Skip to content

Commit

Permalink
7419: Update XML parsing
Browse files Browse the repository at this point in the history
Reviewed-by: hirt
  • Loading branch information
eastig authored and thegreystone committed Oct 13, 2021
1 parent 3424e72 commit 90197d6
Showing 1 changed file with 10 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,8 @@ public static TransformRegistry empty() {
public static void validateProbeDefinition(InputStream in) throws XMLValidationException {
try {
Validator validator = PROBE_SCHEMA.newValidator();
validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
validator.validate(new StreamSource(in));
} catch (IOException | SAXException e) {
throw new XMLValidationException(e.getMessage(), e);
Expand Down Expand Up @@ -153,6 +155,7 @@ public static TransformRegistry from(InputStream in) throws XMLStreamException,
HashMap<String, String> globalDefaults = new HashMap<>();
DefaultTransformRegistry registry = new DefaultTransformRegistry();
XMLInputFactory inputFactory = XMLInputFactory.newInstance();
disableExternalEntityProcessing(inputFactory);
XMLStreamReader streamReader = inputFactory.createXMLStreamReader(configuration);
while (streamReader.hasNext()) {
if (streamReader.isStartElement()) {
Expand Down Expand Up @@ -493,6 +496,7 @@ public Set<String> modify(String xmlDescription) throws XMLValidationException {

StringReader reader = new StringReader(xmlDescription);
XMLInputFactory inputFactory = XMLInputFactory.newInstance();
disableExternalEntityProcessing(inputFactory);
XMLStreamReader streamReader = inputFactory.createXMLStreamReader(reader);
HashMap<String, String> globalDefaults = new HashMap<String, String>();
Set<String> modifiedClasses = new HashSet<>();
Expand Down Expand Up @@ -569,4 +573,10 @@ public boolean isRevertIntrumentation() {
return revertInstrumentation;
}

private static void disableExternalEntityProcessing(XMLInputFactory inputFactory) {
inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
inputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
inputFactory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
}

}

0 comments on commit 90197d6

Please sign in to comment.