmed&id=" + id + "&retmode=xml"; DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setValidating(false);/*from w w w .ja v a 2 s .c o m*/ dbf.setNamespaceAware(false); dbf.setIgnoringElementContentWhitespace(true); DocumentBuilder db = dbf.newDocumentBuilder(); InputStream openStream = PubMedIDRetriever.openUrl(url); Document doc = db.parse(openStream); return doc; }
From source file:org.dspace.app.sfx.SFXFileReader.java
/** Parses XML file and returns XML document. * @param fileName XML file to parse// w w w . j a v a 2 s . c om * @return XML document or <B>null</B> if error occured. The error is caught and logged. */ public static Document parseFile(String fileName) { log.info("Parsing XML file... " + fileName); DocumentBuilder docBuilder; Document doc = null; DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setIgnoringElementContentWhitespace(true); try { docBuilder = docBuilderFactory.newDocumentBuilder(); } catch (ParserConfigurationException e) { log.error("Wrong parser configuration: " + e.getMessage()); return null; } File sourceFile = new File(fileName); try { doc = docBuilder.parse(sourceFile); } catch (SAXException e) { log.error("Wrong XML file structure: " + e.getMessage()); return null; } catch (IOException e) { log.error("Could not read source file: " + e.getMessage()); } log.info("XML file parsed"); return doc; }
From source file:org.dspace.app.sfx.SFXFileReaderServiceImpl.java
@Override public Document parseFile(String fileName) { log.info("Parsing XML file... " + fileName); DocumentBuilder docBuilder;//from www .j a v a 2s . c om Document doc = null; DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setIgnoringElementContentWhitespace(true); try { docBuilder = docBuilderFactory.newDocumentBuilder(); } catch (ParserConfigurationException e) { log.error("Wrong parser configuration: " + e.getMessage()); return null; } File sourceFile = new File(fileName); try { doc = docBuilder.parse(sourceFile); } catch (SAXException e) { log.error("Wrong XML file structure: " + e.getMessage()); return null; } catch (IOException e) { log.error("Could not read source file: " + e.getMessage()); } log.info("XML file parsed"); return doc; }
From source file:org.dspace.app.sherpa.SHERPAResponse.java
public SHERPAResponse(InputStream xmlData) { try {/* www . j av a2 s . c o m*/ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(false); factory.setIgnoringComments(true); factory.setIgnoringElementContentWhitespace(true); DocumentBuilder db = factory.newDocumentBuilder(); Document inDoc = db.parse(xmlData); Element xmlRoot = inDoc.getDocumentElement(); Element headersElement = XMLUtils.getSingleElement(xmlRoot, "header"); Element journalsElement = XMLUtils.getSingleElement(xmlRoot, "journals"); Element publishersElement = XMLUtils.getSingleElement(xmlRoot, "publishers"); message = XMLUtils.getElementValue(headersElement, "message"); if (StringUtils.isNotBlank(message)) { error = true; return; } license = XMLUtils.getElementValue(headersElement, "license"); licenseURL = XMLUtils.getElementValue(headersElement, "licenseurl"); disclaimer = XMLUtils.getElementValue(headersElement, "disclaimer"); List<Element> journalsList = XMLUtils.getElementList(journalsElement, "journal"); List<Element> publishersList = XMLUtils.getElementList(publishersElement, "publisher"); if (journalsList != null) { journals = new LinkedList<SHERPAJournal>(); for (Element journalElement : journalsList) { journals.add(new SHERPAJournal(XMLUtils.getElementValue(journalElement, "jtitle"), XMLUtils.getElementValue(journalElement, "issn"), XMLUtils.getElementValue(journalElement, "zetopub"), XMLUtils.getElementValue(journalElement, "romeopub"))); } } if (publishersList != null) { publishers = new LinkedList<SHERPAPublisher>(); for (Element publisherElement : publishersList) { Element preprintsElement = XMLUtils.getSingleElement(publisherElement, "preprints"); Element preprintsRestrictionElement = XMLUtils.getSingleElement(publisherElement, "prerestrictions"); Element postprintsElement = XMLUtils.getSingleElement(publisherElement, "postprints"); Element postprintsRestrictionElement = XMLUtils.getSingleElement(publisherElement, "postrestrictions"); Element pdfversionElement = XMLUtils.getSingleElement(publisherElement, "pdfversion"); Element pdfversionRestrictionElement = XMLUtils.getSingleElement(publisherElement, "pdfrestrictions"); Element conditionsElement = XMLUtils.getSingleElement(publisherElement, "conditions"); Element paidaccessElement = XMLUtils.getSingleElement(publisherElement, "paidaccess"); Element copyrightlinksElement = XMLUtils.getSingleElement(publisherElement, "copyrightlinks"); publishers.add(new SHERPAPublisher(XMLUtils.getElementValue(publisherElement, "name"), XMLUtils.getElementValue(publisherElement, "alias"), XMLUtils.getElementValue(publisherElement, "homeurl"), XMLUtils.getElementValue(preprintsElement, "prearchiving"), XMLUtils.getElementValueList(preprintsRestrictionElement, "prerestriction"), XMLUtils.getElementValue(postprintsElement, "postarchiving"), XMLUtils.getElementValueList(postprintsRestrictionElement, "postrestriction"), XMLUtils.getElementValue(pdfversionElement, "pdfarchiving"), XMLUtils.getElementValueList(pdfversionRestrictionElement, "pdfrestriction"), XMLUtils.getElementValueList(conditionsElement, "condition"), XMLUtils.getElementValue(paidaccessElement, "paidaccessurl"), XMLUtils.getElementValue(paidaccessElement, "paidaccessname"), XMLUtils.getElementValue(paidaccessElement, "paidaccessnotes"), XMLUtils.getElementValueArrayList(copyrightlinksElement, "copyrightlink", "copyrightlinktext", "copyrightlinkurl"), XMLUtils.getElementValue(publisherElement, "romeocolour"), XMLUtils.getElementValue(publisherElement, "dateadded"), XMLUtils.getElementValue(publisherElement, "dateupdated"))); } } } catch (Exception e) { error = true; } }
From source file:org.dspace.app.util.DCInputsReader.java
private void buildInputs(String fileName) throws DCInputsReaderException { formDefns = new HashMap<String, List<Map<String, String>>>(); valuePairs = new HashMap<String, List<String>>(); String uri = "file:" + new File(fileName).getAbsolutePath(); try {/*from w ww. ja v a 2 s. c o m*/ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setValidating(false); factory.setIgnoringComments(true); factory.setIgnoringElementContentWhitespace(true); DocumentBuilder db = factory.newDocumentBuilder(); Document doc = db.parse(uri); doNodes(doc); checkValues(); } catch (FactoryConfigurationError fe) { throw new DCInputsReaderException("Cannot create Submission form parser", fe); } catch (Exception e) { throw new DCInputsReaderException("Error creating submission forms: " + e); } }