# HG changeset patch # User joehw # Date 1374008764 25200 # Node ID b38e478f8c65b026628c4e354fed980835f1d284 # Parent 2d3875b0d18b3ad1c2bebf385a697e309e4005a4 8012425: Transform TransformerFactory Reviewed-by: alanb, dfuchs, mullan diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java --- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java Tue Jul 16 14:06:04 2013 -0700 @@ -271,6 +271,7 @@ _accessExternalDTD = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD); _readerManager = XMLReaderManager.getInstance(_useServicesMechanism); _readerManager.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD); + _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing); //_isIncremental = tfactory._incremental; } @@ -286,6 +287,7 @@ */ public void setSecureProcessing(boolean flag) { _isSecureProcessing = flag; + _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing); } /** * Return the state of the services mechanism feature. diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java --- a/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java Tue Jul 16 14:06:04 2013 -0700 @@ -105,6 +105,13 @@ if (reader == null) { try { reader= XMLReaderFactory.createXMLReader(); + try { + reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, + xsltc.isSecureProcessing()); + } catch (SAXNotRecognizedException e) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + e.getMessage()); + } } catch (Exception e ) { try { diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java --- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java Tue Jul 16 14:06:04 2013 -0700 @@ -20,28 +20,27 @@ package com.sun.org.apache.xerces.internal.jaxp.validation; -import java.lang.ref.SoftReference; -import java.io.IOException; - -import javax.xml.transform.Result; -import javax.xml.transform.Source; -import javax.xml.transform.sax.SAXTransformerFactory; -import javax.xml.transform.sax.TransformerHandler; -import javax.xml.transform.stream.StreamSource; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.XMLConstants; - import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter; import com.sun.org.apache.xerces.internal.parsers.XML11Configuration; +import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParseException; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; +import java.io.IOException; +import java.lang.ref.SoftReference; +import javax.xml.XMLConstants; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.sax.SAXTransformerFactory; +import javax.xml.transform.sax.TransformerHandler; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; import org.xml.sax.SAXException; /** @@ -86,6 +85,11 @@ Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY; private static final String DEFAULT_TRANSFORMER_IMPL = "com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl"; + + /** Property id: security manager. */ + private static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + // // Data // @@ -165,6 +169,9 @@ private XMLParserConfiguration initialize() { XML11Configuration config = new XML11Configuration(); + if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) { + config.setProperty(SECURITY_MANAGER, new SecurityManager()); + } config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER)); config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER)); XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER); diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java --- a/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java Tue Jul 16 14:06:04 2013 -0700 @@ -674,6 +674,8 @@ SAXParserFactory.newInstance() : new SAXParserFactoryImpl(); spf.setNamespaceAware(true); try { + spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, + fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)); reader = spf.newSAXParser().getXMLReader(); // If this is a Xerces SAX parser, set the security manager if there is one if (reader instanceof com.sun.org.apache.xerces.internal.parsers.SAXParser) { diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java --- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java Tue Jul 16 14:06:04 2013 -0700 @@ -20,16 +20,13 @@ package com.sun.org.apache.xerces.internal.parsers; -import java.io.IOException; -import java.util.Locale; - import com.sun.org.apache.xerces.internal.impl.Constants; -import com.sun.org.apache.xerces.internal.util.Status; -import com.sun.org.apache.xerces.internal.xs.PSVIProvider; +import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper; import com.sun.org.apache.xerces.internal.util.EntityResolverWrapper; -import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper; import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper; import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; +import com.sun.org.apache.xerces.internal.util.SecurityManager; +import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolHash; import com.sun.org.apache.xerces.internal.util.XMLSymbols; import com.sun.org.apache.xerces.internal.xni.Augmentations; @@ -48,15 +45,17 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; import com.sun.org.apache.xerces.internal.xs.AttributePSVI; import com.sun.org.apache.xerces.internal.xs.ElementPSVI; +import com.sun.org.apache.xerces.internal.xs.PSVIProvider; +import java.io.IOException; +import java.util.Locale; +import javax.xml.XMLConstants; import org.xml.sax.AttributeList; -import org.xml.sax.Attributes; import org.xml.sax.ContentHandler; import org.xml.sax.DTDHandler; import org.xml.sax.DocumentHandler; import org.xml.sax.EntityResolver; import org.xml.sax.ErrorHandler; import org.xml.sax.InputSource; -import org.xml.sax.Locator; import org.xml.sax.Parser; import org.xml.sax.SAXException; import org.xml.sax.SAXNotRecognizedException; @@ -131,6 +130,10 @@ protected static final String DOM_NODE = Constants.SAX_PROPERTY_PREFIX + Constants.DOM_NODE_PROPERTY; + /** Property id: security manager. */ + private static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + /** Recognized properties. */ private static final String[] RECOGNIZED_PROPERTIES = { LEXICAL_HANDLER, @@ -1645,19 +1648,13 @@ // Drop through and perform default processing // } - - // - // Xerces Features - // - - /* - else if (featureId.startsWith(XERCES_FEATURES_PREFIX)) { - String feature = featureId.substring(XERCES_FEATURES_PREFIX.length()); - // - // Drop through and perform default processing - // + else if (featureId.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { + if (state) { + if (fConfiguration.getProperty(SECURITY_MANAGER )==null) { + fConfiguration.setProperty(SECURITY_MANAGER, new SecurityManager()); + } + } } - */ // // Default handling diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java --- a/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Tue Jul 16 14:06:04 2013 -0700 @@ -20,14 +20,6 @@ package com.sun.org.apache.xerces.internal.parsers; -import java.io.File; -import java.io.IOException; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Locale; -import java.util.Properties; -import javax.xml.XMLConstants; - import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XML11DTDScannerImpl; import com.sun.org.apache.xerces.internal.impl.XML11DocumentScannerImpl; @@ -53,7 +45,6 @@ import com.sun.org.apache.xerces.internal.util.FeatureState; import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings; import com.sun.org.apache.xerces.internal.util.PropertyState; -import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler; @@ -72,6 +63,11 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLErrorHandler; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLPullParserConfiguration; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Locale; +import javax.xml.XMLConstants; /** * This class is the configuration used to parse XML 1.0 and XML 1.1 documents. @@ -453,26 +449,26 @@ XMLGrammarPool grammarPool, XMLComponentManager parentSettings) { - super(parentSettings); + super(parentSettings); - // create a vector to hold all the components in use - // XML 1.0 specialized components - fComponents = new ArrayList(); - // XML 1.1 specialized components - fXML11Components = new ArrayList(); - // Common components for XML 1.1. and XML 1.0 - fCommonComponents = new ArrayList(); + // create a vector to hold all the components in use + // XML 1.0 specialized components + fComponents = new ArrayList(); + // XML 1.1 specialized components + fXML11Components = new ArrayList(); + // Common components for XML 1.1. and XML 1.0 + fCommonComponents = new ArrayList(); - // create table for features and properties - fFeatures = new HashMap(); - fProperties = new HashMap(); + // create table for features and properties + fFeatures = new HashMap(); + fProperties = new HashMap(); // add default recognized features final String[] recognizedFeatures = { CONTINUE_AFTER_FATAL_ERROR, LOAD_EXTERNAL_DTD, // from XMLDTDScannerImpl - VALIDATION, - NAMESPACES, + VALIDATION, + NAMESPACES, NORMALIZE_DATA, SCHEMA_ELEMENT_DEFAULT, SCHEMA_AUGMENT_PSVI, GENERATE_SYNTHETIC_ANNOTATIONS, VALIDATE_ANNOTATIONS, HONOUR_ALL_SCHEMALOCATIONS, NAMESPACE_GROWTH, @@ -483,47 +479,48 @@ // features might not have been set and it would cause a // not-recognized exception to be thrown. -Ac XMLSCHEMA_VALIDATION, XMLSCHEMA_FULL_CHECKING, - EXTERNAL_GENERAL_ENTITIES, - EXTERNAL_PARAMETER_ENTITIES, - PARSER_SETTINGS, - XMLConstants.FEATURE_SECURE_PROCESSING + EXTERNAL_GENERAL_ENTITIES, + EXTERNAL_PARAMETER_ENTITIES, + PARSER_SETTINGS, + XMLConstants.FEATURE_SECURE_PROCESSING }; + addRecognizedFeatures(recognizedFeatures); - // set state for default features - fFeatures.put(VALIDATION, Boolean.FALSE); - fFeatures.put(NAMESPACES, Boolean.TRUE); - fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE); - fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE); - fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE); - fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE); - fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE); - fFeatures.put(NORMALIZE_DATA, Boolean.TRUE); - fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE); - fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE); - fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE); - fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE); - fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE); - fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE); - fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE); - fFeatures.put(PARSER_SETTINGS, Boolean.TRUE); - fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + // set state for default features + fFeatures.put(VALIDATION, Boolean.FALSE); + fFeatures.put(NAMESPACES, Boolean.TRUE); + fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE); + fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE); + fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE); + fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE); + fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE); + fFeatures.put(NORMALIZE_DATA, Boolean.TRUE); + fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE); + fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE); + fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE); + fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE); + fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE); + fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE); + fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE); + fFeatures.put(PARSER_SETTINGS, Boolean.TRUE); + fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); // add default recognized properties final String[] recognizedProperties = { - SYMBOL_TABLE, - ERROR_HANDLER, - ENTITY_RESOLVER, + SYMBOL_TABLE, + ERROR_HANDLER, + ENTITY_RESOLVER, ERROR_REPORTER, ENTITY_MANAGER, DOCUMENT_SCANNER, DTD_SCANNER, DTD_PROCESSOR, DTD_VALIDATOR, - DATATYPE_VALIDATOR_FACTORY, - VALIDATION_MANAGER, - SCHEMA_VALIDATOR, - XML_STRING, + DATATYPE_VALIDATOR_FACTORY, + VALIDATION_MANAGER, + SCHEMA_VALIDATOR, + XML_STRING, XMLGRAMMAR_POOL, JAXP_SCHEMA_SOURCE, JAXP_SCHEMA_LANGUAGE, @@ -540,15 +537,15 @@ }; addRecognizedProperties(recognizedProperties); - if (symbolTable == null) { - symbolTable = new SymbolTable(); - } - fSymbolTable = symbolTable; - fProperties.put(SYMBOL_TABLE, fSymbolTable); + if (symbolTable == null) { + symbolTable = new SymbolTable(); + } + fSymbolTable = symbolTable; + fProperties.put(SYMBOL_TABLE, fSymbolTable); fGrammarPool = grammarPool; if (fGrammarPool != null) { - fProperties.put(XMLGRAMMAR_POOL, fGrammarPool); + fProperties.put(XMLGRAMMAR_POOL, fGrammarPool); } fEntityManager = new XMLEntityManager(); diff -r 2d3875b0d18b -r b38e478f8c65 jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java --- a/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java Wed Jul 05 19:03:53 2017 +0200 +++ b/jaxp/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java Tue Jul 16 14:06:04 2013 -0700 @@ -26,11 +26,13 @@ import com.sun.org.apache.xalan.internal.utils.FactoryImpl; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import java.util.HashMap; + import javax.xml.XMLConstants; import javax.xml.parsers.FactoryConfigurationError; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; import org.xml.sax.XMLReader; import org.xml.sax.helpers.XMLReaderFactory; @@ -63,6 +65,8 @@ private HashMap m_inUse; private boolean m_useServicesMechanism = true; + + private boolean _secureProcessing; /** * protocols allowed for external DTD references in source file and/or stylesheet. */ @@ -118,7 +122,12 @@ // TransformerFactory creates a reader via the // XMLReaderFactory if setXMLReader is not used reader = XMLReaderFactory.createXMLReader(); - + try { + reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _secureProcessing); + } catch (SAXNotRecognizedException e) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + e.getMessage()); + } } catch (Exception e) { try { // If unable to create an instance, let's try to use @@ -193,6 +202,15 @@ } /** + * Set feature + */ + public void setFeature(String name, boolean value) { + if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { + _secureProcessing = value; + } + } + + /** * Get property value */ public String getProperty(String name) {