List of usage examples for javax.xml XMLConstants FEATURE_SECURE_PROCESSING
String FEATURE_SECURE_PROCESSING
To view the source code for javax.xml XMLConstants FEATURE_SECURE_PROCESSING.
Click Source Link
From source file:org.pentaho.di.core.xml.XMLParserFactoryProducer.java
/** * Creates an instance of {@link SAXParserFactory} class with enabled {@link XMLConstants#FEATURE_SECURE_PROCESSING} property. * Enabling this feature prevents from some XXE attacks (e.g. XML bomb) * * @throws ParserConfigurationException if a parser cannot * be created which satisfies the requested configuration. * * @throws SAXNotRecognizedException When the underlying XMLReader does * not recognize the property name. * * @throws SAXNotSupportedException When the underlying XMLReader * recognizes the property name but doesn't support the * property./*from ww w.ja v a 2 s. c o m*/ */ public static SAXParserFactory createSecureSAXParserFactory() throws SAXNotSupportedException, SAXNotRecognizedException, ParserConfigurationException { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); return factory; }
From source file:org.pentaho.js.require.RequireJsGenerator.java
public static RequireJsGenerator parsePom(InputStream inputStream) throws IOException, ParserConfigurationException, SAXException, XPathExpressionException, ParseException { byte[] bytes = IOUtils.toByteArray(inputStream); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); Document pom = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(bytes)); return new RequireJsGenerator(pom); }
From source file:org.pentaho.metadata.util.XmiParser.java
/** * Creates an instance of DocumentBuilderFactory class with enabled {@link XMLConstants#FEATURE_SECURE_PROCESSING} property. * Enabling this feature prevents from some XXE attacks (e.g. XML bomb) * See PPP-3506 for more details./*from ww w.ja v a 2s . co m*/ * * @throws ParserConfigurationException if feature can't be enabled * */ public static DocumentBuilderFactory createSecureDocBuilderFactory() throws ParserConfigurationException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return documentBuilderFactory; }
From source file:org.pentaho.osgi.platform.webjars.utils.RequireJsGenerator.java
public static RequireJsGenerator parsePom(InputStream inputStream) throws Exception { try {/* www. j a va 2 s . c o m*/ byte[] bytes = IOUtils.toByteArray(inputStream); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); Document pom = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(bytes)); return new RequireJsGenerator(pom); } catch (Exception e) { throw new Exception("Error reading POM", e); } }
From source file:org.sakaiproject.citation.impl.BaseConfigurationService.java
/** * Get a DOM Document builder./*from w ww . ja v a 2s. c o m*/ * @return The DocumentBuilder * @throws DomException */ protected DocumentBuilder getXmlDocumentBuilder() { try { DocumentBuilderFactory factory; factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(false); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://xml.org/sax/features/external-general-entities", false); factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); return factory.newDocumentBuilder(); } catch (Exception exception) { m_log.warn("Failed to get XML DocumentBuilder: " + exception); } return null; }
From source file:org.sakaiproject.tool.assessment.qti.util.XmlUtil.java
private static void setDocumentBuilderFactoryFeatures(DocumentBuilderFactory builderFactory) throws ParserConfigurationException { builderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); builderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); builderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); }
From source file:org.sakaiproject.webservices.TestsAndQuizzes.java
/** * createAsessmentFromExport - WS Endpoint, exposing the SamLite createImportedAssessment() * * @param String sessionid the id of a valid admin session * @param String siteid the enterprise/sakai id of the site to be archived * @param String siteproperty the property that holds the enterprise site id * @param String xmlstring the IMS QTI document containing the assessment * @return boolean returns true if assessment created successfully, false if assessment is null * //from ww w . ja va 2 s . com * @throws AxisFault WS TestsAndQuizzes.createAssessmentFromXml(): returned a null QTI Document * WS TestsAndQuizzes.createAssessmentFromXml(): " + e.getMessage * */ @WebMethod @Path("/createAssessmentFromExport") @Produces("text/plain") @GET public boolean createAssessmentFromExport( @WebParam(name = "sessionid", partName = "sessionid") @QueryParam("sessionid") String sessionid, @WebParam(name = "siteid", partName = "siteid") @QueryParam("siteid") String siteid, @WebParam(name = "siteproperty", partName = "siteproperty") @QueryParam("siteproperty") String siteproperty, @WebParam(name = "xmlstring", partName = "xmlstring") @QueryParam("xmlstring") String xmlstring) { Session session = establishSession(sessionid); Document document = null; InputStream inputStream = null; try { byte[] bytes = xmlstring.getBytes(); inputStream = new ByteArrayInputStream(bytes); DocumentBuilderFactory builderFactory = DocumentBuilderFactory.newInstance(); builderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); builderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); builderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); builderFactory.setNamespaceAware(true); DocumentBuilder documentBuilder = builderFactory.newDocumentBuilder(); document = documentBuilder.parse(inputStream); } catch (Exception e) { LOG.error("WS TestsAndQuizzes.createAssessmentFromXml(): " + e.getMessage(), e); throw new RuntimeException("WS TestsAndQuizzes.createAssessmentFromXml(): " + e.getMessage()); } finally { try { if (inputStream != null) { inputStream.close(); } } catch (IOException e) { } } if (document == null) { throw new RuntimeException( "WS TestsAndQuizzes.createAssessmentFromXml(): returned a null QTI Document"); } return createAssessment(siteid, siteproperty, null, null, null, document); }
From source file:org.wisdom.content.jackson.JacksonSingleton.java
/** * Creates a new instance of {@link JacksonSingleton}. *//*from w ww .ja va 2s . co m*/ public JacksonSingleton() { try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } catch (ParserConfigurationException e) { // Just logged even if it's quite important // Some parser do not support the option (and should probably not be used). LOGGER.error("Cannot use secure processing for XML document", e); } }
From source file:org.wso2.carbon.apimgt.core.impl.WSDL20ProcessorImpl.java
/** * {@inheritDoc}//from w w w. j a va 2 s . com * Will return true if the provided WSDL is of 2.0 and can be successfully parsed by woden library. */ @Override public boolean init(byte[] wsdlContent) throws APIMgtWSDLException { try { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setNamespaceAware(true); DocumentBuilder builder = factory.newDocumentBuilder(); WSDLReader reader = getWsdlFactoryInstance().newWSDLReader(); reader.setFeature(WSDLReader.FEATURE_VALIDATION, false); Document dom = builder.parse(new ByteArrayInputStream(wsdlContent)); Element domElement = dom.getDocumentElement(); WSDLSource wsdlSource = reader.createWSDLSource(); wsdlSource.setSource(domElement); wsdlDescription = reader.readWSDL(wsdlSource); canProcess = true; if (log.isDebugEnabled()) { log.debug("Successfully initialized an instance of " + this.getClass().getSimpleName() + " with a single WSDL."); } } catch (WSDLException | ParserConfigurationException | SAXException | IOException e) { //This implementation class cannot process the WSDL. log.debug("Cannot process the WSDL by " + this.getClass().getName(), e); canProcess = false; } return canProcess; }
From source file:org.wso2.carbon.apimgt.handlers.utils.Utils.java
/** * This class build the iot-api-config.xml file. * * @param file The file object of iot-api-config.xml. * @return Document instance of the file * @throws APIMCertificateMGTException//from ww w . j a v a2 s .co m */ private static Document convertToDocument(File file) throws APIMCertificateMGTException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new APIMCertificateMGTException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }