/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/*
* The Apache Software License, Version 1.1
*
*
* Copyright (c) 2003 The Apache Software Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Xerces" and "Apache Software Foundation" must
* not be used to endorse or promote products derived from this
* software without prior written permission. For written
* permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* nor may "Apache" appear in their name, without prior written
* permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation and was
* originally based on software copyright (c) 1999, International
* Business Machines, Inc., http://www.apache.org. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package com.sun.org.apache.xerces.internal.util;
import com.sun.org.apache.xerces.internal.impl.Constants;
import java.security.AccessController;
import java.security.PrivilegedAction;
/**
* This class is a container for parser settings that relate to
* security, or more specifically, it is intended to be used to prevent denial-of-service
* attacks from being launched against a system running Xerces.
* Any component that is aware of a denial-of-service attack that can arise
* from its processing of a certain kind of document may query its Component Manager
* for the property (http://apache.org/xml/properties/security-manager)
* whose value will be an instance of this class.
* If no value has been set for the property, the component should proceed in the "usual" (spec-compliant)
* manner. If a value has been set, then it must be the case that the component in
* question needs to know what method of this class to query. This class
* will provide defaults for all known security issues, but will also provide
* setters so that those values can be tailored by applications that care.
*
* @author Neil Graham, IBM
*
* @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $
*/
public final class SecurityManager {
//
// Constants
//
// default value for entity expansion limit
private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000;
/** Default value of number of nodes created. **/
private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 5000;
//
// Data
//
private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000;
/** Entity expansion limit. **/
private int entityExpansionLimit;
/** W3C XML Schema maxOccurs limit. **/
private int maxOccurLimit;
private int fElementAttributeLimit;
// default constructor. Establishes default values for
// all known security holes.
/**
* Default constructor. Establishes default values
* for known security vulnerabilities.
*/
public SecurityManager() {
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ;
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
//We are reading system properties only once ,
//at the time of creation of this object ,
readSystemProperties();
}
/**
* <p>Sets the number of entity expansions that the
* parser should permit in a document.</p>
*
* @param limit the number of entity expansions
* permitted in a document
*/
public void setEntityExpansionLimit(int limit) {
entityExpansionLimit = limit;
}
/**
* <p>Returns the number of entity expansions
* that the parser permits in a document.</p>
*
* @return the number of entity expansions
* permitted in a document
*/
public int getEntityExpansionLimit() {
return entityExpansionLimit;
}
/**
* <p>Sets the limit of the number of content model nodes
* that may be created when building a grammar for a W3C
* XML Schema that contains maxOccurs attributes with values
* other than "unbounded".</p>
*
* @param limit the maximum value for maxOccurs other
* than "unbounded"
*/
public void setMaxOccurNodeLimit(int limit){
maxOccurLimit = limit;
}
/**
* <p>Returns the limit of the number of content model nodes
* that may be created when building a grammar for a W3C
* XML Schema that contains maxOccurs attributes with values
* other than "unbounded".</p>
*
* @return the maximum value for maxOccurs other
* than "unbounded"
*/
public int getMaxOccurNodeLimit(){
return maxOccurLimit;
}
public int getElementAttrLimit(){
return fElementAttributeLimit;
}
public void setElementAttrLimit(int limit){
fElementAttributeLimit = limit;
}
private void readSystemProperties(){
//TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT
try {
String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT);
if(value != null && !value.equals("")){
entityExpansionLimit = Integer.parseInt(value);
if (entityExpansionLimit < 0)
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
}
else
entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
}catch(Exception ex){}
try {
String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT);
if(value != null && !value.equals("")){
maxOccurLimit = Integer.parseInt(value);
if (maxOccurLimit < 0)
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
}
else
maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
}catch(Exception ex){}
try {
String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT);
if(value != null && !value.equals("")){
fElementAttributeLimit = Integer.parseInt(value);
if ( fElementAttributeLimit < 0)
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
}
else
fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
}catch(Exception ex){}
}
private String getSystemProperty(final String propName) {
return AccessController.doPrivileged(new PrivilegedAction<String>() {
public String run() {
return System.getProperty(propName);
}
});
}
} // class SecurityManager