List of usage examples for javax.xml.stream XMLInputFactory SUPPORT_DTD
String SUPPORT_DTD
To view the source code for javax.xml.stream XMLInputFactory SUPPORT_DTD.
Click Source Link
From source file:Main.java
/** * Creates XMLInputFactory with DTD support disabled. * @return xml input factory/*from w w w. j av a 2 s . c om*/ */ public static XMLInputFactory createBasicInputFactory() { XMLInputFactory xmlFactory = XMLInputFactory.newInstance(); xmlFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); return xmlFactory; }
From source file:Main.java
protected static synchronized void initializeXMLInputFactory() { if (xmlInputFactory == null) { xmlInputFactory = XMLInputFactory.newInstance(); xmlInputFactory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE); xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE); xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE); // This disables DTDs entirely for that factory xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.FALSE); }/* w w w . jav a 2 s.co m*/ }
From source file:Main.java
/** * Converts the XML file specified into the specified POJO type * @param <T> the object type of the POJO * @param xmlfile the XML file to convert * @param classOfT the class of the POJO * @return the POJO object if conversion was successful * @throws JAXBException// ww w. ja va 2s.com * @throws XMLStreamException * @throws FileNotFoundException */ public static <T> T convertToPojo(File xmlfile, Class<T> classOfT) throws JAXBException, XMLStreamException, FileNotFoundException { JAXBContext jaxbContext = JAXBContext.newInstance(classOfT); Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); XMLInputFactory xif = XMLInputFactory.newFactory(); // settings to prevent xxe // would be funny if this tool is itsef is vulnerable to xxe :D xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); XMLStreamReader xsr = xif.createXMLStreamReader(new FileReader(xmlfile)); T t = (T) jaxbUnmarshaller.unmarshal(xsr);//(xmlfile); return t; }
From source file:Main.java
/** * 'safe' is here reflecting:/* w ww . j a va2s.c o m*/ * http://www.jorambarrez.be/blog/2013/02/19/uploading * -a-funny-xml-can-bring-down-your-server/ and * http://activiti.org/userguide/index.html#advanced.safe.bpmn.xml */ public static XMLInputFactory createSafeXmlInputFactory() { XMLInputFactory xif = XMLInputFactory.newInstance(); if (xif.isPropertySupported(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES)) { xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, false); } if (xif.isPropertySupported(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES)) { xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); } if (xif.isPropertySupported(XMLInputFactory.SUPPORT_DTD)) { xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); } return xif; }
From source file:Main.java
public static XMLStreamReader createSafeReader(StreamSource source) throws XMLStreamException { if (source == null) { throw new IllegalArgumentException("The provided source cannot be null"); }/* w w w . j av a2 s . c o m*/ XMLInputFactory xif = XMLInputFactory.newFactory(); xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); return xif.createXMLStreamReader(source); }
From source file:Main.java
/** * Creates an XMLInputFactory with unsafe features disabled. Such an XMLInputFactory is to be used for parsing * untrusted xml such as incoming post requests. * /* ww w . j a v a 2 s . c om*/ * @return */ public static XMLInputFactory newSafeInstance() { XMLInputFactory inputFactory = XMLInputFactory.newInstance(); inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); return inputFactory; }
From source file:eu.arthepsy.sonar.plugins.scapegoat.util.XmlUtils.java
public static SMInputFactory createFactory() { XMLInputFactory xmlFactory = XMLInputFactory.newInstance(); xmlFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE); xmlFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE); xmlFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.FALSE); xmlFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE); xmlFactory.setProperty(XMLInputFactory.IS_VALIDATING, Boolean.FALSE); SMInputFactory inputFactory = new SMInputFactory(xmlFactory); return inputFactory; }
From source file:com.autonomy.aci.client.services.impl.AbstractStAXProcessorTest.java
@After public void tearDown() { System.clearProperty(XMLInputFactory.IS_NAMESPACE_AWARE); System.clearProperty(XMLInputFactory.IS_VALIDATING); System.clearProperty(XMLInputFactory.IS_COALESCING); System.clearProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES); System.clearProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES); System.clearProperty(XMLInputFactory.SUPPORT_DTD); }
From source file:com.hp.application.automation.tools.octane.tests.xml.AbstractXmlIterator.java
private static XMLInputFactory createXmlInputFactory() { XMLInputFactory xmlFactory = XMLInputFactory.newInstance(); xmlFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); xmlFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); return xmlFactory; }
From source file:net.juniper.titan.JaxbHelper.java
public JaxbHelper(String location, PrDao prDao) { try {//from w ww . j a v a 2s .c o m jc = JAXBContext.newInstance("jaxbBindings"); xmlLocation = location; xif = XMLInputFactory.newFactory(); xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); this.prDao = prDao; u = jc.createUnmarshaller(); } catch (JAXBException ex) { Logger.getLogger(JaxbHelper.class.getName()).log(Level.SEVERE, "Jaxb context failed to initialise.", ex); } }