|
1 /* |
|
2 * reserved comment block |
|
3 * DO NOT REMOVE OR ALTER! |
|
4 */ |
|
5 /* |
|
6 * The Apache Software License, Version 1.1 |
|
7 * |
|
8 * |
|
9 * Copyright (c) 2003 The Apache Software Foundation. |
|
10 * All rights reserved. |
|
11 * |
|
12 * Redistribution and use in source and binary forms, with or without |
|
13 * modification, are permitted provided that the following conditions |
|
14 * are met: |
|
15 * |
|
16 * 1. Redistributions of source code must retain the above copyright |
|
17 * notice, this list of conditions and the following disclaimer. |
|
18 * |
|
19 * 2. Redistributions in binary form must reproduce the above copyright |
|
20 * notice, this list of conditions and the following disclaimer in |
|
21 * the documentation and/or other materials provided with the |
|
22 * distribution. |
|
23 * |
|
24 * 3. The end-user documentation included with the redistribution, |
|
25 * if any, must include the following acknowledgment: |
|
26 * "This product includes software developed by the |
|
27 * Apache Software Foundation (http://www.apache.org/)." |
|
28 * Alternately, this acknowledgment may appear in the software itself, |
|
29 * if and wherever such third-party acknowledgments normally appear. |
|
30 * |
|
31 * 4. The names "Xerces" and "Apache Software Foundation" must |
|
32 * not be used to endorse or promote products derived from this |
|
33 * software without prior written permission. For written |
|
34 * permission, please contact apache@apache.org. |
|
35 * |
|
36 * 5. Products derived from this software may not be called "Apache", |
|
37 * nor may "Apache" appear in their name, without prior written |
|
38 * permission of the Apache Software Foundation. |
|
39 * |
|
40 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED |
|
41 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
42 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE |
|
43 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR |
|
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
46 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
47 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND |
|
48 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, |
|
49 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT |
|
50 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
51 * SUCH DAMAGE. |
|
52 * ==================================================================== |
|
53 * |
|
54 * This software consists of voluntary contributions made by many |
|
55 * individuals on behalf of the Apache Software Foundation and was |
|
56 * originally based on software copyright (c) 1999, International |
|
57 * Business Machines, Inc., http://www.apache.org. For more |
|
58 * information on the Apache Software Foundation, please see |
|
59 * <http://www.apache.org/>. |
|
60 */ |
|
61 |
|
62 package com.sun.org.apache.xerces.internal.util; |
|
63 import com.sun.org.apache.xerces.internal.impl.Constants; |
|
64 /** |
|
65 * This class is a container for parser settings that relate to |
|
66 * security, or more specifically, it is intended to be used to prevent denial-of-service |
|
67 * attacks from being launched against a system running Xerces. |
|
68 * Any component that is aware of a denial-of-service attack that can arise |
|
69 * from its processing of a certain kind of document may query its Component Manager |
|
70 * for the property (http://apache.org/xml/properties/security-manager) |
|
71 * whose value will be an instance of this class. |
|
72 * If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) |
|
73 * manner. If a value has been set, then it must be the case that the component in |
|
74 * question needs to know what method of this class to query. This class |
|
75 * will provide defaults for all known security issues, but will also provide |
|
76 * setters so that those values can be tailored by applications that care. |
|
77 * |
|
78 * @author Neil Graham, IBM |
|
79 * |
|
80 */ |
|
81 public final class SecurityManager { |
|
82 |
|
83 // |
|
84 // Constants |
|
85 // |
|
86 |
|
87 // default value for entity expansion limit |
|
88 private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000; |
|
89 |
|
90 /** Default value of number of nodes created. **/ |
|
91 private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 5000; |
|
92 |
|
93 // |
|
94 // Data |
|
95 // |
|
96 |
|
97 private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000; |
|
98 |
|
99 /** Entity expansion limit. **/ |
|
100 private int entityExpansionLimit; |
|
101 |
|
102 /** W3C XML Schema maxOccurs limit. **/ |
|
103 private int maxOccurLimit; |
|
104 |
|
105 private int fElementAttributeLimit; |
|
106 // default constructor. Establishes default values for |
|
107 // all known security holes. |
|
108 /** |
|
109 * Default constructor. Establishes default values |
|
110 * for known security vulnerabilities. |
|
111 */ |
|
112 public SecurityManager() { |
|
113 entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; |
|
114 maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ; |
|
115 fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; |
|
116 //We are reading system properties only once , |
|
117 //at the time of creation of this object , |
|
118 readSystemProperties(); |
|
119 } |
|
120 |
|
121 /** |
|
122 * <p>Sets the number of entity expansions that the |
|
123 * parser should permit in a document.</p> |
|
124 * |
|
125 * @param limit the number of entity expansions |
|
126 * permitted in a document |
|
127 */ |
|
128 public void setEntityExpansionLimit(int limit) { |
|
129 entityExpansionLimit = limit; |
|
130 } |
|
131 |
|
132 /** |
|
133 * <p>Returns the number of entity expansions |
|
134 * that the parser permits in a document.</p> |
|
135 * |
|
136 * @return the number of entity expansions |
|
137 * permitted in a document |
|
138 */ |
|
139 public int getEntityExpansionLimit() { |
|
140 return entityExpansionLimit; |
|
141 } |
|
142 |
|
143 /** |
|
144 * <p>Sets the limit of the number of content model nodes |
|
145 * that may be created when building a grammar for a W3C |
|
146 * XML Schema that contains maxOccurs attributes with values |
|
147 * other than "unbounded".</p> |
|
148 * |
|
149 * @param limit the maximum value for maxOccurs other |
|
150 * than "unbounded" |
|
151 */ |
|
152 public void setMaxOccurNodeLimit(int limit){ |
|
153 maxOccurLimit = limit; |
|
154 } |
|
155 |
|
156 /** |
|
157 * <p>Returns the limit of the number of content model nodes |
|
158 * that may be created when building a grammar for a W3C |
|
159 * XML Schema that contains maxOccurs attributes with values |
|
160 * other than "unbounded".</p> |
|
161 * |
|
162 * @return the maximum value for maxOccurs other |
|
163 * than "unbounded" |
|
164 */ |
|
165 public int getMaxOccurNodeLimit(){ |
|
166 return maxOccurLimit; |
|
167 } |
|
168 |
|
169 public int getElementAttrLimit(){ |
|
170 return fElementAttributeLimit; |
|
171 } |
|
172 |
|
173 public void setElementAttrLimit(int limit){ |
|
174 fElementAttributeLimit = limit; |
|
175 } |
|
176 |
|
177 private void readSystemProperties(){ |
|
178 |
|
179 try { |
|
180 String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT); |
|
181 if(value != null && !value.equals("")){ |
|
182 entityExpansionLimit = Integer.parseInt(value); |
|
183 if (entityExpansionLimit < 0) |
|
184 entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; |
|
185 } |
|
186 else |
|
187 entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; |
|
188 }catch(Exception ex){} |
|
189 |
|
190 try { |
|
191 String value = System.getProperty(Constants.MAX_OCCUR_LIMIT); |
|
192 if(value != null && !value.equals("")){ |
|
193 maxOccurLimit = Integer.parseInt(value); |
|
194 if (maxOccurLimit < 0) |
|
195 maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; |
|
196 } |
|
197 else |
|
198 maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; |
|
199 }catch(Exception ex){} |
|
200 |
|
201 try { |
|
202 String value = System.getProperty(Constants.ELEMENT_ATTRIBUTE_LIMIT); |
|
203 if(value != null && !value.equals("")){ |
|
204 fElementAttributeLimit = Integer.parseInt(value); |
|
205 if ( fElementAttributeLimit < 0) |
|
206 fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; |
|
207 } |
|
208 else |
|
209 fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; |
|
210 |
|
211 }catch(Exception ex){} |
|
212 |
|
213 } |
|
214 |
|
215 } // class SecurityManager |