|
6
|
1 |
/*
|
|
|
2 |
* reserved comment block
|
|
|
3 |
* DO NOT REMOVE OR ALTER!
|
|
|
4 |
*/
|
|
|
5 |
/*
|
|
|
6 |
* The Apache Software License, Version 1.1
|
|
|
7 |
*
|
|
|
8 |
*
|
|
|
9 |
* Copyright (c) 2003 The Apache Software Foundation.
|
|
|
10 |
* All rights reserved.
|
|
|
11 |
*
|
|
|
12 |
* Redistribution and use in source and binary forms, with or without
|
|
|
13 |
* modification, are permitted provided that the following conditions
|
|
|
14 |
* are met:
|
|
|
15 |
*
|
|
|
16 |
* 1. Redistributions of source code must retain the above copyright
|
|
|
17 |
* notice, this list of conditions and the following disclaimer.
|
|
|
18 |
*
|
|
|
19 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
20 |
* notice, this list of conditions and the following disclaimer in
|
|
|
21 |
* the documentation and/or other materials provided with the
|
|
|
22 |
* distribution.
|
|
|
23 |
*
|
|
|
24 |
* 3. The end-user documentation included with the redistribution,
|
|
|
25 |
* if any, must include the following acknowledgment:
|
|
|
26 |
* "This product includes software developed by the
|
|
|
27 |
* Apache Software Foundation (http://www.apache.org/)."
|
|
|
28 |
* Alternately, this acknowledgment may appear in the software itself,
|
|
|
29 |
* if and wherever such third-party acknowledgments normally appear.
|
|
|
30 |
*
|
|
|
31 |
* 4. The names "Xerces" and "Apache Software Foundation" must
|
|
|
32 |
* not be used to endorse or promote products derived from this
|
|
|
33 |
* software without prior written permission. For written
|
|
|
34 |
* permission, please contact apache@apache.org.
|
|
|
35 |
*
|
|
|
36 |
* 5. Products derived from this software may not be called "Apache",
|
|
|
37 |
* nor may "Apache" appear in their name, without prior written
|
|
|
38 |
* permission of the Apache Software Foundation.
|
|
|
39 |
*
|
|
|
40 |
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
|
|
|
41 |
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
42 |
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
|
43 |
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
|
|
|
44 |
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
45 |
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
46 |
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
|
|
|
47 |
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
|
48 |
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
49 |
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
|
50 |
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
51 |
* SUCH DAMAGE.
|
|
|
52 |
* ====================================================================
|
|
|
53 |
*
|
|
|
54 |
* This software consists of voluntary contributions made by many
|
|
|
55 |
* individuals on behalf of the Apache Software Foundation and was
|
|
|
56 |
* originally based on software copyright (c) 1999, International
|
|
|
57 |
* Business Machines, Inc., http://www.apache.org. For more
|
|
|
58 |
* information on the Apache Software Foundation, please see
|
|
|
59 |
* <http://www.apache.org/>.
|
|
|
60 |
*/
|
|
|
61 |
|
|
|
62 |
package com.sun.org.apache.xerces.internal.util;
|
|
|
63 |
import com.sun.org.apache.xerces.internal.impl.Constants;
|
|
16953
|
64 |
import java.security.AccessController;
|
|
|
65 |
import java.security.PrivilegedAction;
|
|
6
|
66 |
/**
|
|
|
67 |
* This class is a container for parser settings that relate to
|
|
|
68 |
* security, or more specifically, it is intended to be used to prevent denial-of-service
|
|
|
69 |
* attacks from being launched against a system running Xerces.
|
|
|
70 |
* Any component that is aware of a denial-of-service attack that can arise
|
|
|
71 |
* from its processing of a certain kind of document may query its Component Manager
|
|
|
72 |
* for the property (http://apache.org/xml/properties/security-manager)
|
|
|
73 |
* whose value will be an instance of this class.
|
|
|
74 |
* If no value has been set for the property, the component should proceed in the "usual" (spec-compliant)
|
|
|
75 |
* manner. If a value has been set, then it must be the case that the component in
|
|
|
76 |
* question needs to know what method of this class to query. This class
|
|
|
77 |
* will provide defaults for all known security issues, but will also provide
|
|
|
78 |
* setters so that those values can be tailored by applications that care.
|
|
|
79 |
*
|
|
|
80 |
* @author Neil Graham, IBM
|
|
|
81 |
*
|
|
16953
|
82 |
* @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $
|
|
6
|
83 |
*/
|
|
|
84 |
public final class SecurityManager {
|
|
|
85 |
|
|
|
86 |
//
|
|
|
87 |
// Constants
|
|
|
88 |
//
|
|
|
89 |
|
|
|
90 |
// default value for entity expansion limit
|
|
|
91 |
private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000;
|
|
|
92 |
|
|
|
93 |
/** Default value of number of nodes created. **/
|
|
|
94 |
private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 5000;
|
|
|
95 |
|
|
|
96 |
//
|
|
|
97 |
// Data
|
|
|
98 |
//
|
|
|
99 |
|
|
|
100 |
private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000;
|
|
|
101 |
|
|
|
102 |
/** Entity expansion limit. **/
|
|
|
103 |
private int entityExpansionLimit;
|
|
|
104 |
|
|
|
105 |
/** W3C XML Schema maxOccurs limit. **/
|
|
|
106 |
private int maxOccurLimit;
|
|
|
107 |
|
|
|
108 |
private int fElementAttributeLimit;
|
|
|
109 |
// default constructor. Establishes default values for
|
|
|
110 |
// all known security holes.
|
|
|
111 |
/**
|
|
|
112 |
* Default constructor. Establishes default values
|
|
|
113 |
* for known security vulnerabilities.
|
|
|
114 |
*/
|
|
|
115 |
public SecurityManager() {
|
|
|
116 |
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
|
|
|
117 |
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ;
|
|
|
118 |
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
|
|
|
119 |
//We are reading system properties only once ,
|
|
|
120 |
//at the time of creation of this object ,
|
|
|
121 |
readSystemProperties();
|
|
|
122 |
}
|
|
|
123 |
|
|
|
124 |
/**
|
|
|
125 |
* <p>Sets the number of entity expansions that the
|
|
|
126 |
* parser should permit in a document.</p>
|
|
|
127 |
*
|
|
|
128 |
* @param limit the number of entity expansions
|
|
|
129 |
* permitted in a document
|
|
|
130 |
*/
|
|
|
131 |
public void setEntityExpansionLimit(int limit) {
|
|
|
132 |
entityExpansionLimit = limit;
|
|
|
133 |
}
|
|
|
134 |
|
|
|
135 |
/**
|
|
|
136 |
* <p>Returns the number of entity expansions
|
|
|
137 |
* that the parser permits in a document.</p>
|
|
|
138 |
*
|
|
|
139 |
* @return the number of entity expansions
|
|
|
140 |
* permitted in a document
|
|
|
141 |
*/
|
|
|
142 |
public int getEntityExpansionLimit() {
|
|
|
143 |
return entityExpansionLimit;
|
|
|
144 |
}
|
|
|
145 |
|
|
|
146 |
/**
|
|
|
147 |
* <p>Sets the limit of the number of content model nodes
|
|
|
148 |
* that may be created when building a grammar for a W3C
|
|
|
149 |
* XML Schema that contains maxOccurs attributes with values
|
|
|
150 |
* other than "unbounded".</p>
|
|
|
151 |
*
|
|
|
152 |
* @param limit the maximum value for maxOccurs other
|
|
|
153 |
* than "unbounded"
|
|
|
154 |
*/
|
|
|
155 |
public void setMaxOccurNodeLimit(int limit){
|
|
|
156 |
maxOccurLimit = limit;
|
|
|
157 |
}
|
|
|
158 |
|
|
|
159 |
/**
|
|
|
160 |
* <p>Returns the limit of the number of content model nodes
|
|
|
161 |
* that may be created when building a grammar for a W3C
|
|
|
162 |
* XML Schema that contains maxOccurs attributes with values
|
|
|
163 |
* other than "unbounded".</p>
|
|
|
164 |
*
|
|
|
165 |
* @return the maximum value for maxOccurs other
|
|
|
166 |
* than "unbounded"
|
|
|
167 |
*/
|
|
|
168 |
public int getMaxOccurNodeLimit(){
|
|
|
169 |
return maxOccurLimit;
|
|
|
170 |
}
|
|
|
171 |
|
|
|
172 |
public int getElementAttrLimit(){
|
|
|
173 |
return fElementAttributeLimit;
|
|
|
174 |
}
|
|
|
175 |
|
|
|
176 |
public void setElementAttrLimit(int limit){
|
|
|
177 |
fElementAttributeLimit = limit;
|
|
|
178 |
}
|
|
|
179 |
|
|
|
180 |
private void readSystemProperties(){
|
|
|
181 |
|
|
16953
|
182 |
//TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT
|
|
|
183 |
try {
|
|
|
184 |
String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT);
|
|
|
185 |
if(value != null && !value.equals("")){
|
|
|
186 |
entityExpansionLimit = Integer.parseInt(value);
|
|
|
187 |
if (entityExpansionLimit < 0)
|
|
|
188 |
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
|
|
|
189 |
}
|
|
|
190 |
else
|
|
|
191 |
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
|
|
|
192 |
}catch(Exception ex){}
|
|
6
|
193 |
|
|
16953
|
194 |
try {
|
|
|
195 |
String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT);
|
|
|
196 |
if(value != null && !value.equals("")){
|
|
|
197 |
maxOccurLimit = Integer.parseInt(value);
|
|
|
198 |
if (maxOccurLimit < 0)
|
|
|
199 |
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
|
|
|
200 |
}
|
|
|
201 |
else
|
|
|
202 |
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
|
|
|
203 |
}catch(Exception ex){}
|
|
6
|
204 |
|
|
16953
|
205 |
try {
|
|
|
206 |
String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT);
|
|
|
207 |
if(value != null && !value.equals("")){
|
|
|
208 |
fElementAttributeLimit = Integer.parseInt(value);
|
|
|
209 |
if ( fElementAttributeLimit < 0)
|
|
|
210 |
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
|
|
|
211 |
}
|
|
|
212 |
else
|
|
|
213 |
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
|
|
6
|
214 |
|
|
|
215 |
}catch(Exception ex){}
|
|
|
216 |
|
|
|
217 |
}
|
|
|
218 |
|
|
16953
|
219 |
private String getSystemProperty(final String propName) {
|
|
|
220 |
return AccessController.doPrivileged(new PrivilegedAction<String>() {
|
|
|
221 |
public String run() {
|
|
|
222 |
return System.getProperty(propName);
|
|
|
223 |
}
|
|
|
224 |
});
|
|
|
225 |
}
|
|
6
|
226 |
} // class SecurityManager
|