Merge

Author: gnu-andrew

.hgtags

@@ -1029,3 +1029,7 @@ b81aa0cb626746f790f4b6fdcc71d84d00eff136 jdk8u332-b01
 7376b980d6b085d5d9061d212f3ad69d239718e6 jdk8u332-b03
 f58fc9077d2274b2832bc00ff16d112fe99d9ace jdk8u332-b04
 2a92df021686242bb55ecd324b5dee00c45a0a8e jdk8u332-b05
+6d5c4e11830c154190021d6ae134c5f4162ff7cc jdk8u332-b06
+6d526dbc3432fd9f2db19bdcb2f6b5b8799d88f0 jdk8u332-b07
+95b31159fdfd496e521e119aba9ef54acf6b272e jdk8u332-b08
+37aca7715d13acfdc931aab7dbcdd41f9fd4b042 jdk8u332-b09

jaxp/src/com/sun/java_cup/internal/runtime/lr_parser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,8 @@
 
 package com.sun.java_cup.internal.runtime;
 
+import com.sun.org.apache.xalan.internal.xsltc.compiler.sym;
+import java.util.Arrays;
 import java.util.Stack;
 
 /** This class implements a skeleton table driven LR parser.  In general,
@@ -134,9 +136,19 @@
  * @see     com.sun.java_cup.internal.runtime.Symbol
  * @see     com.sun.java_cup.internal.runtime.virtual_parse_stack
  * @author  Frank Flannery
+ *
+ * @LastModified: Jan 2022
  */
 
 public abstract class lr_parser {
+    public static final int ID_GROUP = 1;
+    public static final int ID_OPERATOR = 2;
+    public static final int ID_TOTAL_OPERATOR = 3;
+
+    private boolean isLiteral = false;
+    private int grpCount = 0;
+    private int opCount = 0;
+    private int totalOpCount = 0;
 
   /*-----------------------------------------------------------*/
   /*--- Constructor(s) ----------------------------------------*/
@@ -355,8 +367,34 @@ public void user_init() throws java.lang.Exception { }
    *  the "scan with" clause.  Do not recycle objects; every call to
    *  scan() should return a fresh object.
    */
-  public Symbol scan() throws java.lang.Exception {
-    return getScanner().next_token();
+  public Symbol scan() throws Exception {
+      Symbol s = getScanner().next_token();
+
+      if (s.sym == sym.LPAREN) {
+          if (!isLiteral) {
+            grpCount++;
+          }
+          opCount++; // function
+          isLiteral = false;
+      } else if (contains(sym.OPERATORS, s.sym)) {
+          opCount++;
+          isLiteral = false;
+      }
+
+      if (s.sym == sym.Literal || s.sym == sym.QNAME) {
+          isLiteral = true;
+      }
+
+    return s;
+  }
+
+  private boolean contains(final int[] arr, final int key) {
+    for (int i = 0 ; i < arr.length ; ++i) {
+      if (arr[i] == key) {
+        return true;
+      }
+    }
+    return false;
   }
 
   /*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .*/
@@ -552,6 +590,9 @@ public Symbol parse() throws java.lang.Exception
 
       /* do user initialization */
       user_init();
+      isLiteral = false;
+      grpCount = 0;
+      opCount = 0;
 
       /* get the first token */
       cur_token = scan();
@@ -630,9 +671,29 @@ else if (act == 0)
                 }
             }
         }
+
+      totalOpCount += opCount;
       return lhs_sym;
     }
 
+    /**
+     * Returns the count of operators in XPath expressions.
+     *
+     * @param id the ID of the count
+     * @return the count associated with the ID
+     */
+    public int getCount(int id) {
+        switch (id) {
+            case ID_GROUP:
+                return grpCount;
+            case ID_OPERATOR:
+                return opCount;
+            case ID_TOTAL_OPERATOR:
+                return totalOpCount;
+        }
+        return 0;
+    }
+
   /*. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .*/
 
   /** Write a debugging message to System.err for the debugging version

jaxp/src/com/sun/org/apache/xalan/internal/XalanConstants.java

@@ -175,6 +175,21 @@ public final class XalanConstants {
      */
     public static final String JDK_EXTENSION_CLASSLOADER = "jdk.xml.transform.extensionClassLoader";
 
+    /**
+     * JDK XPath Expression group limit
+     */
+    public static final String XPATH_GROUP_LIMIT = "jdk.xml.xpathExprGrpLimit";
+
+    /**
+     * JDK XPath Expression operators limit
+     */
+    public static final String XPATH_OP_LIMIT = "jdk.xml.xpathExprOpLimit";
+
+    /**
+     * JDK XSL XPath limit or Total Number of Operators Permitted in an XSL Stylesheet
+     */
+    public static final String XPATH_TOTALOP_LIMIT = "jdk.xml.xpathTotalOpLimit";
+
     //legacy System Properties
     public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit";
     public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -24,7 +24,7 @@
 import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
-import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager;
+import jdk.xml.internal.XMLSecurityManager;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type;
@@ -465,8 +465,10 @@ public SyntaxTreeNode parse(InputSource input) {
             XMLSecurityManager securityManager =
                     (XMLSecurityManager) _xsltc.getProperty(XalanConstants.SECURITY_MANAGER);
             for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
-                lastProperty = limit.apiProperty();
-                reader.setProperty(lastProperty, securityManager.getLimitValueAsString(limit));
+                if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
+                    lastProperty = limit.apiProperty();
+                    reader.setProperty(lastProperty, securityManager.getLimitValueAsString(limit));
+                }
             }
             if (securityManager.printEntityCountInfo()) {
                 lastProperty = XalanConstants.JDK_ENTITY_COUNT_INFO;
@@ -1121,6 +1123,9 @@ private SyntaxTreeNode parseTopLevel(SyntaxTreeNode parent, String text,
                                             expression, parent));
         }
         catch (Exception e) {
+            if (ErrorMsg.XPATH_LIMIT.equals(e.getMessage())) {
+                throw new RuntimeException(ErrorMsg.XPATH_LIMIT);
+            }
             if (_xsltc.debug()) e.printStackTrace();
             reportError(ERROR, new ErrorMsg(ErrorMsg.XPATH_PARSER_ERR,
                                             expression, parent));

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XPathParser.java

@@ -9,6 +9,10 @@
 import java.util.Stack;
 import java.util.Vector;
 import java.io.StringReader;
+import com.sun.org.apache.xalan.internal.XalanConstants;
+import jdk.xml.internal.XMLLimitAnalyzer;
+import jdk.xml.internal.XMLSecurityManager;
+import jdk.xml.internal.XMLSecurityManager.Limit;
 import com.sun.java_cup.internal.runtime.*;
 import com.sun.org.apache.xml.internal.dtm.DTM;
 import com.sun.org.apache.xalan.internal.xsltc.DOM;
@@ -20,9 +24,12 @@
  * CUP v0.11b generated parser.
  * This class was generated by CUP v0.11b on Nov 12, 2019.
  *
- * @LastModified: Nov 2019
+ * @LastModified: Jan 2022
  */
 public class XPathParser extends com.sun.java_cup.internal.runtime.lr_parser {
+    private int grpLimit = 0;
+    private int opLimit = 0;
+    private int totalOpLimit = 0;
 
     /** Default constructor. */
     public XPathParser() {
@@ -929,10 +936,19 @@ public int error_sym() {
      */
     public SymbolTable _symbolTable;
 
+    private XMLSecurityManager _xmlSM;
+    private XMLLimitAnalyzer _limitAnalyzer = null;
+
     public XPathParser(Parser parser) {
         _parser = parser;
         _xsltc = parser.getXSLTC();
         _symbolTable = parser.getSymbolTable();
+        _xmlSM = (XMLSecurityManager)_xsltc.getProperty(XalanConstants.SECURITY_MANAGER);
+        _limitAnalyzer = new XMLLimitAnalyzer();
+        // no limits if _xmlSM is null
+        grpLimit = (_xmlSM != null) ? _xmlSM.getLimit(Limit.XPATH_GROUP_LIMIT) : 0;
+        opLimit = (_xmlSM != null) ? _xmlSM.getLimit(Limit.XPATH_OP_LIMIT) : 0;
+        totalOpLimit = (_xmlSM != null) ? _xmlSM.getLimit(Limit.XPATH_TOTALOP_LIMIT) : 0;
     }
 
     public int getLineNumber() {
@@ -1078,7 +1094,32 @@ public Symbol parse(String expression, int lineNumber) throws Exception {
         try {
             _expression = expression;
             _lineNumber = lineNumber;
-            return super.parse();
+            Symbol s = super.parse();
+            int grpCount = getCount(ID_GROUP);
+            int opCount = getCount(ID_OPERATOR);
+            int totalOpCount = getCount(ID_TOTAL_OPERATOR);
+
+            String errCode = null;
+            Object[] params = null;
+            if (grpLimit > 0 && grpCount > grpLimit) {
+                errCode = ErrorMsg.XPATH_GROUP_LIMIT;
+                params = new Object[]{grpCount, grpLimit,
+                    _xmlSM.getStateLiteral(Limit.XPATH_GROUP_LIMIT)};
+            } else if (opLimit > 0 && opCount > opLimit) {
+                errCode = ErrorMsg.XPATH_OPERATOR_LIMIT;
+                params = new Object[]{opCount, opLimit,
+                    _xmlSM.getStateLiteral(Limit.XPATH_OP_LIMIT)};
+            } else if (totalOpLimit > 0 && totalOpCount > totalOpLimit) {
+                errCode = ErrorMsg.XPATH_TOTAL_OPERATOR_LIMIT;
+                params = new Object[]{totalOpCount, totalOpLimit,
+                    _xmlSM.getStateLiteral(Limit.XPATH_TOTALOP_LIMIT)};
+            }
+            if (errCode != null) {
+                _parser.reportError(Constants.FATAL,
+                        new ErrorMsg(errCode, lineNumber, params));
+                throw new RuntimeException(ErrorMsg.XPATH_LIMIT);
+            }
+            return s;
         } catch (IllegalCharException e) {
             ErrorMsg err = new ErrorMsg(ErrorMsg.ILLEGAL_CHAR_ERR,
                     lineNumber, e.getMessage());

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -23,7 +23,6 @@
 import com.sun.org.apache.bcel.internal.classfile.JavaClass;
 import com.sun.org.apache.xalan.internal.XalanConstants;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
-import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util;
 import com.sun.org.apache.xml.internal.dtm.DTM;
@@ -47,6 +46,7 @@
 import java.util.jar.Manifest;
 import javax.xml.XMLConstants;
 import jdk.xml.internal.JdkXmlFeatures;
+import jdk.xml.internal.XMLSecurityManager;
 import org.xml.sax.InputSource;
 import org.xml.sax.XMLReader;
 
@@ -481,7 +481,10 @@ else if (systemId != null && !systemId.equals("")) {
             }
         }
         catch (Exception e) {
-            /*if (_debug)*/ e.printStackTrace();
+            if (_debug) e.printStackTrace();
+            if (ErrorMsg.XPATH_LIMIT.equals(e.getMessage())) {
+                return !_parser.errorsFound();
+            }
             _parser.reportError(Constants.FATAL, new ErrorMsg(ErrorMsg.JAXP_COMPILE_ERR, e));
         }
         catch (Error e) {

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/sym.java

@@ -6,6 +6,8 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.compiler;
 
+import java.util.Arrays;
+
 /** CUP generated class containing symbol constants. */
 public class sym {
   /* terminals */
@@ -63,4 +65,12 @@ public class sym {
   public static final int ATTRIBUTE = 41;
   public static final int GT = 19;
   public static final int NODE = 31;
+  /*
+    AXES: count once at DCOLON,
+          these axes names are therefore not counted:
+            NAMESPACE, FOLLOWINGSIBLING, CHILD, DESCENDANTORSELF, DESCENDANT
+          , PRECEDINGSIBLING, SELF, ANCESTORORSELF, PRECEDING, ANCESTOROR, PARENT, FOLLOWING, ATTRIBUTE
+  */
+  public static final int[] OPERATORS = {GE, SLASH, ATSIGN, LPAREN, DCOLON,
+      MINUS, STAR, LT, OR, DIV, PLUS, LE, VBAR, MOD, EQ, LBRACK, DOLLAR, NE, GT};
 }

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMessages.java

@@ -24,6 +24,7 @@
 
 /**
  * @author Morten Jorgensen
+ * @LastModified: Jan 2022
  */
 public class ErrorMessages extends ListResourceBundle {
 
@@ -1011,12 +1012,22 @@ public Object[][] getContents()
          "smaller templates."
         },
 
-         {ErrorMsg.DESERIALIZE_TRANSLET_ERR, "When Java security is enabled, " +
-                        "support for deserializing TemplatesImpl is disabled." +
-                        "This can be overridden by setting the jdk.xml.enableTemplatesImplDeserialization" +
-                        " system property to true."}
-
-    };
+        {ErrorMsg.DESERIALIZE_TRANSLET_ERR, "When Java security is enabled, "
+              + "support for deserializing TemplatesImpl is disabled. This can be "
+              + "overridden by setting the jdk.xml.enableTemplatesImplDeserialization"
+              + " system property to true."},
+
+        {ErrorMsg.XPATH_GROUP_LIMIT,
+            "JAXP0801001: the compiler encountered an XPath expression containing "
+              + "''{0}'' groups that exceeds the ''{1}'' limit set by ''{2}''."},
+
+        {ErrorMsg.XPATH_OPERATOR_LIMIT,
+            "JAXP0801002: the compiler encountered an XPath expression containing "
+              + "''{0}'' operators that exceeds the ''{1}'' limit set by ''{2}''."},
+        {ErrorMsg.XPATH_TOTAL_OPERATOR_LIMIT,
+            "JAXP0801003: the compiler encountered XPath expressions with an accumulated "
+              + "''{0}'' operators that exceeds the ''{1}'' limit set by ''{2}''."},
+      };
 
     }
 }

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/compiler/util/ErrorMsg.java

@@ -172,6 +172,11 @@ public final class ErrorMsg {
 
     public static final String DESERIALIZE_TRANSLET_ERR = "DESERIALIZE_TEMPLATES_ERR";
 
+    public static final String XPATH_LIMIT = "XPATH_LIMIT";
+    public static final String XPATH_GROUP_LIMIT = "XPATH_GROUP_LIMIT";
+    public static final String XPATH_OPERATOR_LIMIT = "XPATH_OPERATOR_LIMIT";
+    public static final String XPATH_TOTAL_OPERATOR_LIMIT = "XPATH_TOTAL_OPERATOR_LIMIT";
+
     // All error messages are localized and are stored in resource bundles.
     // This array and the following 4 strings are read from that bundle.
     private static ResourceBundle _bundle;
@@ -208,7 +213,11 @@ public ErrorMsg(String message, int line) {
     public ErrorMsg(String code, int line, Object param) {
         _code = code;
         _line = line;
-        _params = new Object[] { param };
+        if (param instanceof Object[]) {
+            _params = (Object[])param;
+        } else {
+            _params = new Object[] { param };
+        }
     }
 
     public ErrorMsg(String code, Object param) {

jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java

@@ -24,7 +24,7 @@
 import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase.State;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
-import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager;
+import jdk.xml.internal.XMLSecurityManager;
 import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
 import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;