# HG changeset patch # User lana # Date 1389811772 28800 # Node ID 83bb924238f800db68fb6f60142cc5149d7a9bf6 # Parent a7c0452ab987cefad5f4738ff6dfb32b9657ce36# Parent 985376a77c4cf5ed126fb8c6fb4a205c112f29f3 Merge diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xalan/internal/XalanConstants.java --- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Wed Jan 15 10:49:32 2014 -0800 @@ -79,7 +79,7 @@ /** * JDK maximum general entity size limit */ - public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = + public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT = ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; /** * JDK maximum parameter entity size limit @@ -129,7 +129,7 @@ /** * JDK maximum general entity size limit */ - public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; + public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; /** * JDK maximum parameter entity size limit */ diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java --- a/src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java Wed Jan 15 10:49:32 2014 -0800 @@ -52,6 +52,8 @@ */ public class ExsltStrings extends ExsltBase { + static final String JDK_DEFAULT_DOM = "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"; + /** * The str:align function aligns a string within another string. *

@@ -225,7 +227,7 @@ token = str.substring(fromIndex); } - Document doc = DocumentHolder.m_doc; + Document doc = getDocument(); synchronized (doc) { Element element = doc.createElement("token"); @@ -289,7 +291,7 @@ { StringTokenizer lTokenizer = new StringTokenizer(toTokenize, delims); - Document doc = DocumentHolder.m_doc; + Document doc = getDocument(); synchronized (doc) { while (lTokenizer.hasMoreTokens()) @@ -305,7 +307,7 @@ else { - Document doc = DocumentHolder.m_doc; + Document doc = getDocument(); synchronized (doc) { for (int i = 0; i < toTokenize.length(); i++) @@ -327,31 +329,23 @@ { return tokenize(toTokenize, " \t\n\r"); } + /** - * This class is not loaded until first referenced (see Java Language - * Specification by Gosling/Joy/Steele, section 12.4.1) - * - * The static members are created when this class is first referenced, as a - * lazy initialization not needing checking against null or any - * synchronization. - * + * @return an instance of DOM Document */ - private static class DocumentHolder - { - // Reuse the Document object to reduce memory usage. - private static final Document m_doc; - static { - try - { - m_doc =DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + private static Document getDocument() + { + try + { + if (System.getSecurityManager() == null) { + return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + } else { + return DocumentBuilderFactory.newInstance(JDK_DEFAULT_DOM, null).newDocumentBuilder().newDocument(); } - - catch(ParserConfigurationException pce) - { - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); - } - + } + catch(ParserConfigurationException pce) + { + throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); } } - } diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xalan/internal/lib/Extensions.java --- a/src/com/sun/org/apache/xalan/internal/lib/Extensions.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xalan/internal/lib/Extensions.java Wed Jan 15 10:49:32 2014 -0800 @@ -56,6 +56,7 @@ */ public class Extensions { + static final String JDK_DEFAULT_DOM = "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"; /** * Constructor Extensions * @@ -114,23 +115,14 @@ // This no longer will work right since the DTM. // Document myDoc = myProcessor.getContextNode().getOwnerDocument(); - try - { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - DocumentBuilder db = dbf.newDocumentBuilder(); - Document myDoc = db.newDocument(); + Document myDoc = getDocument(); Text textNode = myDoc.createTextNode(textNodeValue); DocumentFragment docFrag = myDoc.createDocumentFragment(); docFrag.appendChild(textNode); - return new NodeSet(docFrag); - } - catch(ParserConfigurationException pce) - { - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); - } + return new NodeSet(docFrag); } } @@ -249,8 +241,7 @@ public static NodeList tokenize(String toTokenize, String delims) { - Document doc = DocumentHolder.m_doc; - + Document doc = getDocument(); StringTokenizer lTokenizer = new StringTokenizer(toTokenize, delims); NodeSet resultSet = new NodeSet(); @@ -308,17 +299,7 @@ public static Node checkEnvironment(ExpressionContext myContext) { - Document factoryDocument; - try - { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - DocumentBuilder db = dbf.newDocumentBuilder(); - factoryDocument = db.newDocument(); - } - catch(ParserConfigurationException pce) - { - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); - } + Document factoryDocument = getDocument(); Node resultNode = null; try @@ -391,30 +372,21 @@ } /** - * This class is not loaded until first referenced (see Java Language - * Specification by Gosling/Joy/Steele, section 12.4.1) - * - * The static members are created when this class is first referenced, as a - * lazy initialization not needing checking against null or any - * synchronization. - * + * @return an instance of DOM Document */ - private static class DocumentHolder - { - // Reuse the Document object to reduce memory usage. - private static final Document m_doc; - static + private static Document getDocument() + { + try { - try - { - m_doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + if (System.getSecurityManager() == null) { + return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + } else { + return DocumentBuilderFactory.newInstance(JDK_DEFAULT_DOM, null).newDocumentBuilder().newDocument(); } - - catch(ParserConfigurationException pce) - { - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); - } - + } + catch(ParserConfigurationException pce) + { + throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); } } } diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java --- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Wed Jan 15 10:49:32 2014 -0800 @@ -73,8 +73,8 @@ XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), - GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT, - XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), + GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT, + XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/impl/Constants.java --- a/src/com/sun/org/apache/xerces/internal/impl/Constants.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/impl/Constants.java Wed Jan 15 10:49:32 2014 -0800 @@ -240,7 +240,7 @@ /** * JDK maximum general entity size limit */ - public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = + public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT = ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; /** * JDK maximum parameter entity size limit @@ -287,7 +287,7 @@ /** * JDK maximum general entity size limit */ - public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; + public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; /** * JDK maximum parameter entity size limit */ diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 @@ -44,6 +44,7 @@ import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.xml.internal.stream.Entity; @@ -262,6 +263,11 @@ fEntityManager.startDTDEntity(inputSource); } // setInputSource(XMLInputSource) + + public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer) { + fLimitAnalyzer = limitAnalyzer; + } + /** * Scans the external subset of the document. * @@ -1625,10 +1631,10 @@ XMLString literal = fString; XMLString literal2 = fString; int countChar = 0; - if (fLimitAnalyzer == null && fSecurityManager != null) { - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); - fLimitAnalyzer.startEntity(entityName); - } + if (fLimitAnalyzer == null ) { + fLimitAnalyzer = new XMLLimitAnalyzer(); + } + fLimitAnalyzer.startEntity(entityName); if (fEntityScanner.scanLiteral(quote, fString) != quote) { fStringBuffer.clear(); @@ -2145,6 +2151,8 @@ // set starting state setScannerState(SCANNER_STATE_TEXT_DECL); //new SymbolTable()); + + fLimitAnalyzer = new XMLLimitAnalyzer(); } /** @@ -2164,18 +2172,18 @@ */ private void checkLimit(String entityName, int len) { if (fLimitAnalyzer == null) { - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + fLimitAnalyzer = new XMLLimitAnalyzer(); } fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len); - if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)) { - fSecurityManager.debugPrint(); + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); reportFatalError("MaxEntitySizeLimit", new Object[]{entityName, fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)}); } - if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT)) { - fSecurityManager.debugPrint(); + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); reportFatalError("TotalEntitySizeLimit", new Object[]{fLimitAnalyzer.getTotalValue(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT), fSecurityManager.getLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT), diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 @@ -659,12 +659,12 @@ dtdGrammarUtil = null; if (fSecurityManager != null) { - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT); } else { - fLimitAnalyzer = null; fElementAttributeLimit = 0; } + fLimitAnalyzer = new XMLLimitAnalyzer(); + fEntityManager.setLimitAnalyzer(fLimitAnalyzer); } /** @@ -3154,16 +3154,16 @@ */ protected void checkLimit(XMLStringBuffer buffer) { if (fLimitAnalyzer.isTracking(fCurrentEntityName)) { - fLimitAnalyzer.addValue(Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); - if (fSecurityManager.isOverLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT)) { - fSecurityManager.debugPrint(); + fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); + if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName, - fLimitAnalyzer.getValue(Limit.GENEAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT), - fSecurityManager.getStateLiteral(Limit.GENEAL_ENTITY_SIZE_LIMIT)}); + fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)}); } - if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT)) { - fSecurityManager.debugPrint(); + if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { + fSecurityManager.debugPrint(fLimitAnalyzer); reportFatalError("TotalEntitySizeLimit", new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT), fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT), diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 @@ -1090,6 +1090,8 @@ ((XMLDTDScannerImpl)fDTDScanner).reset(fPropertyManager); } + + fDTDScanner.setLimitAnalyzer(fLimitAnalyzer); do { again = false; switch (fScannerState) { diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java --- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Wed Jan 15 10:49:32 2014 -0800 @@ -1300,8 +1300,8 @@ if(fLimitAnalyzer != null) { fLimitAnalyzer.addValue(entityExpansionIndex, name, 1); } - if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex)){ - fSecurityManager.debugPrint(); + if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){ + fSecurityManager.debugPrint(fLimitAnalyzer); fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded", new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)}, XMLErrorReporter.SEVERITY_FATAL_ERROR ); @@ -1368,9 +1368,9 @@ //close the reader try{ if (fLimitAnalyzer != null) { - fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name); + fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name); if (fCurrentEntity.name.equals("[xml]")) { - fSecurityManager.debugPrint(); + fSecurityManager.debugPrint(fLimitAnalyzer); } } fCurrentEntity.close(); @@ -1439,7 +1439,6 @@ fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER); - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); // initialize state //fStandalone = false; @@ -1501,7 +1500,6 @@ fStaxEntityResolver = (StaxEntityResolverWrapper)componentManager.getProperty(STAX_ENTITY_RESOLVER, null); fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null); fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null); - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT); // JAXP 1.5 feature @@ -1659,7 +1657,6 @@ if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() && propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) { fSecurityManager = (XMLSecurityManager)value; - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); } } @@ -1668,8 +1665,13 @@ { XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value; fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); - } } + } + + public void setLimitAnalyzer(XMLLimitAnalyzer fLimitAnalyzer) { + this.fLimitAnalyzer = fLimitAnalyzer; + } + /** * Returns a list of property identifiers that are recognized by * this component. This method may return null if no properties diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java --- a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Wed Jan 15 10:49:32 2014 -0800 @@ -77,7 +77,6 @@ } } - private XMLSecurityManager securityManager; /** * Max value accumulated for each property */ @@ -101,8 +100,7 @@ * Default constructor. Establishes default values for known security * vulnerabilities. */ - public XMLLimitAnalyzer(XMLSecurityManager securityManager) { - this.securityManager = securityManager; + public XMLLimitAnalyzer() { values = new int[Limit.values().length]; totalValue = new int[Limit.values().length]; names = new String[Limit.values().length]; @@ -157,7 +155,7 @@ } - if (index == Limit.GENEAL_ENTITY_SIZE_LIMIT.ordinal() || + if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() || index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) { totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value; } @@ -221,7 +219,7 @@ } } - public void debugPrint() { + public void debugPrint(XMLSecurityManager securityManager) { Formatter formatter = new Formatter(); System.out.println(formatter.format("%30s %15s %15s %15s %30s", "Property","Limit","Total size","Size","Entity Name")); diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java --- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Wed Jan 15 10:49:32 2014 -0800 @@ -65,7 +65,7 @@ MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), - GENEAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), + GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); final String apiProperty; @@ -148,7 +148,6 @@ private boolean[] isSet; - private XMLLimitAnalyzer limitAnalyzer; /** * Index of the special entityCountInfo property */ @@ -169,7 +168,6 @@ * @param secureProcessing */ public XMLSecurityManager(boolean secureProcessing) { - limitAnalyzer = new XMLLimitAnalyzer(this); values = new int[Limit.values().length]; states = new State[Limit.values().length]; isSet = new boolean[Limit.values().length]; @@ -249,13 +247,15 @@ if (index == indexEntityCountInfo) { printEntityCountInfo = (String)value; } else { - int temp = 0; - try { + int temp; + if (Integer.class.isAssignableFrom(value.getClass())) { + temp = ((Integer)value).intValue(); + } else { temp = Integer.parseInt((String) value); if (temp < 0) { temp = 0; } - } catch (NumberFormatException e) {} + } setLimit(index, state, temp); } } @@ -387,8 +387,9 @@ * @param size the size (count or length) of the entity * @return true if the size is over the limit, false otherwise */ - public boolean isOverLimit(Limit limit, String entityName, int size) { - return isOverLimit(limit.ordinal(), entityName, size); + public boolean isOverLimit(Limit limit, String entityName, int size, + XMLLimitAnalyzer limitAnalyzer) { + return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer); } /** @@ -400,7 +401,8 @@ * @param size the size (count or length) of the entity * @return true if the size is over the limit, false otherwise */ - public boolean isOverLimit(int index, String entityName, int size) { + public boolean isOverLimit(int index, String entityName, int size, + XMLLimitAnalyzer limitAnalyzer) { if (values[index] == NO_LIMIT) { return false; } @@ -418,11 +420,11 @@ * @param size the size (count or length) of the entity * @return true if the size is over the limit, false otherwise */ - public boolean isOverLimit(Limit limit) { - return isOverLimit(limit.ordinal()); + public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) { + return isOverLimit(limit.ordinal(), limitAnalyzer); } - public boolean isOverLimit(int index) { + public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) { if (values[index] == NO_LIMIT) { return false; } @@ -436,29 +438,12 @@ } } - public void debugPrint() { + public void debugPrint(XMLLimitAnalyzer limitAnalyzer) { if (printEntityCountInfo.equals(Constants.JDK_YES)) { - limitAnalyzer.debugPrint(); + limitAnalyzer.debugPrint(this); } } - /** - * Return the limit analyzer - * - * @return the limit analyzer - */ - public XMLLimitAnalyzer getLimitAnalyzer() { - return limitAnalyzer; - } - - /** - * Set limit analyzer - * - * @param analyzer a limit analyzer - */ - public void setLimitAnalyzer(XMLLimitAnalyzer analyzer) { - limitAnalyzer = analyzer; - } /** * Indicate if a property is set explicitly diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java --- a/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Wed Jan 15 10:49:32 2014 -0800 @@ -20,6 +20,7 @@ package com.sun.org.apache.xerces.internal.xni.parser; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; import java.io.IOException; import com.sun.org.apache.xerces.internal.xni.XNIException; @@ -95,4 +96,5 @@ public boolean scanDTDExternalSubset(boolean complete) throws IOException, XNIException; + public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer); } // interface XMLDTDScanner diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java --- a/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Wed Jan 15 10:49:32 2014 -0800 @@ -24,20 +24,17 @@ package com.sun.org.apache.xml.internal.resolver; import com.sun.org.apache.xerces.internal.utils.SecuritySupport; +import com.sun.org.apache.xml.internal.resolver.helpers.BootstrapResolver; +import com.sun.org.apache.xml.internal.resolver.helpers.Debug; import java.io.InputStream; - +import java.net.MalformedURLException; import java.net.URL; -import java.net.MalformedURLException; - import java.util.MissingResourceException; import java.util.PropertyResourceBundle; import java.util.ResourceBundle; import java.util.StringTokenizer; import java.util.Vector; - -import com.sun.org.apache.xml.internal.resolver.helpers.Debug; -import com.sun.org.apache.xml.internal.resolver.helpers.BootstrapResolver; -import com.sun.org.apache.xml.internal.resolver.Catalog; +import sun.reflect.misc.ReflectUtil; /** * CatalogManager provides an interface to the catalog properties. @@ -687,7 +684,7 @@ catalog = new Catalog(); } else { try { - catalog = (Catalog) Class.forName(catalogClassName).newInstance(); + catalog = (Catalog) ReflectUtil.forName(catalogClassName).newInstance(); } catch (ClassNotFoundException cnfe) { debug.message(1,"Catalog class named '" + catalogClassName diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java --- a/src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java Wed Jan 15 10:49:32 2014 -0800 @@ -23,24 +23,21 @@ package com.sun.org.apache.xml.internal.resolver.readers; -import java.util.Hashtable; +import com.sun.org.apache.xml.internal.resolver.Catalog; +import com.sun.org.apache.xml.internal.resolver.CatalogException; +import com.sun.org.apache.xml.internal.resolver.helpers.Namespaces; import java.io.IOException; import java.io.InputStream; +import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; -import java.net.MalformedURLException; - +import java.util.Hashtable; +import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.ParserConfigurationException; - -import com.sun.org.apache.xml.internal.resolver.Catalog; -import com.sun.org.apache.xml.internal.resolver.CatalogException; -import com.sun.org.apache.xml.internal.resolver.readers.CatalogReader; -import com.sun.org.apache.xml.internal.resolver.helpers.Namespaces; - +import org.w3c.dom.*; import org.xml.sax.SAXException; -import org.w3c.dom.*; +import sun.reflect.misc.ReflectUtil; /** * A DOM-based CatalogReader. @@ -199,7 +196,7 @@ DOMCatalogParser domParser = null; try { - domParser = (DOMCatalogParser) Class.forName(domParserClass).newInstance(); + domParser = (DOMCatalogParser) ReflectUtil.forName(domParserClass).newInstance(); } catch (ClassNotFoundException cnfe) { catalog.getCatalogManager().debug.message(1, "Cannot load XML Catalog Parser class", domParserClass); throw new CatalogException(CatalogException.UNPARSEABLE); diff -r a7c0452ab987 -r 83bb924238f8 src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java --- a/src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java Mon Jan 13 22:31:55 2014 -0800 +++ b/src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java Wed Jan 15 10:49:32 2014 -0800 @@ -23,19 +23,21 @@ package com.sun.org.apache.xml.internal.resolver.readers; -import java.util.Hashtable; +import com.sun.org.apache.xml.internal.resolver.Catalog; +import com.sun.org.apache.xml.internal.resolver.CatalogException; +import com.sun.org.apache.xml.internal.resolver.CatalogManager; +import com.sun.org.apache.xml.internal.resolver.helpers.Debug; +import java.io.FileNotFoundException; import java.io.IOException; -import java.io.FileNotFoundException; import java.io.InputStream; +import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; -import java.net.MalformedURLException; import java.net.UnknownHostException; - +import java.util.Hashtable; import javax.xml.parsers.ParserConfigurationException; +import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; -import javax.xml.parsers.SAXParser; - import org.xml.sax.AttributeList; import org.xml.sax.Attributes; import org.xml.sax.ContentHandler; @@ -45,12 +47,7 @@ import org.xml.sax.Locator; import org.xml.sax.Parser; import org.xml.sax.SAXException; - -import com.sun.org.apache.xml.internal.resolver.Catalog; -import com.sun.org.apache.xml.internal.resolver.CatalogManager; -import com.sun.org.apache.xml.internal.resolver.CatalogException; -import com.sun.org.apache.xml.internal.resolver.readers.CatalogReader; -import com.sun.org.apache.xml.internal.resolver.helpers.Debug; +import sun.reflect.misc.ReflectUtil; /** * A SAX-based CatalogReader. @@ -246,7 +243,7 @@ } parser.parse(new InputSource(is), spHandler); } else { - Parser parser = (Parser) Class.forName(parserClass).newInstance(); + Parser parser = (Parser) ReflectUtil.forName(parserClass).newInstance(); parser.setDocumentHandler(this); if (bResolver != null) { parser.setEntityResolver(bResolver); @@ -352,7 +349,7 @@ try { saxParser = (SAXCatalogParser) - Class.forName(saxParserClass).newInstance(); + ReflectUtil.forName(saxParserClass).newInstance(); saxParser.setCatalog(catalog); saxParser.startDocument(); @@ -413,7 +410,7 @@ try { saxParser = (SAXCatalogParser) - Class.forName(saxParserClass).newInstance(); + ReflectUtil.forName(saxParserClass).newInstance(); saxParser.setCatalog(catalog); saxParser.startDocument();