Author: fanningpj
Date: Sun Jun 10 10:38:41 2018
New Revision: 1833263
URL: http://svn.apache.org/viewvc?rev=1833263&view=rev
Log:
use safe XML parsers
Added:
xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java
Modified:
xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java
xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java
Added: xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java
URL:
http://svn.apache.org/viewvc/xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java?rev=1833263&view=auto
==============================================================================
--- xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java
(added)
+++ xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java
Sun Jun 10 10:38:41 2018
@@ -0,0 +1,78 @@
+/* Copyright 2017, 2018 The Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.xmlbeans.impl.common;
+
+import javax.xml.stream.XMLEventFactory;
+import javax.xml.stream.XMLInputFactory;
+import javax.xml.stream.XMLOutputFactory;
+
+
+/**
+ * Provides handy methods for working with StAX parsers and readers
+ */
+public final class StaxHelper {
+ private static final XBLogger logger =
XBLogFactory.getLogger(StaxHelper.class);
+
+ private StaxHelper() {}
+
+ /**
+ * Creates a new StAX XMLInputFactory, with sensible defaults
+ */
+ public static XMLInputFactory newXMLInputFactory() {
+ XMLInputFactory factory = XMLInputFactory.newFactory();
+ trySetProperty(factory, XMLInputFactory.IS_NAMESPACE_AWARE, true);
+ trySetProperty(factory, XMLInputFactory.IS_VALIDATING, false);
+ trySetProperty(factory, XMLInputFactory.SUPPORT_DTD, false);
+ trySetProperty(factory,
XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+ return factory;
+ }
+
+ /**
+ * Creates a new StAX XMLOutputFactory, with sensible defaults
+ */
+ public static XMLOutputFactory newXMLOutputFactory() {
+ XMLOutputFactory factory = XMLOutputFactory.newFactory();
+ trySetProperty(factory, XMLOutputFactory.IS_REPAIRING_NAMESPACES,
true);
+ return factory;
+ }
+
+ /**
+ * Creates a new StAX XMLEventFactory, with sensible defaults
+ */
+ public static XMLEventFactory newXMLEventFactory() {
+ return XMLEventFactory.newFactory();
+ }
+
+ private static void trySetProperty(XMLInputFactory factory, String
feature, boolean flag) {
+ try {
+ factory.setProperty(feature, flag);
+ } catch (Exception e) {
+ logger.log(XBLogger.WARN, "StAX Property unsupported", feature, e);
+ } catch (AbstractMethodError ame) {
+ logger.log(XBLogger.WARN, "Cannot set StAX property because
outdated StAX parser in classpath", feature, ame);
+ }
+ }
+
+ private static void trySetProperty(XMLOutputFactory factory, String
feature, boolean flag) {
+ try {
+ factory.setProperty(feature, flag);
+ } catch (Exception e) {
+ logger.log(XBLogger.WARN, "StAX Property unsupported", feature, e);
+ } catch (AbstractMethodError ame) {
+ logger.log(XBLogger.WARN, "Cannot set StAX property because
outdated StAX parser in classpath", feature, ame);
+ }
+ }
+}
Modified:
xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java
URL:
http://svn.apache.org/viewvc/xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java?rev=1833263&r1=1833262&r2=1833263&view=diff
==============================================================================
---
xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java
(original)
+++
xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java
Sun Jun 10 10:38:41 2018
@@ -21,6 +21,7 @@ import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlOptions;
import org.apache.xmlbeans.XmlError;
+import org.apache.xmlbeans.impl.common.StaxHelper;
import org.apache.xmlbeans.impl.validator.ValidatingXMLStreamReader;
import javax.xml.stream.XMLInputFactory;
@@ -39,7 +40,7 @@ import java.util.HashSet;
public class StreamInstanceValidator
{
- private static final XMLInputFactory XML_INPUT_FACTORY =
XMLInputFactory.newInstance();
+ private static final XMLInputFactory XML_INPUT_FACTORY =
StaxHelper.newXMLInputFactory();
public static void printUsage()
{
Modified: xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java
URL:
http://svn.apache.org/viewvc/xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java?rev=1833263&r1=1833262&r2=1833263&view=diff
==============================================================================
--- xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java (original)
+++ xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java Sun Jun 10 10:38:41
2018
@@ -44,6 +44,7 @@ import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.apache.xmlbeans.XmlOptions;
import org.apache.xmlbeans.impl.binding.compile.Schema2Java;
+import org.apache.xmlbeans.impl.common.StaxHelper;
import org.apache.xmlbeans.impl.common.XmlReaderToWriter;
import org.apache.xmlbeans.impl.common.XmlStreamUtils;
import org.apache.xmlbeans.impl.marshal.BindingContextFactoryImpl;
@@ -53,8 +54,6 @@ import org.apache.xmlbeans.impl.xb.xsdsc
import org.w3c.dom.Document;
import javax.xml.namespace.QName;
-import javax.xml.stream.XMLInputFactory;
-import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
@@ -120,7 +119,7 @@ public class MarshalTests extends TestCa
String doc = "<a x='y'>food</a>";
StringReader sr = new StringReader(doc);
final XMLStreamReader reader =
- XMLInputFactory.newInstance().createXMLStreamReader(sr);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(sr);
dumpReader(reader);
}
@@ -132,7 +131,7 @@ public class MarshalTests extends TestCa
{
StringWriter sw = new StringWriter();
final XMLStreamWriter writer =
- XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
writer.writeStartDocument();
writer.writeStartElement("dummy");
@@ -166,10 +165,9 @@ public class MarshalTests extends TestCa
StringReader sr = new StringReader(DOC);
final XMLStreamReader reader =
- XMLInputFactory.newInstance().createXMLStreamReader(sr);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(sr);
- //uncomment when stax bug is fixed
- //dumpReader(reader, true);
+ dumpReader(reader, true);
}
public void testManySimpleTypesUnmarshall()
@@ -301,7 +299,7 @@ public class MarshalTests extends TestCa
StringReader stringReader = new StringReader(xmldoc);
XMLStreamReader xrdr =
- XMLInputFactory.newInstance().createXMLStreamReader(stringReader);
+
StaxHelper.newXMLInputFactory().createXMLStreamReader(stringReader);
final XmlOptions options = new XmlOptions();
Collection errors = new LinkedList();
@@ -694,7 +692,7 @@ public class MarshalTests extends TestCa
StringWriter sw = new StringWriter();
XMLStreamWriter xml_out =
- XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
xml_out.writeStartDocument();
xml_out.writeStartElement("DUMMY_ROOT");
@@ -838,7 +836,7 @@ public class MarshalTests extends TestCa
StringWriter sw = new StringWriter();
XMLStreamWriter xml_out =
- XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
xml_out.writeStartDocument();
xml_out.writeStartElement("DUMMY_ROOT");
@@ -972,7 +970,7 @@ public class MarshalTests extends TestCa
BindingContext bindingContext =
getBindingContext(getBindingConfigDocument());
StringWriter sw = new StringWriter();
- XMLStreamWriter w =
XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ XMLStreamWriter w =
StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
final XmlOptions options = new XmlOptions();
Collection errors = new LinkedList();
@@ -1001,7 +999,7 @@ public class MarshalTests extends TestCa
StringReader sr = new StringReader(sw.getBuffer().toString());
XMLStreamReader rdr =
- XMLInputFactory.newInstance().createXMLStreamReader(sr);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(sr);
while (!rdr.isStartElement()) {
rdr.next();
}
@@ -1034,7 +1032,7 @@ public class MarshalTests extends TestCa
BindingContext bindingContext =
getBindingContext(getBindingConfigDocument());
StringWriter sw = new StringWriter();
- XMLStreamWriter w =
XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ XMLStreamWriter w =
StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
final XmlOptions options = new XmlOptions();
Collection errors = new LinkedList();
@@ -1047,7 +1045,7 @@ public class MarshalTests extends TestCa
//now unmarshall from String and compare objects...
StringReader sr = new StringReader(sw.getBuffer().toString());
XMLStreamReader rdr =
- XMLInputFactory.newInstance().createXMLStreamReader(sr);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(sr);
Unmarshaller umctx = bindingContext.createUnmarshaller();
Object out_obj = umctx.unmarshal(rdr, options);
reportErrors(errors, "byname-doc-writer");
@@ -1074,7 +1072,7 @@ public class MarshalTests extends TestCa
BindingContext bindingContext =
getBindingContext(getBindingConfigDocument());
StringWriter sw = new StringWriter();
- XMLStreamWriter w =
XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ XMLStreamWriter w =
StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
final XmlOptions options = new XmlOptions();
Collection errors = new LinkedList();
@@ -1093,7 +1091,7 @@ public class MarshalTests extends TestCa
//now unmarshall from String and compare objects...
StringReader sr = new StringReader(sw.getBuffer().toString());
XMLStreamReader rdr =
- XMLInputFactory.newInstance().createXMLStreamReader(sr);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(sr);
Unmarshaller umctx = bindingContext.createUnmarshaller();
while (!rdr.isStartElement()) {
rdr.next();
@@ -1556,7 +1554,7 @@ public class MarshalTests extends TestCa
StringWriter sw = new StringWriter();
XMLStreamWriter xsw =
- XMLOutputFactory.newInstance().createXMLStreamWriter(sw);
+ StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw);
XmlReaderToWriter.writeAll(reader, xsw);
@@ -1582,14 +1580,14 @@ public class MarshalTests extends TestCa
}
}
- public void testByNameBeanUnmarshal()
+ public void testByNameBeanUnmarshal()StreamInstanceValidator
throws Exception
{
BindingContext bindingContext =
getBindingContext(getBindingConfigDocument());
File doc = TestEnv.xbeanCase("marshal/doc2.xml");
- final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+ final XMLInputFactory xmlInputFactory =
StaxHelper.newXMLInputFactory();
XMLStreamReader xrdr =
xmlInputFactory.createXMLStreamReader(doc.toURL().toString(),
new FileInputStream(doc));
@@ -1618,7 +1616,7 @@ public class MarshalTests extends TestCa
File doc = TestEnv.xbeanCase("marshal/doc3.xml");
- final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+ final XMLInputFactory xmlInputFactory =
StaxHelper.newXMLInputFactory();
XMLStreamReader xrdr =
xmlInputFactory.createXMLStreamReader(new FileReader(doc));
@@ -1675,7 +1673,7 @@ public class MarshalTests extends TestCa
final String javaType = "com.mytest.MyClass";
final QName schemaType = MYCLASS_NAME;
- final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+ final XMLInputFactory xmlInputFactory =
StaxHelper.newXMLInputFactory();
XMLStreamReader xrdr =
xmlInputFactory.createXMLStreamReader(new FileReader(doc));
@@ -1719,7 +1717,7 @@ public class MarshalTests extends TestCa
final int trials = 5;
- final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
+ final XMLInputFactory xmlInputFactory =
StaxHelper.newXMLInputFactory();
final XmlOptions xmlOptions = new XmlOptions();
@@ -1804,7 +1802,7 @@ public class MarshalTests extends TestCa
//now try unmarshalType...
final FileInputStream fis = new FileInputStream(instance);
final XMLStreamReader rdr =
- XMLInputFactory.newInstance().createXMLStreamReader(fis);
+ StaxHelper.newXMLInputFactory().createXMLStreamReader(fis);
QName schema_type = new QName("http://nosuch.domain.name";,
"USAddress");
String java_type = obj.getClass().getName();
