[580542] Disabled external entity processing in DTD
Change-Id: I828a920afcef142fd2890442fdddaff89e868c43
Signed-off-by: Balázs Grill <balazs.grill@incquerylabs.com>
diff --git a/plugins/org.eclipse.sphinx.emf/src/org/eclipse/sphinx/emf/resource/ExtendedXMLLoadImpl.java b/plugins/org.eclipse.sphinx.emf/src/org/eclipse/sphinx/emf/resource/ExtendedXMLLoadImpl.java
index 16c7ae4..a39c7d5 100644
--- a/plugins/org.eclipse.sphinx.emf/src/org/eclipse/sphinx/emf/resource/ExtendedXMLLoadImpl.java
+++ b/plugins/org.eclipse.sphinx.emf/src/org/eclipse/sphinx/emf/resource/ExtendedXMLLoadImpl.java
@@ -137,6 +137,12 @@
Map<String, Object> parserProperties = (Map<String, Object>) options.get(XMLResource.OPTION_PARSER_PROPERTIES);
parserProperties = parserProperties == null ? new HashMap<String, Object>() : parserProperties;
+ // Disable doctypes and external entities to prevent XML Entity attacks
+ parserFeatures.put(Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE, true);
+ parserFeatures.put(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parserFeatures.put(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+ parserFeatures.put(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
+
// Perform namespace processing (prefixes will be stripped off element and attribute names and replaced with the
// corresponding namespace URIs) but do not report attributes used for namespace declarations, and do not report
// original prefixed names
diff --git a/plugins/org.eclipse.sphinx.platform/src/org/eclipse/sphinx/platform/util/XMLRootElementHandler.java b/plugins/org.eclipse.sphinx.platform/src/org/eclipse/sphinx/platform/util/XMLRootElementHandler.java
index af96a8e..a17fc3f 100644
--- a/plugins/org.eclipse.sphinx.platform/src/org/eclipse/sphinx/platform/util/XMLRootElementHandler.java
+++ b/plugins/org.eclipse.sphinx.platform/src/org/eclipse/sphinx/platform/util/XMLRootElementHandler.java
@@ -1,15 +1,15 @@
/**
* <copyright>
- *
+ *
* Copyright (c) 2008-2010 See4sys and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
+ *
+ * Contributors:
* See4sys - Initial API and implementation
- *
+ *
* </copyright>
*/
package org.eclipse.sphinx.platform.util;
@@ -38,7 +38,7 @@
* An XML event handler for detecting the root element's namespace, target namespace, and schema location.
*/
/**
- *
+ *
*/
public class XMLRootElementHandler extends DefaultHandler implements LexicalHandler {
@@ -83,6 +83,15 @@
parserFactory.setNamespaceAware(true);
parserFactory.setValidating(false);
parserFactory.setXIncludeAware(false);
+ try {
+ parserFactory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE, true);
+ parserFactory.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
+ } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
+ // These exceptions are expected if Xerces is not used as the underlying parser.
+ }
+ parserFactory.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parserFactory.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+
}
SAXParser parser = createParser(parserFactory);
if (useLexicalHandler) {
@@ -91,8 +100,8 @@
return parser;
}
- protected SAXParser createParser(SAXParserFactory parserFactory) throws ParserConfigurationException, SAXException, SAXNotRecognizedException,
- SAXNotSupportedException {
+ protected SAXParser createParser(SAXParserFactory parserFactory)
+ throws ParserConfigurationException, SAXException, SAXNotRecognizedException, SAXNotSupportedException {
return parserFactory.newSAXParser();
}
@@ -264,7 +273,7 @@
/**
* Retrieves all comments located before the root element of the document.
- *
+ *
* @return Collection of strings representing the retrieved comments or empty collection if no such could be found.
*/
public Collection<String> getRootElementComments() {
