8012425: Transform TransformerFactory
authorjoehw
Tue, 16 Jul 2013 14:06:04 -0700
changeset 20963 b38e478f8c65
parent 18733 2d3875b0d18b
child 20964 a5cd729f176d
8012425: Transform TransformerFactory Reviewed-by: alanb, dfuchs, mullan
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java
jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java
jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java
jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java
jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java
jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java	Tue Jul 16 14:06:04 2013 -0700
@@ -271,6 +271,7 @@
         _accessExternalDTD = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD);
         _readerManager = XMLReaderManager.getInstance(_useServicesMechanism);
         _readerManager.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD);
+        _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing);
         //_isIncremental = tfactory._incremental;
     }
 
@@ -286,6 +287,7 @@
      */
     public void setSecureProcessing(boolean flag) {
         _isSecureProcessing = flag;
+        _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing);
     }
     /**
      * Return the state of the services mechanism feature.
--- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java	Tue Jul 16 14:06:04 2013 -0700
@@ -105,6 +105,13 @@
                     if (reader == null) {
                        try {
                            reader= XMLReaderFactory.createXMLReader();
+                           try {
+                                reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
+                                            xsltc.isSecureProcessing());
+                           } catch (SAXNotRecognizedException e) {
+                                System.err.println("Warning:  " + reader.getClass().getName() + ": "
+                                        + e.getMessage());
+                           }
                        } catch (Exception e ) {
                            try {
 
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java	Tue Jul 16 14:06:04 2013 -0700
@@ -20,28 +20,27 @@
 
 package com.sun.org.apache.xerces.internal.jaxp.validation;
 
-import java.lang.ref.SoftReference;
-import java.io.IOException;
-
-import javax.xml.transform.Result;
-import javax.xml.transform.Source;
-import javax.xml.transform.sax.SAXTransformerFactory;
-import javax.xml.transform.sax.TransformerHandler;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.transform.stream.StreamResult;
-import javax.xml.transform.TransformerConfigurationException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.XMLConstants;
-
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter;
 import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter;
 import com.sun.org.apache.xerces.internal.parsers.XML11Configuration;
+import com.sun.org.apache.xerces.internal.util.SecurityManager;
 import com.sun.org.apache.xerces.internal.xni.XNIException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParseException;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
+import java.io.IOException;
+import java.lang.ref.SoftReference;
+import javax.xml.XMLConstants;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.sax.SAXTransformerFactory;
+import javax.xml.transform.sax.TransformerHandler;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
 import org.xml.sax.SAXException;
 
 /**
@@ -86,6 +85,11 @@
         Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY;
 
     private static final String DEFAULT_TRANSFORMER_IMPL = "com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl";
+
+    /** Property id: security manager. */
+    private static final String SECURITY_MANAGER =
+        Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
+
     //
     // Data
     //
@@ -165,6 +169,9 @@
 
     private XMLParserConfiguration initialize() {
         XML11Configuration config = new XML11Configuration();
+        if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+            config.setProperty(SECURITY_MANAGER, new SecurityManager());
+        }
         config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER));
         config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER));
         XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER);
--- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java	Tue Jul 16 14:06:04 2013 -0700
@@ -674,6 +674,8 @@
                                     SAXParserFactory.newInstance() : new SAXParserFactoryImpl();
                     spf.setNamespaceAware(true);
                     try {
+                        spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,
+                                fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING));
                         reader = spf.newSAXParser().getXMLReader();
                         // If this is a Xerces SAX parser, set the security manager if there is one
                         if (reader instanceof com.sun.org.apache.xerces.internal.parsers.SAXParser) {
--- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java	Tue Jul 16 14:06:04 2013 -0700
@@ -20,16 +20,13 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
-import java.io.IOException;
-import java.util.Locale;
-
 import com.sun.org.apache.xerces.internal.impl.Constants;
-import com.sun.org.apache.xerces.internal.util.Status;
-import com.sun.org.apache.xerces.internal.xs.PSVIProvider;
+import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper;
 import com.sun.org.apache.xerces.internal.util.EntityResolverWrapper;
-import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper;
 import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper;
 import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter;
+import com.sun.org.apache.xerces.internal.util.SecurityManager;
+import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolHash;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.xni.Augmentations;
@@ -48,15 +45,17 @@
 import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration;
 import com.sun.org.apache.xerces.internal.xs.AttributePSVI;
 import com.sun.org.apache.xerces.internal.xs.ElementPSVI;
+import com.sun.org.apache.xerces.internal.xs.PSVIProvider;
+import java.io.IOException;
+import java.util.Locale;
+import javax.xml.XMLConstants;
 import org.xml.sax.AttributeList;
-import org.xml.sax.Attributes;
 import org.xml.sax.ContentHandler;
 import org.xml.sax.DTDHandler;
 import org.xml.sax.DocumentHandler;
 import org.xml.sax.EntityResolver;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.InputSource;
-import org.xml.sax.Locator;
 import org.xml.sax.Parser;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
@@ -131,6 +130,10 @@
     protected static final String DOM_NODE =
         Constants.SAX_PROPERTY_PREFIX + Constants.DOM_NODE_PROPERTY;
 
+    /** Property id: security manager. */
+    private static final String SECURITY_MANAGER =
+        Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY;
+
     /** Recognized properties. */
     private static final String[] RECOGNIZED_PROPERTIES = {
         LEXICAL_HANDLER,
@@ -1645,19 +1648,13 @@
                 // Drop through and perform default processing
                 //
             }
-
-            //
-            // Xerces Features
-            //
-
-            /*
-            else if (featureId.startsWith(XERCES_FEATURES_PREFIX)) {
-                String feature = featureId.substring(XERCES_FEATURES_PREFIX.length());
-                //
-                // Drop through and perform default processing
-                //
+            else if (featureId.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+                if (state) {
+                    if (fConfiguration.getProperty(SECURITY_MANAGER )==null) {
+                        fConfiguration.setProperty(SECURITY_MANAGER, new SecurityManager());
+                    }
+                }
             }
-            */
 
             //
             // Default handling
--- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java	Tue Jul 16 14:06:04 2013 -0700
@@ -20,14 +20,6 @@
 
 package com.sun.org.apache.xerces.internal.parsers;
 
-import java.io.File;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Locale;
-import java.util.Properties;
-import javax.xml.XMLConstants;
-
 import com.sun.org.apache.xerces.internal.impl.Constants;
 import com.sun.org.apache.xerces.internal.impl.XML11DTDScannerImpl;
 import com.sun.org.apache.xerces.internal.impl.XML11DocumentScannerImpl;
@@ -53,7 +45,6 @@
 import com.sun.org.apache.xerces.internal.util.FeatureState;
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
-import com.sun.org.apache.xerces.internal.util.Status;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.utils.SecuritySupport;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
@@ -72,6 +63,11 @@
 import com.sun.org.apache.xerces.internal.xni.parser.XMLErrorHandler;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource;
 import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Locale;
+import javax.xml.XMLConstants;
 
 /**
  * This class is the configuration used to parse XML 1.0 and XML 1.1 documents.
@@ -453,26 +449,26 @@
         XMLGrammarPool grammarPool,
         XMLComponentManager parentSettings) {
 
-                super(parentSettings);
+        super(parentSettings);
 
-                // create a vector to hold all the components in use
-                // XML 1.0 specialized components
-                fComponents = new ArrayList();
-                // XML 1.1 specialized components
-                fXML11Components = new ArrayList();
-                // Common components for XML 1.1. and XML 1.0
-                fCommonComponents = new ArrayList();
+        // create a vector to hold all the components in use
+        // XML 1.0 specialized components
+        fComponents = new ArrayList();
+        // XML 1.1 specialized components
+        fXML11Components = new ArrayList();
+        // Common components for XML 1.1. and XML 1.0
+        fCommonComponents = new ArrayList();
 
-                // create table for features and properties
-                fFeatures = new HashMap();
-                fProperties = new HashMap();
+        // create table for features and properties
+        fFeatures = new HashMap();
+        fProperties = new HashMap();
 
         // add default recognized features
         final String[] recognizedFeatures =
             {
                 CONTINUE_AFTER_FATAL_ERROR, LOAD_EXTERNAL_DTD, // from XMLDTDScannerImpl
-                                VALIDATION,
-                                NAMESPACES,
+                VALIDATION,
+                NAMESPACES,
                 NORMALIZE_DATA, SCHEMA_ELEMENT_DEFAULT, SCHEMA_AUGMENT_PSVI,
                 GENERATE_SYNTHETIC_ANNOTATIONS, VALIDATE_ANNOTATIONS,
                 HONOUR_ALL_SCHEMALOCATIONS, NAMESPACE_GROWTH,
@@ -483,47 +479,48 @@
                 //       features might not have been set and it would cause a
                 //       not-recognized exception to be thrown. -Ac
                 XMLSCHEMA_VALIDATION, XMLSCHEMA_FULL_CHECKING,
-                                EXTERNAL_GENERAL_ENTITIES,
-                                EXTERNAL_PARAMETER_ENTITIES,
-                                PARSER_SETTINGS,
-                                XMLConstants.FEATURE_SECURE_PROCESSING
+                EXTERNAL_GENERAL_ENTITIES,
+                EXTERNAL_PARAMETER_ENTITIES,
+                PARSER_SETTINGS,
+                XMLConstants.FEATURE_SECURE_PROCESSING
                         };
+
         addRecognizedFeatures(recognizedFeatures);
-                // set state for default features
-                fFeatures.put(VALIDATION, Boolean.FALSE);
-                fFeatures.put(NAMESPACES, Boolean.TRUE);
-                fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE);
-                fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE);
-                fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE);
-                fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE);
-                fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE);
-                fFeatures.put(NORMALIZE_DATA, Boolean.TRUE);
-                fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE);
-                fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
-                fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
-                fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
-                fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
-                fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
-                fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
-                fFeatures.put(PARSER_SETTINGS, Boolean.TRUE);
-                fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        // set state for default features
+        fFeatures.put(VALIDATION, Boolean.FALSE);
+        fFeatures.put(NAMESPACES, Boolean.TRUE);
+        fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE);
+        fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE);
+        fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE);
+        fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE);
+        fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE);
+        fFeatures.put(NORMALIZE_DATA, Boolean.TRUE);
+        fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE);
+        fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE);
+        fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE);
+        fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE);
+        fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE);
+        fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE);
+        fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE);
+        fFeatures.put(PARSER_SETTINGS, Boolean.TRUE);
+        fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
 
         // add default recognized properties
         final String[] recognizedProperties =
             {
-                SYMBOL_TABLE,
-                ERROR_HANDLER,
-                ENTITY_RESOLVER,
+                                SYMBOL_TABLE,
+                                ERROR_HANDLER,
+                                ENTITY_RESOLVER,
                 ERROR_REPORTER,
                 ENTITY_MANAGER,
                 DOCUMENT_SCANNER,
                 DTD_SCANNER,
                 DTD_PROCESSOR,
                 DTD_VALIDATOR,
-                DATATYPE_VALIDATOR_FACTORY,
-                VALIDATION_MANAGER,
-                SCHEMA_VALIDATOR,
-                XML_STRING,
+                                DATATYPE_VALIDATOR_FACTORY,
+                                VALIDATION_MANAGER,
+                                SCHEMA_VALIDATOR,
+                                XML_STRING,
                 XMLGRAMMAR_POOL,
                 JAXP_SCHEMA_SOURCE,
                 JAXP_SCHEMA_LANGUAGE,
@@ -540,15 +537,15 @@
         };
         addRecognizedProperties(recognizedProperties);
 
-        if (symbolTable == null) {
-                symbolTable = new SymbolTable();
-        }
-        fSymbolTable = symbolTable;
-        fProperties.put(SYMBOL_TABLE, fSymbolTable);
+                if (symbolTable == null) {
+                        symbolTable = new SymbolTable();
+                }
+                fSymbolTable = symbolTable;
+                fProperties.put(SYMBOL_TABLE, fSymbolTable);
 
         fGrammarPool = grammarPool;
         if (fGrammarPool != null) {
-            fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
+                        fProperties.put(XMLGRAMMAR_POOL, fGrammarPool);
         }
 
         fEntityManager = new XMLEntityManager();
--- a/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Wed Jul 05 19:03:53 2017 +0200
+++ b/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java	Tue Jul 16 14:06:04 2013 -0700
@@ -26,11 +26,13 @@
 import com.sun.org.apache.xalan.internal.utils.FactoryImpl;
 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
 import java.util.HashMap;
+
 import javax.xml.XMLConstants;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParserFactory;
 import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.XMLReaderFactory;
 
@@ -63,6 +65,8 @@
     private HashMap m_inUse;
 
     private boolean m_useServicesMechanism = true;
+
+    private boolean _secureProcessing;
      /**
      * protocols allowed for external DTD references in source file and/or stylesheet.
      */
@@ -118,7 +122,12 @@
                     // TransformerFactory creates a reader via the
                     // XMLReaderFactory if setXMLReader is not used
                     reader = XMLReaderFactory.createXMLReader();
-
+                    try {
+                        reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _secureProcessing);
+                    } catch (SAXNotRecognizedException e) {
+                        System.err.println("Warning:  " + reader.getClass().getName() + ": "
+                                + e.getMessage());
+                    }
                 } catch (Exception e) {
                    try {
                         // If unable to create an instance, let's try to use
@@ -193,6 +202,15 @@
     }
 
     /**
+     * Set feature
+     */
+    public void setFeature(String name, boolean value) {
+        if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+            _secureProcessing = value;
+        }
+    }
+
+    /**
      * Get property value
      */
     public String getProperty(String name) {