Mercurial > hg > openjdk > lambda > jaxp
changeset 576:2b77e12ff69d
Merge
| author | chegar |
|---|---|
| date | Fri, 11 Oct 2013 19:49:44 +0100 |
| parents | 46ccc5fbc523 (current diff) cc3b64366048 (diff) |
| children | 6f220761f643 |
| files | src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java src/com/sun/org/apache/xerces/internal/util/SecurityManager.java |
| diffstat | 47 files changed, 2328 insertions(+), 325 deletions(-) [+] |
line wrap: on
line diff
--- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Fri Oct 11 19:49:44 2013 +0100 @@ -39,6 +39,116 @@ // // Constants // + //Xerces security manager + public static final String SECURITY_MANAGER = + "http://apache.org/xml/properties/security-manager"; + + // + // Implementation limits: API properties + // + /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */ + public static final String ORACLE_JAXP_PROPERTY_PREFIX = + "http://www.oracle.com/xml/jaxp/properties/"; + /** + * JDK entity expansion limit; Note that the existing system property + * "entityExpansionLimit" with no prefix is still observed + */ + public static final String JDK_ENTITY_EXPANSION_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "entityExpansionLimit"; + + /** + * JDK element attribute limit; Note that the existing system property + * "elementAttributeLimit" with no prefix is still observed + */ + public static final String JDK_ELEMENT_ATTRIBUTE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "elementAttributeLimit"; + + /** + * JDK maxOccur limit; Note that the existing system property + * "maxOccurLimit" with no prefix is still observed + */ + public static final String JDK_MAX_OCCUR_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxOccurLimit"; + + /** + * JDK total entity size limit + */ + public static final String JDK_TOTAL_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "totalEntitySizeLimit"; + + /** + * JDK maximum general entity size limit + */ + public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; + /** + * JDK maximum parameter entity size limit + */ + public static final String JDK_PARAMETER_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxParameterEntitySizeLimit"; + /** + * JDK maximum XML name limit + */ + public static final String JDK_XML_NAME_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxXMLNameLimit"; + /** + * JDK property indicating whether the parser shall print out entity + * count information + * Value: a string "yes" means print, "no" or any other string means not. + */ + public static final String JDK_ENTITY_COUNT_INFO = + ORACLE_JAXP_PROPERTY_PREFIX + "getEntityCountInfo"; + + // + // Implementation limits: corresponding System Properties of the above + // API properties + // + /** + * JDK entity expansion limit; Note that the existing system property + * "entityExpansionLimit" with no prefix is still observed + */ + public static final String SP_ENTITY_EXPANSION_LIMIT = "jdk.xml.entityExpansionLimit"; + + /** + * JDK element attribute limit; Note that the existing system property + * "elementAttributeLimit" with no prefix is still observed + */ + public static final String SP_ELEMENT_ATTRIBUTE_LIMIT = "jdk.xml.elementAttributeLimit"; + + /** + * JDK maxOccur limit; Note that the existing system property + * "maxOccurLimit" with no prefix is still observed + */ + public static final String SP_MAX_OCCUR_LIMIT = "jdk.xml.maxOccurLimit"; + + /** + * JDK total entity size limit + */ + public static final String SP_TOTAL_ENTITY_SIZE_LIMIT = "jdk.xml.totalEntitySizeLimit"; + + /** + * JDK maximum general entity size limit + */ + public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; + /** + * JDK maximum parameter entity size limit + */ + public static final String SP_PARAMETER_ENTITY_SIZE_LIMIT = "jdk.xml.maxParameterEntitySizeLimit"; + /** + * JDK maximum XML name limit + */ + public static final String SP_XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit"; + + //legacy System Properties + public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit"; + public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ; + public final static String MAX_OCCUR_LIMIT = "maxOccurLimit"; + + /** + * A string "yes" that can be used for properties such as getEntityCountInfo + */ + public static final String JDK_YES = "yes"; + // Oracle Feature: /** * <p>Use Service Mechanism</p> @@ -51,21 +161,16 @@ * <li> * {@code false} instruct an object to skip service mechanism and * use the default implementation for that service. - * </li> - * </ul> - */ - + * </li> + * </ul> + */ public static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism"; - /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */ - public static final String ORACLE_JAXP_PROPERTY_PREFIX = - "http://www.oracle.com/xml/jaxp/properties/"; //System Properties corresponding to ACCESS_EXTERNAL_* properties public static final String SP_ACCESS_EXTERNAL_STYLESHEET = "javax.xml.accessExternalStylesheet"; public static final String SP_ACCESS_EXTERNAL_DTD = "javax.xml.accessExternalDTD"; - //all access keyword public static final String ACCESS_EXTERNAL_ALL = "all";
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -0,0 +1,449 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can + * obtain a copy of the License at + * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html + * or packager/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at packager/legal/LICENSE.txt. + * + * GPL Classpath Exception: + * Oracle designates this particular file as subject to the "Classpath" + * exception as provided by Oracle in the GPL Version 2 section of the License + * file that accompanied this code. + * + * Modifications: + * If applicable, add the following below the License Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyright [year] [name of copyright owner]" + * + * Contributor(s): + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package com.sun.org.apache.xalan.internal.utils; + +import com.sun.org.apache.xalan.internal.XalanConstants; + + +/** + * This class is not the same as that in Xerces. It is used to manage the + * state of corresponding Xerces properties and pass the values over to + * the Xerces Security Manager. + * + * @author Joe Wang Oracle Corp. + * + */ +public final class XMLSecurityManager { + + /** + * States of the settings of a property, in the order: default value, value + * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system + * properties, and jaxp api properties + */ + public static enum State { + //this order reflects the overriding order + + DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"), + JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"), + APIPROPERTY("property"); + + final String literal; + State(String literal) { + this.literal = literal; + } + + String literal() { + return literal; + } + } + + /** + * Limits managed by the security manager + */ + public static enum Limit { + + ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT, + XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), + MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT, + XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000), + ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT, + XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), + TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, + XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), + GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT, + XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), + PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, + XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); + + final String apiProperty; + final String systemProperty; + final int defaultValue; + final int secureValue; + + Limit(String apiProperty, String systemProperty, int value, int secureValue) { + this.apiProperty = apiProperty; + this.systemProperty = systemProperty; + this.defaultValue = value; + this.secureValue = secureValue; + } + + public boolean equalsAPIPropertyName(String propertyName) { + return (propertyName == null) ? false : apiProperty.equals(propertyName); + } + + public boolean equalsSystemPropertyName(String propertyName) { + return (propertyName == null) ? false : systemProperty.equals(propertyName); + } + + public String apiProperty() { + return apiProperty; + } + + String systemProperty() { + return systemProperty; + } + + int defaultValue() { + return defaultValue; + } + + int secureValue() { + return secureValue; + } + } + + /** + * Map old property names with the new ones + */ + public static enum NameMap { + + ENTITY_EXPANSION_LIMIT(XalanConstants.SP_ENTITY_EXPANSION_LIMIT, + XalanConstants.ENTITY_EXPANSION_LIMIT), + MAX_OCCUR_NODE_LIMIT(XalanConstants.SP_MAX_OCCUR_LIMIT, + XalanConstants.MAX_OCCUR_LIMIT), + ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, + XalanConstants.ELEMENT_ATTRIBUTE_LIMIT); + final String newName; + final String oldName; + + NameMap(String newName, String oldName) { + this.newName = newName; + this.oldName = oldName; + } + + String getOldName(String newName) { + if (newName.equals(this.newName)) { + return oldName; + } + return null; + } + } + /** + * Values of the properties + */ + private final int[] values; + /** + * States of the settings for each property + */ + private State[] states; + /** + * States that determine if properties are set explicitly + */ + private boolean[] isSet; + + + /** + * Index of the special entityCountInfo property + */ + private int indexEntityCountInfo = 10000; + private String printEntityCountInfo = ""; + + /** + * Default constructor. Establishes default values for known security + * vulnerabilities. + */ + public XMLSecurityManager() { + this(false); + } + + /** + * Instantiate Security Manager in accordance with the status of + * secure processing + * @param secureProcessing + */ + public XMLSecurityManager(boolean secureProcessing) { + values = new int[Limit.values().length]; + states = new State[Limit.values().length]; + isSet = new boolean[Limit.values().length]; + for (Limit limit : Limit.values()) { + if (secureProcessing) { + values[limit.ordinal()] = limit.secureValue(); + states[limit.ordinal()] = State.FSP; + } else { + values[limit.ordinal()] = limit.defaultValue(); + states[limit.ordinal()] = State.DEFAULT; + } + } + //read system properties or jaxp.properties + readSystemProperties(); + } + + /** + * Setting FEATURE_SECURE_PROCESSING explicitly + */ + public void setSecureProcessing(boolean secure) { + for (Limit limit : Limit.values()) { + if (secure) { + setLimit(limit.ordinal(), State.FSP, limit.secureValue()); + } else { + setLimit(limit.ordinal(), State.FSP, limit.defaultValue()); + } + } + } + + /** + * Set limit by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security manager; false + * if otherwise. + */ + public boolean setLimit(String propertyName, State state, Object value) { + int index = getIndex(propertyName); + if (index > -1) { + setLimit(index, state, value); + return true; + } + return false; + } + + /** + * Set the value for a specific limit. + * + * @param limit the limit + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(Limit limit, State state, int value) { + setLimit(limit.ordinal(), state, value); + } + + /** + * Set the value of a property by its index + * + * @param index the index of the property + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(int index, State state, Object value) { + if (index == indexEntityCountInfo) { + //if it's explicitly set, it's treated as yes no matter the value + printEntityCountInfo = (String)value; + } else { + int temp = 0; + try { + temp = Integer.parseInt((String) value); + if (temp < 0) { + temp = 0; + } + } catch (NumberFormatException e) {} + setLimit(index, state, temp); } + } + + /** + * Set the value of a property by its index + * + * @param index the index of the property + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(int index, State state, int value) { + if (index == indexEntityCountInfo) { + //if it's explicitly set, it's treated as yes no matter the value + printEntityCountInfo = XalanConstants.JDK_YES; + } else { + //only update if it shall override + if (state.compareTo(states[index]) >= 0) { + values[index] = value; + states[index] = state; + isSet[index] = true; + } + } + } + + + /** + * Return the value of the specified property. + * + * @param propertyName the property name + * @return the value of the property as a string. If a property is managed + * by this manager, its value shall not be null. + */ + public String getLimitAsString(String propertyName) { + int index = getIndex(propertyName); + if (index > -1) { + return getLimitValueByIndex(index); + } + + return null; + } + + /** + * Return the value of a property by its ordinal + * + * @param limit the property + * @return value of a property + */ + public String getLimitValueAsString(Limit limit) { + return Integer.toString(values[limit.ordinal()]); + } + + /** + * Return the value of the specified property + * + * @param limit the property + * @return the value of the property + */ + public int getLimit(Limit limit) { + return values[limit.ordinal()]; + } + + /** + * Return the value of a property by its ordinal + * + * @param index the index of a property + * @return value of a property + */ + public int getLimitByIndex(int index) { + return values[index]; + } + /** + * Return the value of a property by its index + * + * @param index the index of a property + * @return limit of a property as a string + */ + public String getLimitValueByIndex(int index) { + if (index == indexEntityCountInfo) { + return printEntityCountInfo; + } + + return Integer.toString(values[index]); + } + /** + * Return the state of the limit property + * + * @param limit the limit + * @return the state of the limit property + */ + public State getState(Limit limit) { + return states[limit.ordinal()]; + } + + /** + * Return the state of the limit property + * + * @param limit the limit + * @return the state of the limit property + */ + public String getStateLiteral(Limit limit) { + return states[limit.ordinal()].literal(); + } + + /** + * Get the index by property name + * + * @param propertyName property name + * @return the index of the property if found; return -1 if not + */ + public int getIndex(String propertyName) { + for (Limit limit : Limit.values()) { + if (limit.equalsAPIPropertyName(propertyName)) { + //internally, ordinal is used as index + return limit.ordinal(); + } + } + //special property to return entity count info + if (propertyName.equals(XalanConstants.JDK_ENTITY_COUNT_INFO)) { + return indexEntityCountInfo; + } + return -1; + } + + /** + * Indicate if a property is set explicitly + * @param index + * @return + */ + public boolean isSet(int index) { + return isSet[index]; + } + + public boolean printEntityCountInfo() { + return printEntityCountInfo.equals(XalanConstants.JDK_YES); + } + /** + * Read from system properties, or those in jaxp.properties + */ + private void readSystemProperties() { + + for (Limit limit : Limit.values()) { + if (!getSystemProperty(limit, limit.systemProperty())) { + //if system property is not found, try the older form if any + for (NameMap nameMap : NameMap.values()) { + String oldName = nameMap.getOldName(limit.systemProperty()); + if (oldName != null) { + getSystemProperty(limit, oldName); + } + } + } + } + + } + + /** + * Read from system properties, or those in jaxp.properties + * + * @param property the type of the property + * @param sysPropertyName the name of system property + */ + private boolean getSystemProperty(Limit limit, String sysPropertyName) { + try { + String value = SecuritySupport.getSystemProperty(sysPropertyName); + if (value != null && !value.equals("")) { + values[limit.ordinal()] = Integer.parseInt(value); + states[limit.ordinal()] = State.SYSTEMPROPERTY; + return true; + } + + value = SecuritySupport.readJAXPProperty(sysPropertyName); + if (value != null && !value.equals("")) { + values[limit.ordinal()] = Integer.parseInt(value); + states[limit.ordinal()] = State.JAXPDOTPROPERTIES; + return true; + } + } catch (NumberFormatException e) { + //invalid setting + throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty()); + } + return false; + } +}
--- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityPropertyManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -94,6 +94,23 @@ } /** + * Set limit by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security property manager; + * false if otherwise. + */ + public boolean setValue(String propertyName, State state, Object value) { + int index = getIndex(propertyName); + if (index > -1) { + setValue(index, state, (String)value); + return true; + } + return false; + } + + /** * Set the value for a specific property. * * @param property the property @@ -121,6 +138,22 @@ states[index] = state; } } + + /** + * Return the value of the specified property + * + * @param propertyName the property name + * @return the value of the property as a string + */ + public String getValue(String propertyName) { + int index = getIndex(propertyName); + if (index > -1) { + return getValueByIndex(index); + } + + return null; + } + /** * Return the value of the specified property *
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Import.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Import.java Fri Oct 11 19:49:44 2013 +0100 @@ -86,7 +86,7 @@ if (input == null) { docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc); String accessError = SecuritySupport.checkAccess(docToLoad, - xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), + (String)xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), XalanConstants.ACCESS_EXTERNAL_ALL); if (accessError != null) {
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Include.java Fri Oct 11 19:49:44 2013 +0100 @@ -87,7 +87,7 @@ if (input == null) { docToLoad = SystemIDResolver.getAbsoluteURI(docToLoad, currLoadedDoc); String accessError = SecuritySupport.checkAccess(docToLoad, - xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), + (String)xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), XalanConstants.ACCESS_EXTERNAL_ALL); if (accessError != null) {
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java Fri Oct 11 19:49:44 2013 +0100 @@ -28,6 +28,7 @@ import com.sun.org.apache.xalan.internal.utils.FactoryImpl; import com.sun.org.apache.xalan.internal.utils.ObjectFactory; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.MethodType; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Type; @@ -487,6 +488,20 @@ } final XMLReader reader = parser.getXMLReader(); + try { + XMLSecurityManager securityManager = + (XMLSecurityManager)_xsltc.getProperty(XalanConstants.SECURITY_MANAGER); + for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) { + reader.setProperty(limit.apiProperty(), securityManager.getLimitValueAsString(limit)); + } + if (securityManager.printEntityCountInfo()) { + parser.setProperty(XalanConstants.JDK_ENTITY_COUNT_INFO, XalanConstants.JDK_YES); + } + } catch (SAXException se) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + se.getMessage()); + } + return(parse(reader, input)); } catch (ParserConfigurationException e) { @@ -565,7 +580,7 @@ } path = SystemIDResolver.getAbsoluteURI(path); String accessError = SecuritySupport.checkAccess(path, - _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), + (String)_xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET), XalanConstants.ACCESS_EXTERNAL_ALL); if (accessError != null) { ErrorMsg msg = new ErrorMsg(ErrorMsg.ACCESSING_XSLT_TARGET_ERR,
--- a/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java Fri Oct 11 19:49:44 2013 +0100 @@ -44,11 +44,11 @@ import com.sun.org.apache.bcel.internal.classfile.JavaClass; import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.Util; import com.sun.org.apache.xml.internal.dtm.DTM; -import com.sun.org.apache.xalan.internal.utils.SecuritySupport; import org.xml.sax.InputSource; import org.xml.sax.XMLReader; @@ -146,6 +146,7 @@ */ private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT; + private XMLSecurityManager _xmlSecurityManager; /** * XSLTC compiler constructor @@ -184,12 +185,14 @@ /** * Return allowed protocols for accessing external stylesheet. */ - public String getProperty(String name) { + public Object getProperty(String name) { if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) { return _accessExternalStylesheet; } else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) { return _accessExternalDTD; + } else if (name.equals(XalanConstants.SECURITY_MANAGER)) { + return _xmlSecurityManager; } return null; } @@ -197,12 +200,14 @@ /** * Set allowed protocols for accessing external stylesheet. */ - public void setProperty(String name, String value) { + public void setProperty(String name, Object value) { if (name.equals(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)) { _accessExternalStylesheet = (String)value; } else if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) { _accessExternalDTD = (String)value; + } else if (name.equals(XalanConstants.SECURITY_MANAGER)) { + _xmlSecurityManager = (XMLSecurityManager)value; } }
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -29,7 +29,7 @@ import javax.xml.transform.TransformerException; import javax.xml.transform.URIResolver; import javax.xml.transform.sax.TemplatesHandler; - +import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xalan.internal.xsltc.compiler.CompilerException; import com.sun.org.apache.xalan.internal.xsltc.compiler.Parser; import com.sun.org.apache.xalan.internal.xsltc.compiler.SourceLoader; @@ -103,6 +103,8 @@ (String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET)); xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, (String)tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD)); + xsltc.setProperty(XalanConstants.SECURITY_MANAGER, + tfactory.getAttribute(XalanConstants.SECURITY_MANAGER)); if ("true".equals(tfactory.getAttribute(TransformerFactoryImpl.ENABLE_INLINING)))
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -27,6 +27,7 @@ import com.sun.org.apache.xalan.internal.utils.FactoryImpl; import com.sun.org.apache.xalan.internal.utils.ObjectFactory; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property; import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.State; @@ -218,13 +219,13 @@ * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element. */ private String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT; - /** * protocols allowed for external DTD references in source file and/or stylesheet. */ private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT; private XMLSecurityPropertyManager _xmlSecurityPropertyMgr; + private XMLSecurityManager _xmlSecurityManager; /** * javax.xml.transform.sax.TransformerFactory implementation. @@ -250,6 +251,9 @@ Property.ACCESS_EXTERNAL_DTD); _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue( Property.ACCESS_EXTERNAL_STYLESHEET); + + //Parser's security manager + _xmlSecurityManager = new XMLSecurityManager(true); } /** @@ -311,11 +315,21 @@ return Boolean.TRUE; else return Boolean.FALSE; + } else if (name.equals(XalanConstants.SECURITY_MANAGER)) { + return _xmlSecurityManager; } - int index = _xmlSecurityPropertyMgr.getIndex(name); - if (index > -1) { - return _xmlSecurityPropertyMgr.getValueByIndex(index); + /** Check to see if the property is managed by the security manager **/ + String propertyValue = (_xmlSecurityManager != null) ? + _xmlSecurityManager.getLimitAsString(name) : null; + if (propertyValue != null) { + return propertyValue; + } else { + propertyValue = (_xmlSecurityPropertyMgr != null) ? + _xmlSecurityPropertyMgr.getValue(name) : null; + if (propertyValue != null) { + return propertyValue; + } } // Throw an exception for all other attributes @@ -419,10 +433,13 @@ } } - int index = _xmlSecurityPropertyMgr.getIndex(name); - if (index > -1) { - _xmlSecurityPropertyMgr.setValue(index, - State.APIPROPERTY, (String)value); + if (_xmlSecurityManager != null && + _xmlSecurityManager.setLimit(name, XMLSecurityManager.State.APIPROPERTY, value)) { + return; + } + + if (_xmlSecurityPropertyMgr != null && + _xmlSecurityPropertyMgr.setValue(name, XMLSecurityPropertyManager.State.APIPROPERTY, value)) { _accessExternalDTD = _xmlSecurityPropertyMgr.getValue( Property.ACCESS_EXTERNAL_DTD); _accessExternalStylesheet = _xmlSecurityPropertyMgr.getValue( @@ -473,6 +490,7 @@ throw new TransformerConfigurationException(err.toString()); } _isNotSecureProcessing = !value; + _xmlSecurityManager.setSecureProcessing(value); // set external access restriction when FSP is explicitly set if (value && XalanConstants.IS_JDK8_OR_ABOVE) { @@ -849,6 +867,7 @@ if (!_isNotSecureProcessing) xsltc.setSecureProcessing(true); xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, _accessExternalStylesheet); xsltc.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD); + xsltc.setProperty(XalanConstants.SECURITY_MANAGER, _xmlSecurityManager); xsltc.init(); // Set a document loader (for xsl:include/import) if defined
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -25,6 +25,7 @@ import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -214,6 +215,7 @@ */ private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT; + private XMLSecurityManager _securityManager; /** * A hashtable to store parameters for the identity transform. These * are not needed during the transformation, but we must keep track of @@ -269,8 +271,11 @@ _useServicesMechanism = _tfactory.useServicesMechnism(); _accessExternalStylesheet = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET); _accessExternalDTD = (String)_tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_DTD); + _securityManager = (XMLSecurityManager)_tfactory.getAttribute(XalanConstants.SECURITY_MANAGER); _readerManager = XMLReaderManager.getInstance(_useServicesMechanism); _readerManager.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, _accessExternalDTD); + _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing); + _readerManager.setProperty(XalanConstants.SECURITY_MANAGER, _securityManager); //_isIncremental = tfactory._incremental; } @@ -286,6 +291,7 @@ */ public void setSecureProcessing(boolean flag) { _isSecureProcessing = flag; + _readerManager.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _isSecureProcessing); } /** * Return the state of the services mechanism feature.
--- a/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java Fri Oct 11 19:49:44 2013 +0100 @@ -23,6 +23,7 @@ package com.sun.org.apache.xalan.internal.xsltc.trax; +import com.sun.org.apache.xalan.internal.XalanConstants; import java.io.InputStream; import java.io.Reader; @@ -43,6 +44,7 @@ import javax.xml.transform.stream.StreamSource; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import com.sun.org.apache.xalan.internal.xsltc.compiler.XSLTC; import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg; @@ -105,6 +107,13 @@ if (reader == null) { try { reader= XMLReaderFactory.createXMLReader(); + try { + reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, + xsltc.isSecureProcessing()); + } catch (SAXNotRecognizedException e) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + e.getMessage()); + } } catch (Exception e ) { try { @@ -144,6 +153,22 @@ + e.getMessage()); } + try { + XMLSecurityManager securityManager = + (XMLSecurityManager)xsltc.getProperty(XalanConstants.SECURITY_MANAGER); + if (securityManager != null) { + for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) { + reader.setProperty(limit.apiProperty(), + securityManager.getLimitValueAsString(limit)); + } + if (securityManager.printEntityCountInfo()) { + reader.setProperty(XalanConstants.JDK_ENTITY_COUNT_INFO, XalanConstants.JDK_YES); + } + } + } catch (SAXException se) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + se.getMessage()); + } xsltc.setXMLReader(reader); }catch (SAXNotRecognizedException snre ) { throw new TransformerConfigurationException
--- a/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -33,6 +33,7 @@ import com.sun.org.apache.xerces.internal.util.PropertyState; import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.utils.ObjectFactory; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler; import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler; @@ -59,6 +60,7 @@ import org.w3c.dom.ls.LSResourceResolver; + /** * Xerces implementation of DOMConfiguration that maintains a table of recognized parameters. * @@ -156,6 +158,9 @@ protected static final String SCHEMA_DV_FACTORY = Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; + /** Property identifier: Security property manager. */ private static final String XML_SECURITY_PROPERTY_MANAGER = Constants.XML_SECURITY_PROPERTY_MANAGER; @@ -279,6 +284,7 @@ JAXP_SCHEMA_LANGUAGE, DTD_VALIDATOR_FACTORY_PROPERTY, SCHEMA_DV_FACTORY, + SECURITY_MANAGER, XML_SECURITY_PROPERTY_MANAGER }; addRecognizedProperties(recognizedProperties); @@ -313,6 +319,8 @@ fValidationManager = createValidationManager(); setProperty(VALIDATION_MANAGER, fValidationManager); + setProperty(SECURITY_MANAGER, new XMLSecurityManager(true)); + setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager());
--- a/src/com/sun/org/apache/xerces/internal/impl/Constants.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/Constants.java Fri Oct 11 19:49:44 2013 +0100 @@ -174,8 +174,6 @@ /** JAXP schemaSource language: when used internally may include DTD namespace (DOM) */ public static final String SCHEMA_LANGUAGE = "schemaLanguage"; - public static final String SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ; - /** JAXP Standard property prefix ("http://javax.xml.XMLConstants/property/"). */ public static final String JAXPAPI_PROPERTY_PREFIX = "http://javax.xml.XMLConstants/property/"; @@ -209,6 +207,107 @@ public static final boolean IS_JDK8_OR_ABOVE = isJavaVersionAtLeast(8); // + // Implementation limits: corresponding System Properties of the above + // API properties + // + /** + * JDK entity expansion limit; Note that the existing system property + * "entityExpansionLimit" with no prefix is still observed + */ + public static final String JDK_ENTITY_EXPANSION_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "entityExpansionLimit"; + + /** + * JDK element attribute limit; Note that the existing system property + * "elementAttributeLimit" with no prefix is still observed + */ + public static final String JDK_ELEMENT_ATTRIBUTE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "elementAttributeLimit"; + + /** + * JDK maxOccur limit; Note that the existing system property + * "maxOccurLimit" with no prefix is still observed + */ + public static final String JDK_MAX_OCCUR_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxOccurLimit"; + + /** + * JDK total entity size limit + */ + public static final String JDK_TOTAL_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "totalEntitySizeLimit"; + + /** + * JDK maximum general entity size limit + */ + public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; + /** + * JDK maximum parameter entity size limit + */ + public static final String JDK_PARAMETER_ENTITY_SIZE_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxParameterEntitySizeLimit"; + /** + * JDK maximum XML name limit + */ + public static final String JDK_XML_NAME_LIMIT = + ORACLE_JAXP_PROPERTY_PREFIX + "maxXMLNameLimit"; + /** + * JDK property to allow printing out information from the limit analyzer + */ + public static final String JDK_ENTITY_COUNT_INFO = + ORACLE_JAXP_PROPERTY_PREFIX + "getEntityCountInfo"; + + // + // Implementation limits: API properties + // + /** + * JDK entity expansion limit; Note that the existing system property + * "entityExpansionLimit" with no prefix is still observed + */ + public static final String SP_ENTITY_EXPANSION_LIMIT = "jdk.xml.entityExpansionLimit"; + + /** + * JDK element attribute limit; Note that the existing system property + * "elementAttributeLimit" with no prefix is still observed + */ + public static final String SP_ELEMENT_ATTRIBUTE_LIMIT = "jdk.xml.elementAttributeLimit"; + + /** + * JDK maxOccur limit; Note that the existing system property + * "maxOccurLimit" with no prefix is still observed + */ + public static final String SP_MAX_OCCUR_LIMIT = "jdk.xml.maxOccurLimit"; + + /** + * JDK total entity size limit + */ + public static final String SP_TOTAL_ENTITY_SIZE_LIMIT = "jdk.xml.totalEntitySizeLimit"; + + /** + * JDK maximum general entity size limit + */ + public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; + /** + * JDK maximum parameter entity size limit + */ + public static final String SP_PARAMETER_ENTITY_SIZE_LIMIT = "jdk.xml.maxParameterEntitySizeLimit"; + /** + * JDK maximum XML name limit + */ + public static final String SP_XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit"; + + //legacy System Properties + public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit"; + public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ; + public final static String MAX_OCCUR_LIMIT = "maxOccurLimit"; + + /** + * A string "yes" that can be used for properties such as getEntityCountInfo + */ + public static final String JDK_YES = "yes"; + + // // DOM features // @@ -443,7 +542,7 @@ public static final String LOCALE_PROPERTY = "locale"; /** property identifier: security manager. */ - protected static final String SECURITY_MANAGER = + public static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; @@ -511,9 +610,6 @@ */ public final static String ATTRIBUTE_DECLARED = "ATTRIBUTE_DECLARED"; - public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit"; - - public final static String MAX_OCCUR_LIMIT = "maxOccurLimit"; /** * {@link org.w3c.dom.TypeInfo} associated with current element/attribute
--- a/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -25,6 +25,7 @@ package com.sun.org.apache.xerces.internal.impl; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.xml.internal.stream.StaxEntityResolverWrapper; import java.util.HashMap; @@ -50,12 +51,16 @@ private static final String STRING_INTERNING = "http://xml.org/sax/features/string-interning"; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; + /** Property identifier: Security property manager. */ private static final String XML_SECURITY_PROPERTY_MANAGER = Constants.XML_SECURITY_PROPERTY_MANAGER; HashMap supportedProps = new HashMap(); + private XMLSecurityManager fSecurityManager; private XMLSecurityPropertyManager fSecurityPropertyMgr; public static final int CONTEXT_READER = 1; @@ -82,6 +87,7 @@ HashMap properties = propertyManager.getProperties(); supportedProps.putAll(properties); + fSecurityManager = (XMLSecurityManager)getProperty(SECURITY_MANAGER); fSecurityPropertyMgr = (XMLSecurityPropertyManager)getProperty(XML_SECURITY_PROPERTY_MANAGER); } @@ -124,6 +130,8 @@ supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_DUPLICATE_ENTITYDEF_FEATURE, new Boolean(false)); supportedProps.put(Constants.XERCES_FEATURE_PREFIX + Constants.WARN_ON_UNDECLARED_ELEMDEF_FEATURE, new Boolean(false)); + fSecurityManager = new XMLSecurityManager(true); + supportedProps.put(SECURITY_MANAGER, fSecurityManager); fSecurityPropertyMgr = new XMLSecurityPropertyManager(); supportedProps.put(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); } @@ -142,6 +150,7 @@ */ public boolean containsProperty(String property){ return supportedProps.containsKey(property) || + (fSecurityManager != null && fSecurityManager.getIndex(property) > -1) || (fSecurityPropertyMgr!=null && fSecurityPropertyMgr.getIndex(property) > -1) ; } @@ -169,12 +178,34 @@ supportedProps.put( Constants.XERCES_PROPERTY_PREFIX + Constants.STAX_ENTITY_RESOLVER_PROPERTY , new StaxEntityResolverWrapper((XMLResolver)value)) ; } - int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(property) : -1; - if (index > -1) { - fSecurityPropertyMgr.setValue(index, - XMLSecurityPropertyManager.State.APIPROPERTY, (String)value); - } else { - supportedProps.put(property, value); + /** + * It's possible for users to set a security manager through the interface. + * If it's the old SecurityManager, convert it to the new XMLSecurityManager + */ + if (property.equals(Constants.SECURITY_MANAGER)) { + fSecurityManager = XMLSecurityManager.convert(value, fSecurityManager); + supportedProps.put(Constants.SECURITY_MANAGER, fSecurityManager); + return; + } + if (property.equals(Constants.XML_SECURITY_PROPERTY_MANAGER)) { + if (value == null) { + fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + } else { + fSecurityPropertyMgr = (XMLSecurityPropertyManager)value; + } + supportedProps.put(Constants.XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); + return; + } + + //check if the property is managed by security manager + if (fSecurityManager == null || + !fSecurityManager.setLimit(property, XMLSecurityManager.State.APIPROPERTY, value)) { + //check if the property is managed by security property manager + if (fSecurityPropertyMgr == null || + !fSecurityPropertyMgr.setValue(property, XMLSecurityPropertyManager.State.APIPROPERTY, value)) { + //fall back to the existing property manager + supportedProps.put(property, value); + } } if(equivalentProperty != null){
--- a/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -108,6 +108,7 @@ * @author Elena Litani, IBM * @author Michael Glavassevich, IBM * @author Sunitha Reddy, Sun Microsystems + * @version $Id: XML11NSDocumentScannerImpl.java,v 1.6 2010-11-01 04:39:40 joehw Exp $ */ public class XML11NSDocumentScannerImpl extends XML11DocumentScannerImpl { @@ -236,7 +237,8 @@ // attributes scanAttribute(fAttributes); - if (fSecurityManager != null && fAttributes.getLength() > fElementAttributeLimit){ + if (fSecurityManager != null && (!fSecurityManager.isNoLimit(fElementAttributeLimit)) && + fAttributes.getLength() > fElementAttributeLimit){ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "ElementAttributeLimit", new Object[]{rawname, new Integer(fElementAttributeLimit) },
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -44,6 +44,8 @@ import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.xml.internal.stream.Entity; /** * This class is responsible for scanning the declarations found @@ -66,7 +68,7 @@ * @author Glenn Marcy, IBM * @author Eric Ye, IBM * - * @version $Id: XMLDTDScannerImpl.java,v 1.7 2007/09/26 12:52:40 ndw Exp $ + * @version $Id: XMLDTDScannerImpl.java,v 1.8 2010-11-01 04:39:41 joehw Exp $ */ public class XMLDTDScannerImpl extends XMLScanner @@ -1545,7 +1547,7 @@ // internal entity if (systemId == null) { - scanEntityValue(fLiteral, fLiteral2); + scanEntityValue(name, isPEDecl, fLiteral, fLiteral2); // since we need it's value anyway, let's snag it so it doesn't get corrupted // if a new load takes place before we store the entity values fStringBuffer.clear(); @@ -1610,7 +1612,7 @@ * the use of scanCharReferenceValue), and fStringBuffer2, anything in them * at the time of calling is lost. */ - protected final void scanEntityValue(XMLString value, + protected final void scanEntityValue(String entityName, boolean isPEDecl, XMLString value, XMLString nonNormalizedValue) throws IOException, XNIException { int quote = fEntityScanner.scanChar(); @@ -1622,10 +1624,20 @@ XMLString literal = fString; XMLString literal2 = fString; + int countChar = 0; + if (fLimitAnalyzer == null && fSecurityManager != null) { + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + fLimitAnalyzer.startEntity(entityName); + } + if (fEntityScanner.scanLiteral(quote, fString) != quote) { fStringBuffer.clear(); fStringBuffer2.clear(); do { + if (isPEDecl && fLimitAnalyzer != null) { + checkLimit("%" + entityName, fString.length + countChar); + } + countChar = 0; fStringBuffer.append(fString); fStringBuffer2.append(fString); if (fEntityScanner.skipChar('&')) { @@ -1685,6 +1697,7 @@ } } else { + countChar++; int c = fEntityScanner.peekChar(); if (XMLChar.isHighSurrogate(c)) { scanSurrogates(fStringBuffer2); @@ -1708,9 +1721,17 @@ fStringBuffer2.append(fString); literal = fStringBuffer; literal2 = fStringBuffer2; + } else { + if (isPEDecl) { + checkLimit("%" + entityName, literal); + } } value.setValues(literal); nonNormalizedValue.setValues(literal2); + if (fLimitAnalyzer != null) { + fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName); + } + if (!fEntityScanner.skipChar(quote)) { reportFatalError("CloseQuoteMissingInDecl", null); } @@ -2126,6 +2147,43 @@ //new SymbolTable()); } + /** + * Add the count of the content buffer and check if the accumulated + * value exceeds the limit + * @param entityName entity name + * @param buffer content buffer + */ + private void checkLimit(String entityName, XMLString buffer) { + checkLimit(entityName, buffer.length); + } + + /** + * Add the count and check limit + * @param entityName entity name + * @param len length of the buffer + */ + private void checkLimit(String entityName, int len) { + if (fLimitAnalyzer == null) { + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + } + fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len); + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)) { + fSecurityManager.debugPrint(); + reportFatalError("MaxEntitySizeLimit", new Object[]{entityName, + fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)}); + } + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT)) { + fSecurityManager.debugPrint(); + reportFatalError("TotalEntitySizeLimit", + new Object[]{fLimitAnalyzer.getTotalValue(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT)}); + } + + } + public DTDGrammar getGrammar(){ return nvGrammarInfo; }
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -50,12 +50,14 @@ import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.NamespaceSupport; import com.sun.org.apache.xerces.internal.utils.SecuritySupport; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.State; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; -import com.sun.xml.internal.stream.Entity; import javax.xml.XMLConstants; import javax.xml.stream.XMLStreamConstants; import javax.xml.stream.events.XMLEvent; @@ -213,11 +215,8 @@ }; private static final char [] cdata = {'[','C','D','A','T','A','['}; + static final char [] xmlDecl = {'<','?','x','m','l'}; private static final char [] endTag = {'<','/'}; - - //this variable is also used by XMLDocumentScannerImpl in the same package - static final char [] xmlDecl = {'<','?','x','m','l'}; - // debugging /** Debug scanner state. */ @@ -316,6 +315,7 @@ protected String fDeclaredEncoding = null; /** Xerces Feature: Disallow doctype declaration. */ protected boolean fDisallowDoctype = false; + /** * comma-delimited list of protocols that are allowed for the purpose * of accessing external dtd or entity references @@ -384,7 +384,6 @@ protected boolean foundBuiltInRefs = false; - protected SecurityManager fSecurityManager = null; //skip element algorithm static final short MAX_DEPTH_LIMIT = 5 ; @@ -571,8 +570,11 @@ // xerces features fReportCdataEvent = componentManager.getFeature(Constants.STAX_REPORT_CDATA_EVENT, true); - fSecurityManager = (SecurityManager)componentManager.getProperty(Constants.SECURITY_MANAGER, null); - fElementAttributeLimit = (fSecurityManager != null)?fSecurityManager.getElementAttrLimit():0; + fSecurityManager = (XMLSecurityManager)componentManager.getProperty(Constants.SECURITY_MANAGER, null); + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + + fElementAttributeLimit = (fSecurityManager != null)? + fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT):0; fNotifyBuiltInRefs = componentManager.getFeature(NOTIFY_BUILTIN_REFS, false); @@ -598,9 +600,6 @@ //xxx: external entities are supported in Xerces // it would be good to define feature for this case fSupportExternalEntities = true; - fSupportExternalEntities = true; - fSupportExternalEntities = true; - fSupportExternalEntities = true; fReplaceEntityReferences = true; fIsCoalesce = false; @@ -671,6 +670,9 @@ XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER); fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); + + fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(Constants.SECURITY_MANAGER); + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); } // reset(XMLComponentManager) /** @@ -1322,7 +1324,8 @@ fAddDefaultAttr = true; do { scanAttribute(fAttributes); - if (fSecurityManager != null && fAttributes.getLength() > fElementAttributeLimit){ + if (fSecurityManager != null && !fSecurityManager.isNoLimit(fElementAttributeLimit) && + fAttributes.getLength() > fElementAttributeLimit){ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "ElementAttributeLimit", new Object[]{rawname, new Integer(fAttributes.getLength()) }, @@ -2036,6 +2039,13 @@ } // getDriverName():String + /** + * Check the protocol used in the systemId against allowed protocols + * + * @param systemId the Id of the URI + * @param allowedProtocols a list of allowed protocols separated by comma + * @return the name of the protocol if rejected, null otherwise + */ String checkAccess(String systemId, String allowedProtocols) throws IOException { String baseSystemId = fEntityScanner.getBaseSystemId(); String expandedSystemId = fEntityManager.expandSystemId(systemId, baseSystemId,fStrictURI); @@ -2833,6 +2843,8 @@ if(DEBUG){ System.out.println("NOT USING THE BUFFER, STRING = " + fTempString.toString()); } + //check limit before returning event + checkLimit(fContentBuffer); if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){ if(DEBUG)System.out.println("Return SPACE EVENT"); return XMLEvent.SPACE; @@ -2931,6 +2943,8 @@ fLastSectionWasCharacterData = true ; continue; }else{ + //check limit before returning event + checkLimit(fContentBuffer); if(dtdGrammarUtil!= null && dtdGrammarUtil.isIgnorableWhiteSpace(fContentBuffer)){ if(DEBUG)System.out.println("Return SPACE EVENT"); return XMLEvent.SPACE; @@ -3141,6 +3155,30 @@ } //while loop }//next + /** + * Add the count of the content buffer and check if the accumulated + * value exceeds the limit + * @param buffer content buffer + */ + protected void checkLimit(XMLStringBuffer buffer) { + if (fLimitAnalyzer.isTracking(fCurrentEntityName)) { + fLimitAnalyzer.addValue(Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); + if (fSecurityManager.isOverLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT)) { + fSecurityManager.debugPrint(); + reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName, + fLimitAnalyzer.getValue(Limit.GENEAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(Limit.GENEAL_ENTITY_SIZE_LIMIT)}); + } + if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT)) { + fSecurityManager.debugPrint(); + reportFatalError("TotalEntitySizeLimit", + new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT), + fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)}); + } + } + } // // Protected methods
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -28,9 +28,10 @@ import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler; import com.sun.org.apache.xerces.internal.impl.validation.ValidationManager; import com.sun.org.apache.xerces.internal.util.*; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.URI; import com.sun.org.apache.xerces.internal.utils.SecuritySupport; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier; @@ -174,7 +175,6 @@ /** access external dtd: file protocol */ static final String EXTERNAL_ACCESS_DEFAULT = Constants.EXTERNAL_ACCESS_DEFAULT; - // recognized features and properties /** Recognized features. */ @@ -307,6 +307,7 @@ /** used to restrict external access */ protected String fAccessExternalDTD = EXTERNAL_ACCESS_DEFAULT; + // settings /** @@ -324,9 +325,12 @@ */ protected int fBufferSize = DEFAULT_BUFFER_SIZE; - // stores defaults for entity expansion limit if it has - // been set on the configuration. - protected SecurityManager fSecurityManager = null; + /** Security Manager */ + protected XMLSecurityManager fSecurityManager = null; + + protected XMLLimitAnalyzer fLimitAnalyzer = null; + + protected int entityExpansionIndex; /** * True if the document entity is standalone. This should really @@ -352,10 +356,6 @@ /** XML 1.1 entity scanner. */ protected XMLEntityScanner fXML11EntityScanner; - /** entity expansion limit (contains useful data if and only if - fSecurityManager is non-null) */ - protected int fEntityExpansionLimit = 0; - /** count of entities expanded: */ protected int fEntityExpansionCount = 0; @@ -833,6 +833,9 @@ fCurrentEntity.setEncodingExternallySpecified(encodingExternallySpecified); fEntityScanner.setCurrentEntity(fCurrentEntity); fResourceIdentifier.setValues(publicId, literalSystemId, baseSystemId, expandedSystemId); + if (fLimitAnalyzer != null) { + fLimitAnalyzer.startEntity(name); + } return encoding; } //setupCurrentEntity(String, XMLInputSource, boolean, boolean): String @@ -1294,10 +1297,13 @@ //expansions exceeds the entity expansion limit, parser will throw fatal error. // Note that this represents the nesting level of open entities. fEntityExpansionCount++; - if( fSecurityManager != null && fEntityExpansionCount > fEntityExpansionLimit ){ - fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, - "EntityExpansionLimitExceeded", - new Object[]{new Integer(fEntityExpansionLimit) }, + if(fLimitAnalyzer != null) { + fLimitAnalyzer.addValue(entityExpansionIndex, name, 1); + } + if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex)){ + fSecurityManager.debugPrint(); + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded", + new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)}, XMLErrorReporter.SEVERITY_FATAL_ERROR ); // is there anything better to do than reset the counter? // at least one can envision debugging applications where this might @@ -1361,6 +1367,12 @@ if(fCurrentEntity != null){ //close the reader try{ + if (fLimitAnalyzer != null) { + fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name); + if (fCurrentEntity.name.equals("[xml]")) { + fSecurityManager.debugPrint(); + } + } fCurrentEntity.close(); }catch(IOException ex){ throw new XNIException(ex); @@ -1426,6 +1438,9 @@ XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) propertyManager.getProperty(XML_SECURITY_PROPERTY_MANAGER); fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); + fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER); + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + // initialize state //fStandalone = false; fEntities.clear(); @@ -1485,7 +1500,9 @@ fEntityResolver = (XMLEntityResolver)componentManager.getProperty(ENTITY_RESOLVER, null); fStaxEntityResolver = (StaxEntityResolverWrapper)componentManager.getProperty(STAX_ENTITY_RESOLVER, null); fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null); - fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER, null); + fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null); + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); + entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT); // JAXP 1.5 feature XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager) componentManager.getProperty(XML_SECURITY_PROPERTY_MANAGER, null); @@ -1506,7 +1523,6 @@ // a class acting as a component manager but not // implementing that interface for whatever reason. public void reset() { - fEntityExpansionLimit = (fSecurityManager != null)?fSecurityManager.getEntityExpansionLimit():0; // initialize state fStandalone = false; @@ -1642,8 +1658,8 @@ } if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() && propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) { - fSecurityManager = (SecurityManager)value; - fEntityExpansionLimit = (fSecurityManager != null)?fSecurityManager.getEntityExpansionLimit():0; + fSecurityManager = (XMLSecurityManager)value; + fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); } } @@ -1652,9 +1668,8 @@ { XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value; fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); + } } - } - /** * Returns a list of property identifiers that are recognized by * this component. This method may return null if no properties
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -58,6 +58,7 @@ * @author Neeraj Bajaj, Sun Microsystems * @author Venugopal Rao K, Sun Microsystems * @author Elena Litani, IBM + * @version $Id: XMLNSDocumentScannerImpl.java,v 1.11 2010-11-01 04:39:41 joehw Exp $ */ public class XMLNSDocumentScannerImpl extends XMLDocumentScannerImpl { @@ -251,7 +252,8 @@ do { scanAttribute(fAttributes); - if (fSecurityManager != null && fAttributes.getLength() > fElementAttributeLimit){ + if (fSecurityManager != null && (!fSecurityManager.isNoLimit(fElementAttributeLimit)) && + fAttributes.getLength() > fElementAttributeLimit){ fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "ElementAttributeLimit", new Object[]{rawname, new Integer(fAttributes.getLength()) },
--- a/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java Fri Oct 11 19:49:44 2013 +0100 @@ -32,6 +32,8 @@ import com.sun.org.apache.xerces.internal.util.XMLChar; import com.sun.org.apache.xerces.internal.util.XMLResourceIdentifierImpl; import com.sun.org.apache.xerces.internal.util.XMLStringBuffer; +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.xni.XMLAttributes; import com.sun.org.apache.xerces.internal.xni.XMLResourceIdentifier; @@ -106,6 +108,9 @@ protected static final String ENTITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; + // debugging /** Debug attribute normalization. */ @@ -159,6 +164,12 @@ /** xxx this should be available from EntityManager Entity storage */ protected XMLEntityStorage fEntityStore = null ; + /** Security manager. */ + protected XMLSecurityManager fSecurityManager = null; + + /** Limit analyzer. */ + protected XMLLimitAnalyzer fLimitAnalyzer = null; + // protected data /** event type */ @@ -256,6 +267,7 @@ fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE); fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER); fEntityManager = (XMLEntityManager)componentManager.getProperty(ENTITY_MANAGER); + fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER); //this step is extra because we have separated the storage of entity fEntityStore = fEntityManager.getEntityStore() ; @@ -293,6 +305,10 @@ fEntityManager = (XMLEntityManager)value; } } + + if (propertyId.equals(SECURITY_MANAGER)) { + fSecurityManager = (XMLSecurityManager)value; + } /*else if(propertyId.equals(Constants.STAX_PROPERTIES)){ fStaxProperties = (HashMap)value; //TODO::discuss with neeraj what are his thoughts on passing properties. @@ -352,6 +368,8 @@ fEntityManager = (XMLEntityManager)propertyManager.getProperty(ENTITY_MANAGER); fEntityStore = fEntityManager.getEntityStore() ; fEntityScanner = (XMLEntityScanner)fEntityManager.getEntityScanner() ; + fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER); + //fEntityManager.reset(); // DTD preparsing defaults: fValidation = false; @@ -499,7 +517,7 @@ reportFatalError("SDDeclInvalid", new Object[] {standalone}); } } else { - reportFatalError("EncodingDeclRequired", null); + reportFatalError("SDDeclNameInvalid", null); } break; } @@ -510,8 +528,9 @@ sawSpace = fEntityScanner.skipSpaces(); } // restore original literal value - if(currLiteral) + if(currLiteral) { currEnt.literal = true; + } // REVISIT: should we remove this error reporting? if (scanningTextDecl && state != STATE_DONE) { reportFatalError("MorePseudoAttributes", null); @@ -564,7 +583,7 @@ XMLString value) throws IOException, XNIException { - String name = fEntityScanner.scanName(); + String name = scanPseudoAttributeName(); // XMLEntityManager.print(fEntityManager.getCurrentEntity()); if (name == null) { @@ -617,6 +636,35 @@ } // scanPseudoAttribute(XMLString):String /** + * Scans the name of a pseudo attribute. The only legal names + * in XML 1.0/1.1 documents are 'version', 'encoding' and 'standalone'. + * + * @return the name of the pseudo attribute or <code>null</code> + * if a legal pseudo attribute name could not be scanned. + */ + private String scanPseudoAttributeName() throws IOException, XNIException { + final int ch = fEntityScanner.peekChar(); + switch (ch) { + case 'v': + if (fEntityScanner.skipString(fVersionSymbol)) { + return fVersionSymbol; + } + break; + case 'e': + if (fEntityScanner.skipString(fEncodingSymbol)) { + return fEncodingSymbol; + } + break; + case 's': + if (fEntityScanner.skipString(fStandaloneSymbol)) { + return fStandaloneSymbol; + } + break; + } + return null; + } // scanPseudoAttributeName() + + /** * Scans a processing instruction. * <p> * <pre>
--- a/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties Fri Oct 11 19:49:44 2013 +0100 @@ -44,6 +44,7 @@ # 2.9 Standalone Document Declaration SDDeclInvalid = The standalone document declaration value must be \"yes\" or \"no\", not \"{0}\". + SDDeclNameInvalid = The standalone name in XML declaration may be misspelled. # 2.12 Language Identification XMLLangInvalid = The xml:lang attribute value \"{0}\" is an invalid language identifier. # 3. Logical Structures @@ -292,8 +293,10 @@ InvalidCharInLiteral=InvalidCharInLiteral -#Application can set the limit of number of entities that should be expanded by the parser. -EntityExpansionLimitExceeded=The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the application. +# Implementation limits + EntityExpansionLimitExceeded=JAXP00010001: The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the JDK. + ElementAttributeLimit=JAXP00010002: Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the JDK. + MaxEntitySizeLimit=JAXP00010003: The length of entity \"{0}\" is \"{1}\" that exceeds the \"{2}\" limit set by \"{3}\". + TotalEntitySizeLimit=JAXP00010004: The accumulated size \"{0}\" of entities exceeded the \"{1}\" limit set by \"{2}\". + MaxXMLNameLimit=JAXP00010005: The name \"{0}\" exceeded the \"{1}\" limit set by \"{2}\". -# Application can set the limit of number of attributes of entity that should be expanded by the parser. -ElementAttributeLimit= Element \"{0}\" has more than \"{1}\" attributes, \"{1}\" is the limit imposed by the application.
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java Fri Oct 11 19:49:44 2013 +0100 @@ -21,13 +21,13 @@ package com.sun.org.apache.xerces.internal.impl.xs.models; +import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; -import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; -import com.sun.org.apache.xerces.internal.util.SecurityManager ; import com.sun.org.apache.xerces.internal.impl.dtd.models.CMNode; +import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; -import com.sun.org.apache.xerces.internal.impl.xs.XSMessageFormatter; -import com.sun.org.apache.xerces.internal.impl.Constants; /** * @@ -68,7 +68,7 @@ // stores defaults for different security holes (maxOccurLimit in current context) if it has // been set on the configuration. - private SecurityManager fSecurityManager = null; + private XMLSecurityManager fSecurityManager = null; /** default constructor */ public CMNodeFactory() { @@ -77,10 +77,10 @@ public void reset(XMLComponentManager componentManager){ fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER); try { - fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER); + fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER); //we are setting the limit of number of nodes to 3times the maxOccur value.. if(fSecurityManager != null){ - maxNodeLimit = fSecurityManager.getMaxOccurNodeLimit() * MULTIPLICITY ; + maxNodeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY ; } } catch (XMLConfigurationException e) { @@ -109,7 +109,8 @@ } public void nodeCountCheck(){ - if( fSecurityManager != null && nodeCount++ > maxNodeLimit){ + if( fSecurityManager != null && !fSecurityManager.isNoLimit(maxNodeLimit) && + nodeCount++ > maxNodeLimit){ if(DEBUG){ System.out.println("nodeCount = " + nodeCount ) ; System.out.println("nodeLimit = " + maxNodeLimit ) ; @@ -150,8 +151,9 @@ if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() && propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) { - fSecurityManager = (SecurityManager)value; - maxNodeLimit = (fSecurityManager != null) ? fSecurityManager.getMaxOccurNodeLimit() * MULTIPLICITY : 0 ; + fSecurityManager = (XMLSecurityManager)value; + maxNodeLimit = (fSecurityManager != null) ? + fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT) * MULTIPLICITY : 0 ; return; } if (suffixLength == Constants.ERROR_REPORTER_PROPERTY.length() &&
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java Fri Oct 11 19:49:44 2013 +0100 @@ -40,6 +40,7 @@ import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.util.XMLChar; import com.sun.org.apache.xerces.internal.util.XMLSymbols; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.QName; import com.sun.org.apache.xerces.internal.xs.XSConstants; import java.util.HashMap; @@ -1194,8 +1195,8 @@ if (!optimize) { //Revisit :: IMO this is not right place to check // maxOccurNodeLimit. - int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getMaxOccurNodeLimit(); - if (max > maxOccurNodeLimit) { + int maxOccurNodeLimit = fSchemaHandler.fSecureProcessing.getLimit(XMLSecurityManager.Limit.MAX_OCCUR_NODE_LIMIT); + if (max > maxOccurNodeLimit && !fSchemaHandler.fSecureProcessing.isNoLimit(maxOccurNodeLimit)) { reportSchemaFatalError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element); // reset max values in case processing continues on error
--- a/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java Fri Oct 11 19:49:44 2013 +0100 @@ -70,7 +70,6 @@ import com.sun.org.apache.xerces.internal.util.DefaultErrorHandler; import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper; import com.sun.org.apache.xerces.internal.util.SAXInputSource; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.StAXInputSource; import com.sun.org.apache.xerces.internal.util.StAXLocationWrapper; import com.sun.org.apache.xerces.internal.util.SymbolHash; @@ -79,6 +78,7 @@ import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException; import com.sun.org.apache.xerces.internal.utils.SecuritySupport; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.QName; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; @@ -257,7 +257,7 @@ * * <p>Protected to allow access by any traverser.</p> */ - protected SecurityManager fSecureProcessing = null; + protected XMLSecurityManager fSecureProcessing = null; private String fAccessExternalSchema; private String fAccessExternalDTD; @@ -3509,7 +3509,7 @@ fSecureProcessing = null; if( componentManager!=null ) { - fSecureProcessing = (SecurityManager) componentManager.getProperty(SECURE_PROCESSING, null); + fSecureProcessing = (XMLSecurityManager) componentManager.getProperty(SECURE_PROCESSING, null); } //set entity resolver
--- a/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -36,7 +36,7 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator; import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer; import com.sun.org.apache.xerces.internal.parsers.DOMParser; -import com.sun.org.apache.xerces.internal.util.SecurityManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.Property; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager.State; @@ -46,7 +46,6 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLConfigurationException; import com.sun.org.apache.xerces.internal.xni.parser.XMLDocumentSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; -import javax.xml.XMLConstants; import org.w3c.dom.DOMImplementation; import org.w3c.dom.Document; import org.xml.sax.EntityResolver; @@ -125,6 +124,7 @@ /** Initial EntityResolver */ private final EntityResolver fInitEntityResolver; + private XMLSecurityManager fSecurityManager; private XMLSecurityPropertyManager fSecurityPropertyMgr; DocumentBuilderImpl(DocumentBuilderFactoryImpl dbf, Hashtable dbfAttrs, Hashtable features) @@ -173,10 +173,10 @@ fSecurityPropertyMgr = new XMLSecurityPropertyManager(); domParser.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); - // If the secure processing feature is on set a security manager. + fSecurityManager = new XMLSecurityManager(secureProcessing); + domParser.setProperty(SECURITY_MANAGER, fSecurityManager); + if (secureProcessing) { - domParser.setProperty(SECURITY_MANAGER, new SecurityManager()); - /** * If secure processing is explicitly set on the factory, the * access properties will be set unless the corresponding @@ -250,9 +250,9 @@ String feature = (String) entry.getKey(); boolean value = ((Boolean) entry.getValue()).booleanValue(); domParser.setFeature(feature, value); - } } } + } /** * Set any DocumentBuilderFactory attributes of our underlying DOMParser @@ -303,14 +303,17 @@ } } } else { - int index = fSecurityPropertyMgr.getIndex(name); - if (index > -1) { - fSecurityPropertyMgr.setValue(index, - XMLSecurityPropertyManager.State.APIPROPERTY, (String)val); - } else { - // Let Xerces code handle the property - domParser.setProperty(name, val); - } + //check if the property is managed by security manager + if (fSecurityManager == null || + !fSecurityManager.setLimit(name, XMLSecurityManager.State.APIPROPERTY, val)) { + //check if the property is managed by security property manager + if (fSecurityPropertyMgr == null || + !fSecurityPropertyMgr.setValue(name, XMLSecurityPropertyManager.State.APIPROPERTY, val)) { + //fall back to the existing property manager + domParser.setProperty(name, val); + } + } + } } }
--- a/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -34,9 +34,9 @@ import com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator; import com.sun.org.apache.xerces.internal.jaxp.validation.XSGrammarPoolContainer; import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.XMLDocumentHandler; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; @@ -112,6 +112,7 @@ /** Initial EntityResolver */ private final EntityResolver fInitEntityResolver; + private final XMLSecurityManager fSecurityManager; private final XMLSecurityPropertyManager fSecurityPropertyMgr; /** @@ -130,10 +131,10 @@ SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features, boolean secureProcessing) throws SAXException { + fSecurityManager = new XMLSecurityManager(secureProcessing); fSecurityPropertyMgr = new XMLSecurityPropertyManager(); - // Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader - xmlReader = new JAXPSAXParser(this, fSecurityPropertyMgr); + xmlReader = new JAXPSAXParser(this, fSecurityPropertyMgr, fSecurityManager); // JAXP "namespaceAware" == SAX Namespaces feature // Note: there is a compatibility problem here with default values: @@ -154,9 +155,9 @@ xmlReader.setProperty0(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); - // If the secure processing feature is on set a security manager. + xmlReader.setProperty0(SECURITY_MANAGER, fSecurityManager); + if (secureProcessing) { - xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager()); /** * By default, secure processing is set, no external access is allowed. * However, we need to check if it is actively set on the factory since we @@ -164,6 +165,7 @@ * the default value */ if (features != null) { + Object temp = features.get(XMLConstants.FEATURE_SECURE_PROCESSING); if (temp != null) { boolean value = ((Boolean) temp).booleanValue(); @@ -398,28 +400,42 @@ private final HashMap fInitFeatures = new HashMap(); private final HashMap fInitProperties = new HashMap(); private final SAXParserImpl fSAXParser; + private XMLSecurityManager fSecurityManager; private XMLSecurityPropertyManager fSecurityPropertyMgr; public JAXPSAXParser() { - this(null, null); + this(null, null, null); } - JAXPSAXParser(SAXParserImpl saxParser, XMLSecurityPropertyManager spm) { + JAXPSAXParser(SAXParserImpl saxParser, XMLSecurityPropertyManager securityPropertyMgr, + XMLSecurityManager securityManager) { super(); fSAXParser = saxParser; - fSecurityPropertyMgr = spm; - + fSecurityManager = securityManager; + fSecurityPropertyMgr = securityPropertyMgr; /** * This class may be used directly. So initialize the security manager if * it is null. */ + if (fSecurityManager == null) { + fSecurityManager = new XMLSecurityManager(true); + try { + super.setProperty(SECURITY_MANAGER, fSecurityManager); + } catch (SAXException e) { + throw new UnsupportedOperationException( + SAXMessageFormatter.formatMessage(fConfiguration.getLocale(), + "property-not-recognized", new Object [] {SECURITY_MANAGER}), e); + } + } if (fSecurityPropertyMgr == null) { fSecurityPropertyMgr = new XMLSecurityPropertyManager(); try { super.setProperty(XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); - } catch (Exception ex) { - //shall not happen + } catch (SAXException e) { + throw new UnsupportedOperationException( + SAXMessageFormatter.formatMessage(fConfiguration.getLocale(), + "property-not-recognized", new Object [] {SECURITY_MANAGER}), e); } } } @@ -437,7 +453,8 @@ } if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { try { - setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null); + fSecurityManager.setSecureProcessing(value); + setProperty(SECURITY_MANAGER, fSecurityManager); } catch (SAXNotRecognizedException exc) { // If the property is not supported @@ -473,13 +490,7 @@ throw new NullPointerException(); } if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { - try { - return (super.getProperty(SECURITY_MANAGER) != null); - } - // If the property is not supported the value must be false. - catch (SAXException exc) { - return false; - } + return fSecurityManager.isSecureProcessing(); } return super.getFeature(name); } @@ -558,17 +569,21 @@ if (fSAXParser != null && fSAXParser.fSchemaValidator != null) { setSchemaValidatorProperty(name, value); } - /** Check to see if the property is managed by the property manager **/ - int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(name) : -1; - if (index > -1) { - fSecurityPropertyMgr.setValue(index, - XMLSecurityPropertyManager.State.APIPROPERTY, (String)value); - } else { - if (!fInitProperties.containsKey(name)) { - fInitProperties.put(name, super.getProperty(name)); + + //check if the property is managed by security manager + if (fSecurityManager == null || + !fSecurityManager.setLimit(name, XMLSecurityManager.State.APIPROPERTY, value)) { + //check if the property is managed by security property manager + if (fSecurityPropertyMgr == null || + !fSecurityPropertyMgr.setValue(name, XMLSecurityPropertyManager.State.APIPROPERTY, value)) { + //fall back to the existing property manager + if (!fInitProperties.containsKey(name)) { + fInitProperties.put(name, super.getProperty(name)); + } + super.setProperty(name, value); } - super.setProperty(name, value); } + } public synchronized Object getProperty(String name) @@ -581,9 +596,18 @@ // JAXP 1.2 support return fSAXParser.schemaLanguage; } - int index = (fSecurityPropertyMgr != null) ? fSecurityPropertyMgr.getIndex(name) : -1; - if (index > -1) { - return fSecurityPropertyMgr.getValueByIndex(index); + + /** Check to see if the property is managed by the security manager **/ + String propertyValue = (fSecurityManager != null) ? + fSecurityManager.getLimitAsString(name) : null; + if (propertyValue != null) { + return propertyValue; + } else { + propertyValue = (fSecurityPropertyMgr != null) ? + fSecurityPropertyMgr.getValue(name) : null; + if (propertyValue != null) { + return propertyValue; + } } return super.getProperty(name);
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/StAXValidatorHelper.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/StAXValidatorHelper.java Fri Oct 11 19:49:44 2013 +0100 @@ -26,6 +26,7 @@ package com.sun.org.apache.xerces.internal.jaxp.validation; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import java.io.IOException; import javax.xml.transform.Result; @@ -73,6 +74,19 @@ SAXTransformerFactory tf = fComponentManager.getFeature(Constants.ORACLE_FEATURE_SERVICE_MECHANISM) ? (SAXTransformerFactory)SAXTransformerFactory.newInstance() : (SAXTransformerFactory) TransformerFactory.newInstance(DEFAULT_TRANSFORMER_IMPL, StAXValidatorHelper.class.getClassLoader()); + XMLSecurityManager securityManager = (XMLSecurityManager)fComponentManager.getProperty(Constants.SECURITY_MANAGER); + if (securityManager != null) { + for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) { + if (securityManager.isSet(limit.ordinal())){ + tf.setAttribute(limit.apiProperty(), + securityManager.getLimitValueAsString(limit)); + } + } + if (securityManager.printEntityCountInfo()) { + tf.setAttribute(Constants.JDK_ENTITY_COUNT_INFO, "yes"); + } + } + identityTransformer1 = tf.newTransformer(); identityTransformer2 = tf.newTransformerHandler(); } catch (TransformerConfigurationException e) {
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java Fri Oct 11 19:49:44 2013 +0100 @@ -20,28 +20,27 @@ package com.sun.org.apache.xerces.internal.jaxp.validation; -import java.lang.ref.SoftReference; -import java.io.IOException; - -import javax.xml.transform.Result; -import javax.xml.transform.Source; -import javax.xml.transform.sax.SAXTransformerFactory; -import javax.xml.transform.sax.TransformerHandler; -import javax.xml.transform.stream.StreamSource; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.TransformerConfigurationException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.XMLConstants; - import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; import com.sun.org.apache.xerces.internal.impl.msg.XMLMessageFormatter; import com.sun.org.apache.xerces.internal.parsers.XML11Configuration; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParseException; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; +import java.io.IOException; +import java.lang.ref.SoftReference; +import javax.xml.XMLConstants; +import javax.xml.transform.Result; +import javax.xml.transform.Source; +import javax.xml.transform.TransformerConfigurationException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.sax.SAXTransformerFactory; +import javax.xml.transform.sax.TransformerHandler; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; import org.xml.sax.SAXException; /** @@ -86,6 +85,11 @@ Constants.XERCES_PROPERTY_PREFIX + Constants.VALIDATION_MANAGER_PROPERTY; private static final String DEFAULT_TRANSFORMER_IMPL = "com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl"; + + /** Property id: security manager. */ + private static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + // // Data // @@ -165,6 +169,9 @@ private XMLParserConfiguration initialize() { XML11Configuration config = new XML11Configuration(); + if (fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) { + config.setProperty(SECURITY_MANAGER, new XMLSecurityManager()); + } config.setProperty(ENTITY_RESOLVER, fComponentManager.getProperty(ENTITY_RESOLVER)); config.setProperty(ERROR_HANDLER, fComponentManager.getProperty(ERROR_HANDLER)); XMLErrorReporter errorReporter = (XMLErrorReporter) fComponentManager.getProperty(ERROR_REPORTER); @@ -182,6 +189,8 @@ config.setDTDContentModelHandler(null); config.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, fComponentManager.getProperty(Constants.XML_SECURITY_PROPERTY_MANAGER)); + config.setProperty(Constants.SECURITY_MANAGER, + fComponentManager.getProperty(Constants.SECURITY_MANAGER)); fConfiguration = new SoftReference(config); return config; }
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java Fri Oct 11 19:49:44 2013 +0100 @@ -49,11 +49,11 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolTable; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.URI; import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl; import com.sun.org.apache.xerces.internal.util.XMLSymbols; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; import com.sun.org.apache.xerces.internal.xni.QName; @@ -679,10 +679,12 @@ SAXParserFactory.newInstance() : new SAXParserFactoryImpl(); spf.setNamespaceAware(true); try { + spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, + fComponentManager.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)); reader = spf.newSAXParser().getXMLReader(); // If this is a Xerces SAX parser, set the security manager if there is one if (reader instanceof com.sun.org.apache.xerces.internal.parsers.SAXParser) { - SecurityManager securityManager = (SecurityManager) fComponentManager.getProperty(SECURITY_MANAGER); + XMLSecurityManager securityManager = (XMLSecurityManager) fComponentManager.getProperty(SECURITY_MANAGER); if (securityManager != null) { try { reader.setProperty(SECURITY_MANAGER, securityManager);
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java Fri Oct 11 19:49:44 2013 +0100 @@ -41,10 +41,10 @@ import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper; import com.sun.org.apache.xerces.internal.util.SAXInputSource; import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.StAXInputSource; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.XMLGrammarPoolImpl; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.Grammar; @@ -79,7 +79,7 @@ private static final String XMLGRAMMAR_POOL = Constants.XERCES_PROPERTY_PREFIX + Constants.XMLGRAMMAR_POOL_PROPERTY; - /** Property identifier: SecurityManager. */ + /** Property identifier: XMLSecurityManager. */ private static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; @@ -108,7 +108,7 @@ private ErrorHandlerWrapper fErrorHandlerWrapper; /** The SecurityManager. */ - private SecurityManager fSecurityManager; + private XMLSecurityManager fSecurityManager; /** The Security property manager. */ private XMLSecurityPropertyManager fSecurityPropertyMgr; @@ -141,7 +141,7 @@ fXMLSchemaLoader.setErrorHandler(fErrorHandlerWrapper); // Enable secure processing feature by default - fSecurityManager = new SecurityManager(); + fSecurityManager = new XMLSecurityManager(true); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); fSecurityPropertyMgr = new XMLSecurityPropertyManager(); @@ -301,7 +301,7 @@ "FeatureNameNull", null)); } if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { - return (fSecurityManager != null); + return (fSecurityManager != null && fSecurityManager.isSecureProcessing()); } try { return fXMLSchemaLoader.getFeature(name); @@ -365,17 +365,15 @@ SAXMessageFormatter.formatMessage(null, "jaxp-secureprocessing-feature", null)); } + + fSecurityManager.setSecureProcessing(value); if (value) { - fSecurityManager = new SecurityManager(); - if (Constants.IS_JDK8_OR_ABOVE) { fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD, XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_SCHEMA, XMLSecurityPropertyManager.State.FSP, Constants.EXTERNAL_ACCESS_DEFAULT_FSP); } - } else { - fSecurityManager = null; } fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); @@ -410,9 +408,17 @@ "ProperyNameNull", null)); } if (name.equals(SECURITY_MANAGER)) { - fSecurityManager = (SecurityManager) object; + fSecurityManager = XMLSecurityManager.convert(object, fSecurityManager); fXMLSchemaLoader.setProperty(SECURITY_MANAGER, fSecurityManager); return; + } else if (name.equals(Constants.XML_SECURITY_PROPERTY_MANAGER)) { + if (object == null) { + fSecurityPropertyMgr = new XMLSecurityPropertyManager(); + } else { + fSecurityPropertyMgr = (XMLSecurityPropertyManager)object; + } + fXMLSchemaLoader.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, fSecurityPropertyMgr); + return; } else if (name.equals(XMLGRAMMAR_POOL)) { throw new SAXNotSupportedException( @@ -420,12 +426,15 @@ "property-not-supported", new Object [] {name})); } try { - int index = fSecurityPropertyMgr.getIndex(name); - if (index > -1) { - fSecurityPropertyMgr.setValue(index, - XMLSecurityPropertyManager.State.APIPROPERTY, (String)object); - } else { - fXMLSchemaLoader.setProperty(name, object); + //check if the property is managed by security manager + if (fSecurityManager == null || + !fSecurityManager.setLimit(name, XMLSecurityManager.State.APIPROPERTY, object)) { + //check if the property is managed by security property manager + if (fSecurityPropertyMgr == null || + !fSecurityPropertyMgr.setValue(name, XMLSecurityPropertyManager.State.APIPROPERTY, object)) { + //fall back to the existing property manager + fXMLSchemaLoader.setProperty(name, object); + } } } catch (XMLConfigurationException e) {
--- a/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -39,10 +39,10 @@ import com.sun.org.apache.xerces.internal.util.NamespaceSupport; import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings; import com.sun.org.apache.xerces.internal.util.PropertyState; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponent; @@ -181,7 +181,7 @@ private final HashMap fInitProperties = new HashMap(); /** Stores the initial security manager. */ - private final SecurityManager fInitSecurityManager; + private XMLSecurityManager fInitSecurityManager; /** Stores the initial security property manager. */ private final XMLSecurityPropertyManager fSecurityPropertyMgr; @@ -221,12 +221,6 @@ fComponents.put(ENTITY_RESOLVER, null); fComponents.put(ERROR_HANDLER, null); - if (System.getSecurityManager() != null) { - _isSecureMode = true; - setProperty(SECURITY_MANAGER, new SecurityManager()); - } else { - fComponents.put(SECURITY_MANAGER, null); - } fComponents.put(SYMBOL_TABLE, new SymbolTable()); // setup grammar pool @@ -241,15 +235,21 @@ addRecognizedParamsAndSetDefaults(fErrorReporter, grammarContainer); addRecognizedParamsAndSetDefaults(fSchemaValidator, grammarContainer); - // if the secure processing feature is set to true, add a security manager to the configuration - Boolean secureProcessing = grammarContainer.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING); - if (Boolean.TRUE.equals(secureProcessing)) { - fInitSecurityManager = new SecurityManager(); + boolean secureProcessing = grammarContainer.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING); + if (System.getSecurityManager() != null) { + _isSecureMode = true; + secureProcessing = true; } - else { - fInitSecurityManager = null; + + fInitSecurityManager = (XMLSecurityManager) + grammarContainer.getProperty(SECURITY_MANAGER); + if (fInitSecurityManager != null ) { + fInitSecurityManager.setSecureProcessing(secureProcessing); + } else { + fInitSecurityManager = new XMLSecurityManager(secureProcessing); } - fComponents.put(SECURITY_MANAGER, fInitSecurityManager); + + setProperty(SECURITY_MANAGER, fInitSecurityManager); //pass on properties set on SchemaFactory fSecurityPropertyMgr = (XMLSecurityPropertyManager) @@ -281,7 +281,7 @@ return FeatureState.is(fUseGrammarPoolOnly); } else if (XMLConstants.FEATURE_SECURE_PROCESSING.equals(featureId)) { - return FeatureState.is(getProperty(SECURITY_MANAGER) != null); + return FeatureState.is(fInitSecurityManager.isSecureProcessing()); } else if (SCHEMA_ELEMENT_DEFAULT.equals(featureId)) { return FeatureState.is(true); //pre-condition: VALIDATION and SCHEMA_VALIDATION are always true @@ -311,7 +311,9 @@ if (_isSecureMode && !value) { throw new XMLConfigurationException(Status.NOT_ALLOWED, XMLConstants.FEATURE_SECURE_PROCESSING); } - setProperty(SECURITY_MANAGER, value ? new SecurityManager() : null); + + fInitSecurityManager.setSecureProcessing(value); + setProperty(SECURITY_MANAGER, fInitSecurityManager); if (value && Constants.IS_JDK8_OR_ABOVE) { fSecurityPropertyMgr.setValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD, @@ -390,10 +392,19 @@ fComponents.put(propertyId, value); return; } - if (!fInitProperties.containsKey(propertyId)) { - fInitProperties.put(propertyId, super.getProperty(propertyId)); + //check if the property is managed by security manager + if (fInitSecurityManager == null || + !fInitSecurityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) { + //check if the property is managed by security property manager + if (fSecurityPropertyMgr == null || + !fSecurityPropertyMgr.setValue(propertyId, XMLSecurityPropertyManager.State.APIPROPERTY, value)) { + //fall back to the existing property manager + if (!fInitProperties.containsKey(propertyId)) { + fInitProperties.put(propertyId, super.getProperty(propertyId)); + } + super.setProperty(propertyId, value); + } } - super.setProperty(propertyId, value); } /**
--- a/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java Fri Oct 11 19:49:44 2013 +0100 @@ -20,18 +20,15 @@ package com.sun.org.apache.xerces.internal.parsers; -import java.io.IOException; -import java.util.Locale; - import com.sun.org.apache.xerces.internal.impl.Constants; -import com.sun.org.apache.xerces.internal.util.Status; -import com.sun.org.apache.xerces.internal.xs.PSVIProvider; +import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper; import com.sun.org.apache.xerces.internal.util.EntityResolverWrapper; -import com.sun.org.apache.xerces.internal.util.EntityResolver2Wrapper; import com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper; import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; +import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolHash; import com.sun.org.apache.xerces.internal.util.XMLSymbols; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; import com.sun.org.apache.xerces.internal.xni.QName; @@ -48,15 +45,17 @@ import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; import com.sun.org.apache.xerces.internal.xs.AttributePSVI; import com.sun.org.apache.xerces.internal.xs.ElementPSVI; +import com.sun.org.apache.xerces.internal.xs.PSVIProvider; +import java.io.IOException; +import java.util.Locale; +import javax.xml.XMLConstants; import org.xml.sax.AttributeList; -import org.xml.sax.Attributes; import org.xml.sax.ContentHandler; import org.xml.sax.DTDHandler; import org.xml.sax.DocumentHandler; import org.xml.sax.EntityResolver; import org.xml.sax.ErrorHandler; import org.xml.sax.InputSource; -import org.xml.sax.Locator; import org.xml.sax.Parser; import org.xml.sax.SAXException; import org.xml.sax.SAXNotRecognizedException; @@ -131,6 +130,10 @@ protected static final String DOM_NODE = Constants.SAX_PROPERTY_PREFIX + Constants.DOM_NODE_PROPERTY; + /** Property id: security manager. */ + private static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + /** Recognized properties. */ private static final String[] RECOGNIZED_PROPERTIES = { LEXICAL_HANDLER, @@ -1645,19 +1648,13 @@ // Drop through and perform default processing // } - - // - // Xerces Features - // - - /* - else if (featureId.startsWith(XERCES_FEATURES_PREFIX)) { - String feature = featureId.substring(XERCES_FEATURES_PREFIX.length()); - // - // Drop through and perform default processing - // + else if (featureId.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { + if (state) { + if (fConfiguration.getProperty(SECURITY_MANAGER )==null) { + fConfiguration.setProperty(SECURITY_MANAGER, new XMLSecurityManager()); + } + } } - */ // // Default handling
--- a/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/DOMParser.java Fri Oct 11 19:49:44 2013 +0100 @@ -29,6 +29,7 @@ import com.sun.org.apache.xerces.internal.util.SAXMessageFormatter; import com.sun.org.apache.xerces.internal.util.Status; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; @@ -531,7 +532,54 @@ */ public void setProperty(String propertyId, Object value) throws SAXNotRecognizedException, SAXNotSupportedException { + /** + * It's possible for users to set a security manager through the interface. + * If it's the old SecurityManager, convert it to the new XMLSecurityManager + */ + if (propertyId.equals(Constants.SECURITY_MANAGER)) { + securityManager = XMLSecurityManager.convert(value, securityManager); + setProperty0(Constants.SECURITY_MANAGER, securityManager); + return; + } + if (propertyId.equals(Constants.XML_SECURITY_PROPERTY_MANAGER)) { + if (value == null) { + securityPropertyManager = new XMLSecurityPropertyManager(); + } else { + securityPropertyManager = (XMLSecurityPropertyManager)value; + } + setProperty0(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); + return; + } + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + setProperty0(Constants.SECURITY_MANAGER, securityManager); + } + + if (securityPropertyManager == null) { + securityPropertyManager = new XMLSecurityPropertyManager(); + setProperty0(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); + } + int index = securityPropertyManager.getIndex(propertyId); + + if (index > -1) { + /** + * this is a direct call to this parser, not a subclass since + * internally the support of this property is done through + * XMLSecurityPropertyManager + */ + securityPropertyManager.setValue(index, XMLSecurityPropertyManager.State.APIPROPERTY, (String)value); + } else { + //check if the property is managed by security manager + if (!securityManager.setLimit(propertyId, XMLSecurityManager.State.APIPROPERTY, value)) { + //fall back to the default configuration to handle the property + setProperty0(propertyId, value); + } + } + } + + public void setProperty0(String propertyId, Object value) + throws SAXNotRecognizedException, SAXNotSupportedException { try { fConfiguration.setProperty(propertyId, value); }
--- a/src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/DTDConfiguration.java Fri Oct 11 19:49:44 2013 +0100 @@ -185,9 +185,12 @@ protected static final String LOCALE = Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY; - /** Property identifier: Security property manager. */ - protected static final String XML_SECURITY_PROPERTY_MANAGER = - Constants.XML_SECURITY_PROPERTY_MANAGER; + /** Property identifier: Security property manager. */ + protected static final String XML_SECURITY_PROPERTY_MANAGER = + Constants.XML_SECURITY_PROPERTY_MANAGER; + + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; // debugging @@ -334,6 +337,7 @@ JAXP_SCHEMA_SOURCE, JAXP_SCHEMA_LANGUAGE, LOCALE, + SECURITY_MANAGER, XML_SECURITY_PROPERTY_MANAGER }; addRecognizedProperties(recognizedProperties);
--- a/src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/NonValidatingConfiguration.java Fri Oct 11 19:49:44 2013 +0100 @@ -158,9 +158,12 @@ protected static final String LOCALE = Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY; - /** Property identifier: Security property manager. */ - protected static final String XML_SECURITY_PROPERTY_MANAGER = - Constants.XML_SECURITY_PROPERTY_MANAGER; + /** Property identifier: Security property manager. */ + protected static final String XML_SECURITY_PROPERTY_MANAGER = + Constants.XML_SECURITY_PROPERTY_MANAGER; + + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; // debugging @@ -316,6 +319,7 @@ DATATYPE_VALIDATOR_FACTORY, VALIDATION_MANAGER, LOCALE, + SECURITY_MANAGER, XML_SECURITY_PROPERTY_MANAGER }; addRecognizedProperties(recognizedProperties);
--- a/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java Fri Oct 11 19:49:44 2013 +0100 @@ -22,6 +22,7 @@ import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; @@ -76,7 +77,7 @@ XMLGRAMMAR_POOL, }; - XMLSecurityPropertyManager securityPropertyManager; + // // Constructors // @@ -130,11 +131,36 @@ */ public void setProperty(String name, Object value) throws SAXNotRecognizedException, SAXNotSupportedException { + /** + * It's possible for users to set a security manager through the interface. + * If it's the old SecurityManager, convert it to the new XMLSecurityManager + */ + if (name.equals(Constants.SECURITY_MANAGER)) { + securityManager = XMLSecurityManager.convert(value, securityManager); + super.setProperty(Constants.SECURITY_MANAGER, securityManager); + return; + } + if (name.equals(Constants.XML_SECURITY_PROPERTY_MANAGER)) { + if (value == null) { + securityPropertyManager = new XMLSecurityPropertyManager(); + } else { + securityPropertyManager = (XMLSecurityPropertyManager)value; + } + super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); + return; + } + + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + super.setProperty(Constants.SECURITY_MANAGER, securityManager); + } + if (securityPropertyManager == null) { securityPropertyManager = new XMLSecurityPropertyManager(); + super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); } + int index = securityPropertyManager.getIndex(name); - if (index > -1) { /** * this is a direct call to this parser, not a subclass since @@ -142,9 +168,12 @@ * XMLSecurityPropertyManager */ securityPropertyManager.setValue(index, XMLSecurityPropertyManager.State.APIPROPERTY, (String)value); - super.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); } else { - super.setProperty(name, value); + //check if the property is managed by security manager + if (!securityManager.setLimit(name, XMLSecurityManager.State.APIPROPERTY, value)) { + //fall back to the default configuration to handle the property + super.setProperty(name, value); + } } } } // class SAXParser
--- a/src/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java Fri Oct 11 19:49:44 2013 +0100 @@ -23,8 +23,8 @@ import com.sun.org.apache.xerces.internal.impl.Constants; import com.sun.org.apache.xerces.internal.xni.grammars.XMLGrammarPool; import com.sun.org.apache.xerces.internal.xni.parser.XMLComponentManager; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; /** * This configuration allows Xerces to behave in a security-conscious manner; that is, @@ -44,6 +44,7 @@ * * @author Neil Graham, IBM * + * @version $Id: SecurityConfiguration.java,v 1.6 2010-11-01 04:40:09 joehw Exp $ */ public class SecurityConfiguration extends XIncludeAwareParserConfiguration { @@ -107,7 +108,7 @@ super(symbolTable, grammarPool, parentSettings); // create the SecurityManager property: - setProperty(SECURITY_MANAGER_PROPERTY, new SecurityManager()); + setProperty(SECURITY_MANAGER_PROPERTY, new XMLSecurityManager(true)); } // <init>(SymbolTable,XMLGrammarPool) } // class SecurityConfiguration
--- a/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java Fri Oct 11 19:49:44 2013 +0100 @@ -52,6 +52,7 @@ import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings; import com.sun.org.apache.xerces.internal.util.PropertyState; import com.sun.org.apache.xerces.internal.util.SymbolTable; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler; import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler; @@ -279,6 +280,8 @@ private static final String XML_SECURITY_PROPERTY_MANAGER = Constants.XML_SECURITY_PROPERTY_MANAGER; + /** Property identifier: Security manager. */ + private static final String SECURITY_MANAGER = Constants.SECURITY_MANAGER; // debugging @@ -449,26 +452,26 @@ XMLGrammarPool grammarPool, XMLComponentManager parentSettings) { - super(parentSettings); + super(parentSettings); - // create a vector to hold all the components in use - // XML 1.0 specialized components - fComponents = new ArrayList(); - // XML 1.1 specialized components - fXML11Components = new ArrayList(); - // Common components for XML 1.1. and XML 1.0 - fCommonComponents = new ArrayList(); + // create a vector to hold all the components in use + // XML 1.0 specialized components + fComponents = new ArrayList(); + // XML 1.1 specialized components + fXML11Components = new ArrayList(); + // Common components for XML 1.1. and XML 1.0 + fCommonComponents = new ArrayList(); - // create table for features and properties - fFeatures = new HashMap(); - fProperties = new HashMap(); + // create table for features and properties + fFeatures = new HashMap(); + fProperties = new HashMap(); // add default recognized features final String[] recognizedFeatures = { CONTINUE_AFTER_FATAL_ERROR, LOAD_EXTERNAL_DTD, // from XMLDTDScannerImpl - VALIDATION, - NAMESPACES, + VALIDATION, + NAMESPACES, NORMALIZE_DATA, SCHEMA_ELEMENT_DEFAULT, SCHEMA_AUGMENT_PSVI, GENERATE_SYNTHETIC_ANNOTATIONS, VALIDATE_ANNOTATIONS, HONOUR_ALL_SCHEMALOCATIONS, NAMESPACE_GROWTH, @@ -479,47 +482,47 @@ // features might not have been set and it would cause a // not-recognized exception to be thrown. -Ac XMLSCHEMA_VALIDATION, XMLSCHEMA_FULL_CHECKING, - EXTERNAL_GENERAL_ENTITIES, - EXTERNAL_PARAMETER_ENTITIES, - PARSER_SETTINGS, - XMLConstants.FEATURE_SECURE_PROCESSING + EXTERNAL_GENERAL_ENTITIES, + EXTERNAL_PARAMETER_ENTITIES, + PARSER_SETTINGS, + XMLConstants.FEATURE_SECURE_PROCESSING }; addRecognizedFeatures(recognizedFeatures); - // set state for default features - fFeatures.put(VALIDATION, Boolean.FALSE); - fFeatures.put(NAMESPACES, Boolean.TRUE); - fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE); - fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE); - fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE); - fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE); - fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE); - fFeatures.put(NORMALIZE_DATA, Boolean.TRUE); - fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE); - fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE); - fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE); - fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE); - fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE); - fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE); - fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE); - fFeatures.put(PARSER_SETTINGS, Boolean.TRUE); - fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + // set state for default features + fFeatures.put(VALIDATION, Boolean.FALSE); + fFeatures.put(NAMESPACES, Boolean.TRUE); + fFeatures.put(EXTERNAL_GENERAL_ENTITIES, Boolean.TRUE); + fFeatures.put(EXTERNAL_PARAMETER_ENTITIES, Boolean.TRUE); + fFeatures.put(CONTINUE_AFTER_FATAL_ERROR, Boolean.FALSE); + fFeatures.put(LOAD_EXTERNAL_DTD, Boolean.TRUE); + fFeatures.put(SCHEMA_ELEMENT_DEFAULT, Boolean.TRUE); + fFeatures.put(NORMALIZE_DATA, Boolean.TRUE); + fFeatures.put(SCHEMA_AUGMENT_PSVI, Boolean.TRUE); + fFeatures.put(GENERATE_SYNTHETIC_ANNOTATIONS, Boolean.FALSE); + fFeatures.put(VALIDATE_ANNOTATIONS, Boolean.FALSE); + fFeatures.put(HONOUR_ALL_SCHEMALOCATIONS, Boolean.FALSE); + fFeatures.put(NAMESPACE_GROWTH, Boolean.FALSE); + fFeatures.put(TOLERATE_DUPLICATES, Boolean.FALSE); + fFeatures.put(USE_GRAMMAR_POOL_ONLY, Boolean.FALSE); + fFeatures.put(PARSER_SETTINGS, Boolean.TRUE); + fFeatures.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); // add default recognized properties final String[] recognizedProperties = { - SYMBOL_TABLE, - ERROR_HANDLER, - ENTITY_RESOLVER, + SYMBOL_TABLE, + ERROR_HANDLER, + ENTITY_RESOLVER, ERROR_REPORTER, ENTITY_MANAGER, DOCUMENT_SCANNER, DTD_SCANNER, DTD_PROCESSOR, DTD_VALIDATOR, - DATATYPE_VALIDATOR_FACTORY, - VALIDATION_MANAGER, - SCHEMA_VALIDATOR, - XML_STRING, + DATATYPE_VALIDATOR_FACTORY, + VALIDATION_MANAGER, + SCHEMA_VALIDATOR, + XML_STRING, XMLGRAMMAR_POOL, JAXP_SCHEMA_SOURCE, JAXP_SCHEMA_LANGUAGE, @@ -531,19 +534,20 @@ SCHEMA_NONS_LOCATION, LOCALE, SCHEMA_DV_FACTORY, + SECURITY_MANAGER, XML_SECURITY_PROPERTY_MANAGER }; addRecognizedProperties(recognizedProperties); - if (symbolTable == null) { - symbolTable = new SymbolTable(); - } - fSymbolTable = symbolTable; - fProperties.put(SYMBOL_TABLE, fSymbolTable); + if (symbolTable == null) { + symbolTable = new SymbolTable(); + } + fSymbolTable = symbolTable; + fProperties.put(SYMBOL_TABLE, fSymbolTable); fGrammarPool = grammarPool; if (fGrammarPool != null) { - fProperties.put(XMLGRAMMAR_POOL, fGrammarPool); + fProperties.put(XMLGRAMMAR_POOL, fGrammarPool); } fEntityManager = new XMLEntityManager(); @@ -579,8 +583,6 @@ fVersionDetector = new XMLVersionDetector(); - fProperties.put(XML_SECURITY_PROPERTY_MANAGER, new XMLSecurityPropertyManager()); - // add message formatters if (fErrorReporter.getMessageFormatter(XMLMessageFormatter.XML_DOMAIN) == null) { XMLMessageFormatter xmft = new XMLMessageFormatter();
--- a/src/com/sun/org/apache/xerces/internal/parsers/XMLParser.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/parsers/XMLParser.java Fri Oct 11 19:49:44 2013 +0100 @@ -23,6 +23,8 @@ import java.io.IOException; import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager; import com.sun.org.apache.xerces.internal.xni.XNIException; import com.sun.org.apache.xerces.internal.xni.parser.XMLInputSource; import com.sun.org.apache.xerces.internal.xni.parser.XMLParserConfiguration; @@ -78,6 +80,13 @@ /** The parser configuration. */ protected XMLParserConfiguration fConfiguration; + /** The XML Security Manager. */ + XMLSecurityManager securityManager; + + /** The XML Security Property Manager. */ + XMLSecurityPropertyManager securityPropertyManager; + + // // Constructors // @@ -118,6 +127,15 @@ */ public void parse(XMLInputSource inputSource) throws XNIException, IOException { + // null indicates that the parser is called directly, initialize them + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + fConfiguration.setProperty(Constants.SECURITY_MANAGER, securityManager); + } + if (securityPropertyManager == null) { + securityPropertyManager = new XMLSecurityPropertyManager(); + fConfiguration.setProperty(Constants.XML_SECURITY_PROPERTY_MANAGER, securityPropertyManager); + } reset(); fConfiguration.parse(inputSource);
--- a/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/util/SecurityManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -61,8 +61,6 @@ package com.sun.org.apache.xerces.internal.util; import com.sun.org.apache.xerces.internal.impl.Constants; -import java.security.AccessController; -import java.security.PrivilegedAction; /** * This class is a container for parser settings that relate to * security, or more specifically, it is intended to be used to prevent denial-of-service @@ -79,7 +77,6 @@ * * @author Neil Graham, IBM * - * @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $ */ public final class SecurityManager { @@ -179,48 +176,40 @@ private void readSystemProperties(){ - //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT - try { - String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT); - if(value != null && !value.equals("")){ - entityExpansionLimit = Integer.parseInt(value); - if (entityExpansionLimit < 0) - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - } - else - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - }catch(Exception ex){} + try { + String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT); + if(value != null && !value.equals("")){ + entityExpansionLimit = Integer.parseInt(value); + if (entityExpansionLimit < 0) + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + } + else + entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + }catch(Exception ex){} - try { - String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT); - if(value != null && !value.equals("")){ - maxOccurLimit = Integer.parseInt(value); - if (maxOccurLimit < 0) - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - } - else - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; - }catch(Exception ex){} + try { + String value = System.getProperty(Constants.MAX_OCCUR_LIMIT); + if(value != null && !value.equals("")){ + maxOccurLimit = Integer.parseInt(value); + if (maxOccurLimit < 0) + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + } + else + maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + }catch(Exception ex){} - try { - String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); - if(value != null && !value.equals("")){ - fElementAttributeLimit = Integer.parseInt(value); - if ( fElementAttributeLimit < 0) - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; - } - else - fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + try { + String value = System.getProperty(Constants.ELEMENT_ATTRIBUTE_LIMIT); + if(value != null && !value.equals("")){ + fElementAttributeLimit = Integer.parseInt(value); + if ( fElementAttributeLimit < 0) + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + } + else + fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; }catch(Exception ex){} } - private String getSystemProperty(final String propName) { - return AccessController.doPrivileged(new PrivilegedAction<String>() { - public String run() { - return System.getProperty(propName); - } - }); - } } // class SecurityManager
--- a/src/com/sun/org/apache/xerces/internal/util/SymbolTable.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/util/SymbolTable.java Fri Oct 11 19:49:44 2013 +0100 @@ -173,7 +173,7 @@ for (int i = 0; i < length; i++) { code = code * 37 + symbol.charAt(i); } - return code & 0x7FFFFFF; + return code & 0x7FFFFFFF; } // hash(String):int @@ -194,7 +194,7 @@ for (int i = 0; i < length; i++) { code = code * 37 + buffer[offset + i]; } - return code & 0x7FFFFFF; + return code & 0x7FFFFFFF; } // hash(char[],int,int):int
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Fri Oct 11 19:49:44 2013 +0100 @@ -0,0 +1,239 @@ +/* + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. + * + * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. + * + * The contents of this file are subject to the terms of either the GNU + * General Public License Version 2 only ("GPL") or the Common Development + * and Distribution License("CDDL") (collectively, the "License"). You + * may not use this file except in compliance with the License. You can + * obtain a copy of the License at + * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html + * or packager/legal/LICENSE.txt. See the License for the specific + * language governing permissions and limitations under the License. + * + * When distributing the software, include this License Header Notice in each + * file and include the License file at packager/legal/LICENSE.txt. + * + * GPL Classpath Exception: + * Oracle designates this particular file as subject to the "Classpath" + * exception as provided by Oracle in the GPL Version 2 section of the License + * file that accompanied this code. + * + * Modifications: + * If applicable, add the following below the License Header, with the fields + * enclosed by brackets [] replaced by your own identifying information: + * "Portions Copyright [year] [name of copyright owner]" + * + * Contributor(s): + * If you wish your version of this file to be governed by only the CDDL or + * only the GPL Version 2, indicate your decision by adding "[Contributor] + * elects to include this software in this distribution under the [CDDL or GPL + * Version 2] license." If you don't indicate a single choice of license, a + * recipient has the option to distribute your version of this file under + * either the CDDL, the GPL Version 2 or to extend the choice of license to + * its licensees as provided above. However, if you add GPL Version 2 code + * and therefore, elected the GPL Version 2 license, then the option applies + * only if the new code is made subject to such option by the copyright + * holder. + */ +package com.sun.org.apache.xerces.internal.utils; + +import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit; +import java.util.Formatter; +import java.util.HashMap; +import java.util.Map; + +/** + * A helper for analyzing entity expansion limits + * + * @author Joe Wang Oracle Corp. + * + */ +public final class XMLLimitAnalyzer { + + /** + * Map old property names with the new ones + */ + public static enum NameMap { + ENTITY_EXPANSION_LIMIT(Constants.SP_ENTITY_EXPANSION_LIMIT, Constants.ENTITY_EXPANSION_LIMIT), + MAX_OCCUR_NODE_LIMIT(Constants.SP_MAX_OCCUR_LIMIT, Constants.MAX_OCCUR_LIMIT), + ELEMENT_ATTRIBUTE_LIMIT(Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, Constants.ELEMENT_ATTRIBUTE_LIMIT); + + final String newName; + final String oldName; + + NameMap(String newName, String oldName) { + this.newName = newName; + this.oldName = oldName; + } + + String getOldName(String newName) { + if (newName.equals(this.newName)) { + return oldName; + } + return null; + } + } + + private XMLSecurityManager securityManager; + /** + * Max value accumulated for each property + */ + private final int[] values; + /** + * Names of the entities corresponding to their max values + */ + private final String[] names; + /** + * Total value of accumulated entities + */ + private final int[] totalValue; + + /** + * Maintain values of the top 10 elements in the process of parsing + */ + private final Map[] caches; + + private String entityStart, entityEnd; + /** + * Default constructor. Establishes default values for known security + * vulnerabilities. + */ + public XMLLimitAnalyzer(XMLSecurityManager securityManager) { + this.securityManager = securityManager; + values = new int[Limit.values().length]; + totalValue = new int[Limit.values().length]; + names = new String[Limit.values().length]; + caches = new Map[Limit.values().length]; + } + + /** + * Add the value to the current max count for the specified property + * To find the max value of all entities, set no limit + * + * @param limit the type of the property + * @param entityName the name of the entity + * @param value the value of the entity + */ + public void addValue(Limit limit, String entityName, int value) { + addValue(limit.ordinal(), entityName, value); + } + + /** + * Add the value to the current count by the index of the property + * @param index the index of the property + * @param entityName the name of the entity + * @param value the value of the entity + */ + public void addValue(int index, String entityName, int value) { + if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() || + index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() || + index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) { + totalValue[index] += value; + return; + } + + Map<String, Integer> cache; + if (caches[index] == null) { + cache = new HashMap<String, Integer>(10); + caches[index] = cache; + } else { + cache = caches[index]; + } + + int accumulatedValue = value; + if (cache.containsKey(entityName)) { + accumulatedValue += cache.get(entityName).intValue(); + cache.put(entityName, Integer.valueOf(accumulatedValue)); + } else { + cache.put(entityName, Integer.valueOf(value)); + } + + if (accumulatedValue > values[index]) { + values[index] = accumulatedValue; + names[index] = entityName; + } + + + if (index == Limit.GENEAL_ENTITY_SIZE_LIMIT.ordinal() || + index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) { + totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value; + } + } + + /** + * Return the value of the current max count for the specified property + * + * @param limit the property + * @return the value of the property + */ + public int getValue(Limit limit) { + return values[limit.ordinal()]; + } + + public int getValue(int index) { + return values[index]; + } + /** + * Return the total value accumulated so far + * + * @param limit the property + * @return the accumulated value of the property + */ + public int getTotalValue(Limit limit) { + return totalValue[limit.ordinal()]; + } + + public int getTotalValue(int index) { + return totalValue[index]; + } + /** + * Return the current max value (count or length) by the index of a property + * @param index the index of a property + * @return count of a property + */ + public int getValueByIndex(int index) { + return values[index]; + } + + public void startEntity(String name) { + entityStart = name; + } + + public boolean isTracking(String name) { + if (entityStart == null) { + return false; + } + return entityStart.equals(name); + } + /** + * Stop tracking the entity + * @param limit the limit property + * @param name the name of an entity + */ + public void endEntity(Limit limit, String name) { + entityStart = ""; + Map<String, Integer> cache = caches[limit.ordinal()]; + if (cache != null) { + cache.remove(name); + } + } + + public void debugPrint() { + Formatter formatter = new Formatter(); + System.out.println(formatter.format("%30s %15s %15s %15s %30s", + "Property","Limit","Total size","Size","Entity Name")); + + for (Limit limit : Limit.values()) { + formatter = new Formatter(); + System.out.println(formatter.format("%30s %15d %15d %15d %30s", + limit.name(), + securityManager.getLimit(limit), + totalValue[limit.ordinal()], + values[limit.ordinal()], + names[limit.ordinal()])); + } + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -0,0 +1,555 @@ +/* + * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package com.sun.org.apache.xerces.internal.utils; + +import com.sun.org.apache.xerces.internal.impl.Constants; +import com.sun.org.apache.xerces.internal.util.SecurityManager; + +/** + * This class manages standard and implementation-specific limitations. + * + */ +public final class XMLSecurityManager { + + /** + * States of the settings of a property, in the order: default value, value + * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system + * properties, and jaxp api properties + */ + public static enum State { + //this order reflects the overriding order + + DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"), + JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"), + APIPROPERTY("property"); + + final String literal; + State(String literal) { + this.literal = literal; + } + + String literal() { + return literal; + } + } + + /** + * Limits managed by the security manager + */ + public static enum Limit { + + ENTITY_EXPANSION_LIMIT(Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), + MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), + ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), + TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), + GENEAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), + PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); + + final String apiProperty; + final String systemProperty; + final int defaultValue; + final int secureValue; + + Limit(String apiProperty, String systemProperty, int value, int secureValue) { + this.apiProperty = apiProperty; + this.systemProperty = systemProperty; + this.defaultValue = value; + this.secureValue = secureValue; + } + + public boolean equalsAPIPropertyName(String propertyName) { + return (propertyName == null) ? false : apiProperty.equals(propertyName); + } + + public boolean equalsSystemPropertyName(String propertyName) { + return (propertyName == null) ? false : systemProperty.equals(propertyName); + } + + public String apiProperty() { + return apiProperty; + } + + String systemProperty() { + return systemProperty; + } + + int defaultValue() { + return defaultValue; + } + + int secureValue() { + return secureValue; + } + } + + /** + * Map old property names with the new ones + */ + public static enum NameMap { + + ENTITY_EXPANSION_LIMIT(Constants.SP_ENTITY_EXPANSION_LIMIT, Constants.ENTITY_EXPANSION_LIMIT), + MAX_OCCUR_NODE_LIMIT(Constants.SP_MAX_OCCUR_LIMIT, Constants.MAX_OCCUR_LIMIT), + ELEMENT_ATTRIBUTE_LIMIT(Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, Constants.ELEMENT_ATTRIBUTE_LIMIT); + final String newName; + final String oldName; + + NameMap(String newName, String oldName) { + this.newName = newName; + this.oldName = oldName; + } + + String getOldName(String newName) { + if (newName.equals(this.newName)) { + return oldName; + } + return null; + } + } + private static final int NO_LIMIT = 0; + /** + * Values of the properties + */ + private final int[] values; + /** + * States of the settings for each property + */ + private State[] states; + /** + * Flag indicating if secure processing is set + */ + boolean secureProcessing; + + /** + * States that determine if properties are set explicitly + */ + private boolean[] isSet; + + + private XMLLimitAnalyzer limitAnalyzer; + /** + * Index of the special entityCountInfo property + */ + private int indexEntityCountInfo = 10000; + private String printEntityCountInfo = ""; + + /** + * Default constructor. Establishes default values for known security + * vulnerabilities. + */ + public XMLSecurityManager() { + this(false); + } + + /** + * Instantiate Security Manager in accordance with the status of + * secure processing + * @param secureProcessing + */ + public XMLSecurityManager(boolean secureProcessing) { + limitAnalyzer = new XMLLimitAnalyzer(this); + values = new int[Limit.values().length]; + states = new State[Limit.values().length]; + isSet = new boolean[Limit.values().length]; + this.secureProcessing = secureProcessing; + for (Limit limit : Limit.values()) { + if (secureProcessing) { + values[limit.ordinal()] = limit.secureValue; + states[limit.ordinal()] = State.FSP; + } else { + values[limit.ordinal()] = limit.defaultValue(); + states[limit.ordinal()] = State.DEFAULT; + } + } + //read system properties or jaxp.properties + readSystemProperties(); + } + + /** + * Setting FEATURE_SECURE_PROCESSING explicitly + */ + public void setSecureProcessing(boolean secure) { + secureProcessing = secure; + for (Limit limit : Limit.values()) { + if (secure) { + setLimit(limit.ordinal(), State.FSP, limit.secureValue()); + } else { + setLimit(limit.ordinal(), State.FSP, limit.defaultValue()); + } + } + } + + /** + * Return the state of secure processing + * @return the state of secure processing + */ + public boolean isSecureProcessing() { + return secureProcessing; + } + + + /** + * Set limit by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security manager; false + * if otherwise. + */ + public boolean setLimit(String propertyName, State state, Object value) { + int index = getIndex(propertyName); + if (index > -1) { + setLimit(index, state, value); + return true; + } + return false; + } + + /** + * Set the value for a specific limit. + * + * @param limit the limit + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(Limit limit, State state, int value) { + setLimit(limit.ordinal(), state, value); + } + + /** + * Set the value of a property by its index + * + * @param index the index of the property + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(int index, State state, Object value) { + if (index == indexEntityCountInfo) { + printEntityCountInfo = (String)value; + } else { + int temp = 0; + try { + temp = Integer.parseInt((String) value); + if (temp < 0) { + temp = 0; + } + } catch (NumberFormatException e) {} + setLimit(index, state, temp); + } + } + + /** + * Set the value of a property by its index + * + * @param index the index of the property + * @param state the state of the property + * @param value the value of the property + */ + public void setLimit(int index, State state, int value) { + if (index == indexEntityCountInfo) { + //if it's explicitly set, it's treated as yes no matter the value + printEntityCountInfo = Constants.JDK_YES; + } else { + //only update if it shall override + if (state.compareTo(states[index]) >= 0) { + values[index] = value; + states[index] = state; + isSet[index] = true; + } + } + } + + /** + * Return the value of the specified property + * + * @param propertyName the property name + * @return the value of the property as a string. If a property is managed + * by this manager, its value shall not be null. + */ + public String getLimitAsString(String propertyName) { + int index = getIndex(propertyName); + if (index > -1) { + return getLimitValueByIndex(index); + } + + return null; + } + /** + * Return the value of the specified property + * + * @param limit the property + * @return the value of the property + */ + public int getLimit(Limit limit) { + return values[limit.ordinal()]; + } + + /** + * Return the value of a property by its ordinal + * + * @param limit the property + * @return value of a property + */ + public String getLimitValueAsString(Limit limit) { + return Integer.toString(values[limit.ordinal()]); + } + + /** + * Return the value of a property by its ordinal + * + * @param index the index of a property + * @return limit of a property as a string + */ + public String getLimitValueByIndex(int index) { + if (index == indexEntityCountInfo) { + return printEntityCountInfo; + } + + return Integer.toString(values[index]); + } + + /** + * Return the state of the limit property + * + * @param limit the limit + * @return the state of the limit property + */ + public State getState(Limit limit) { + return states[limit.ordinal()]; + } + + /** + * Return the state of the limit property + * + * @param limit the limit + * @return the state of the limit property + */ + public String getStateLiteral(Limit limit) { + return states[limit.ordinal()].literal(); + } + + /** + * Get the index by property name + * + * @param propertyName property name + * @return the index of the property if found; return -1 if not + */ + public int getIndex(String propertyName) { + for (Limit limit : Limit.values()) { + if (limit.equalsAPIPropertyName(propertyName)) { + //internally, ordinal is used as index + return limit.ordinal(); + } + } + //special property to return entity count info + if (propertyName.equals(Constants.JDK_ENTITY_COUNT_INFO)) { + return indexEntityCountInfo; + } + return -1; + } + + /** + * Check if there's no limit defined by the Security Manager + * @param limit + * @return + */ + public boolean isNoLimit(int limit) { + return limit==NO_LIMIT; + } + /** + * Check if the size (length or count) of the specified limit property is + * over the limit + * + * @param limit the type of the limit property + * @param entityName the name of the entity + * @param size the size (count or length) of the entity + * @return true if the size is over the limit, false otherwise + */ + public boolean isOverLimit(Limit limit, String entityName, int size) { + return isOverLimit(limit.ordinal(), entityName, size); + } + + /** + * Check if the value (length or count) of the specified limit property is + * over the limit + * + * @param index the index of the limit property + * @param entityName the name of the entity + * @param size the size (count or length) of the entity + * @return true if the size is over the limit, false otherwise + */ + public boolean isOverLimit(int index, String entityName, int size) { + if (values[index] == NO_LIMIT) { + return false; + } + if (size > values[index]) { + limitAnalyzer.addValue(index, entityName, size); + return true; + } + return false; + } + + /** + * Check against cumulated value + * + * @param limit the type of the limit property + * @param size the size (count or length) of the entity + * @return true if the size is over the limit, false otherwise + */ + public boolean isOverLimit(Limit limit) { + return isOverLimit(limit.ordinal()); + } + + public boolean isOverLimit(int index) { + if (values[index] == NO_LIMIT) { + return false; + } + + if (index==Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() || + index==Limit.ENTITY_EXPANSION_LIMIT.ordinal() || + index==Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) { + return (limitAnalyzer.getTotalValue(index) > values[index]); + } else { + return (limitAnalyzer.getValue(index) > values[index]); + } + } + + public void debugPrint() { + if (printEntityCountInfo.equals(Constants.JDK_YES)) { + limitAnalyzer.debugPrint(); + } + } + + /** + * Return the limit analyzer + * + * @return the limit analyzer + */ + public XMLLimitAnalyzer getLimitAnalyzer() { + return limitAnalyzer; + } + + /** + * Set limit analyzer + * + * @param analyzer a limit analyzer + */ + public void setLimitAnalyzer(XMLLimitAnalyzer analyzer) { + limitAnalyzer = analyzer; + } + + /** + * Indicate if a property is set explicitly + * @param index + * @return + */ + public boolean isSet(int index) { + return isSet[index]; + } + + public boolean printEntityCountInfo() { + return printEntityCountInfo.equals(Constants.JDK_YES); + } + + /** + * Read from system properties, or those in jaxp.properties + */ + private void readSystemProperties() { + + for (Limit limit : Limit.values()) { + if (!getSystemProperty(limit, limit.systemProperty())) { + //if system property is not found, try the older form if any + for (NameMap nameMap : NameMap.values()) { + String oldName = nameMap.getOldName(limit.systemProperty()); + if (oldName != null) { + getSystemProperty(limit, oldName); + } + } + } + } + + } + + /** + * Read from system properties, or those in jaxp.properties + * + * @param property the type of the property + * @param sysPropertyName the name of system property + */ + private boolean getSystemProperty(Limit limit, String sysPropertyName) { + try { + String value = SecuritySupport.getSystemProperty(sysPropertyName); + if (value != null && !value.equals("")) { + values[limit.ordinal()] = Integer.parseInt(value); + states[limit.ordinal()] = State.SYSTEMPROPERTY; + return true; + } + + value = SecuritySupport.readJAXPProperty(sysPropertyName); + if (value != null && !value.equals("")) { + values[limit.ordinal()] = Integer.parseInt(value); + states[limit.ordinal()] = State.JAXPDOTPROPERTIES; + return true; + } + } catch (NumberFormatException e) { + //invalid setting + throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty()); + } + return false; + } + + + /** + * Convert a value set through setProperty to XMLSecurityManager. + * If the value is an instance of XMLSecurityManager, use it to override the default; + * If the value is an old SecurityManager, convert to the new XMLSecurityManager. + * + * @param value user specified security manager + * @param securityManager an instance of XMLSecurityManager + * @return an instance of the new security manager XMLSecurityManager + */ + static public XMLSecurityManager convert(Object value, XMLSecurityManager securityManager) { + if (value == null) { + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + } + return securityManager; + } + if (XMLSecurityManager.class.isAssignableFrom(value.getClass())) { + return (XMLSecurityManager)value; + } else { + if (securityManager == null) { + securityManager = new XMLSecurityManager(true); + } + if (SecurityManager.class.isAssignableFrom(value.getClass())) { + SecurityManager origSM = (SecurityManager)value; + securityManager.setLimit(Limit.MAX_OCCUR_NODE_LIMIT, State.APIPROPERTY, origSM.getMaxOccurNodeLimit()); + securityManager.setLimit(Limit.ENTITY_EXPANSION_LIMIT, State.APIPROPERTY, origSM.getEntityExpansionLimit()); + securityManager.setLimit(Limit.ELEMENT_ATTRIBUTE_LIMIT, State.APIPROPERTY, origSM.getElementAttrLimit()); + } + return securityManager; + } + } +}
--- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityPropertyManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -91,6 +91,24 @@ readSystemProperties(); } + + /** + * Set limit by property name and state + * @param propertyName property name + * @param state the state of the property + * @param value the value of the property + * @return true if the property is managed by the security property manager; + * false if otherwise. + */ + public boolean setValue(String propertyName, State state, Object value) { + int index = getIndex(propertyName); + if (index > -1) { + setValue(index, state, (String)value); + return true; + } + return false; + } + /** * Set the value for a specific property. * @@ -119,6 +137,23 @@ states[index] = state; } } + + + /** + * Return the value of the specified property + * + * @param propertyName the property name + * @return the value of the property as a string + */ + public String getValue(String propertyName) { + int index = getIndex(propertyName); + if (index > -1) { + return getValueByIndex(index); + } + + return null; + } + /** * Return the value of the specified property *
--- a/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java Fri Oct 11 19:49:44 2013 +0100 @@ -37,7 +37,6 @@ import com.sun.org.apache.xerces.internal.util.HTTPInputSource; import com.sun.org.apache.xerces.internal.util.IntStack; import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings; -import com.sun.org.apache.xerces.internal.util.SecurityManager; import com.sun.org.apache.xerces.internal.util.SymbolTable; import com.sun.org.apache.xerces.internal.util.URI; import com.sun.org.apache.xerces.internal.util.XMLAttributesImpl; @@ -45,6 +44,7 @@ import com.sun.org.apache.xerces.internal.util.XMLChar; import com.sun.org.apache.xerces.internal.util.XMLSymbols; import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException; +import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; import com.sun.org.apache.xerces.internal.xni.Augmentations; import com.sun.org.apache.xerces.internal.xni.NamespaceContext; import com.sun.org.apache.xerces.internal.xni.QName; @@ -289,7 +289,7 @@ protected SymbolTable fSymbolTable; protected XMLErrorReporter fErrorReporter; protected XMLEntityResolver fEntityResolver; - protected SecurityManager fSecurityManager; + protected XMLSecurityManager fSecurityManager; protected XMLSecurityPropertyManager fSecurityPropertyMgr; // these are needed for text include processing @@ -517,8 +517,8 @@ // Get security manager. try { - SecurityManager value = - (SecurityManager)componentManager.getProperty( + XMLSecurityManager value = + (XMLSecurityManager)componentManager.getProperty( SECURITY_MANAGER); if (value != null) { @@ -674,7 +674,7 @@ return; } if (propertyId.equals(SECURITY_MANAGER)) { - fSecurityManager = (SecurityManager)value; + fSecurityManager = (XMLSecurityManager)value; if (fChildConfig != null) { fChildConfig.setProperty(propertyId, value); }
--- a/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java Fri Oct 11 19:49:44 2013 +0100 @@ -25,12 +25,15 @@ import com.sun.org.apache.xalan.internal.XalanConstants; import com.sun.org.apache.xalan.internal.utils.FactoryImpl; import com.sun.org.apache.xalan.internal.utils.SecuritySupport; +import com.sun.org.apache.xalan.internal.utils.XMLSecurityManager; import java.util.HashMap; + import javax.xml.XMLConstants; import javax.xml.parsers.FactoryConfigurationError; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; import org.xml.sax.XMLReader; import org.xml.sax.helpers.XMLReaderFactory; @@ -63,11 +66,15 @@ private HashMap m_inUse; private boolean m_useServicesMechanism = true; + + private boolean _secureProcessing; /** * protocols allowed for external DTD references in source file and/or stylesheet. */ private String _accessExternalDTD = XalanConstants.EXTERNAL_ACCESS_DEFAULT; + private XMLSecurityManager _xmlSecurityManager; + /** * Hidden constructor */ @@ -118,7 +125,12 @@ // TransformerFactory creates a reader via the // XMLReaderFactory if setXMLReader is not used reader = XMLReaderFactory.createXMLReader(); - + try { + reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, _secureProcessing); + } catch (SAXNotRecognizedException e) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + e.getMessage()); + } } catch (Exception e) { try { // If unable to create an instance, let's try to use @@ -164,6 +176,21 @@ + se.getMessage()); } + try { + if (_xmlSecurityManager != null) { + for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) { + reader.setProperty(limit.apiProperty(), + _xmlSecurityManager.getLimitValueAsString(limit)); + } + if (_xmlSecurityManager.printEntityCountInfo()) { + reader.setProperty(XalanConstants.JDK_ENTITY_COUNT_INFO, XalanConstants.JDK_YES); + } + } + } catch (SAXException se) { + System.err.println("Warning: " + reader.getClass().getName() + ": " + + se.getMessage()); + } + return reader; } @@ -195,11 +222,22 @@ } /** + * Set feature + */ + public void setFeature(String name, boolean value) { + if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) { + _secureProcessing = value; + } + } + + /** * Get property value */ - public String getProperty(String name) { + public Object getProperty(String name) { if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) { return _accessExternalDTD; + } else if (name.equals(XalanConstants.SECURITY_MANAGER)) { + return _xmlSecurityManager; } return null; } @@ -207,9 +245,11 @@ /** * Set property. */ - public void setProperty(String name, String value) { + public void setProperty(String name, Object value) { if (name.equals(XMLConstants.ACCESS_EXTERNAL_DTD)) { _accessExternalDTD = (String)value; + } else if (name.equals(XalanConstants.SECURITY_MANAGER)) { + _xmlSecurityManager = (XMLSecurityManager)value; } } }
--- a/src/javax/xml/stream/FactoryFinder.java Thu Oct 10 21:22:52 2013 -0700 +++ b/src/javax/xml/stream/FactoryFinder.java Fri Oct 11 19:49:44 2013 +0100 @@ -253,7 +253,13 @@ // Use the system property first try { - String systemProp = ss.getSystemProperty(factoryId); + + final String systemProp; + if (type.getName().equals(factoryId)) { + systemProp = ss.getSystemProperty(factoryId); + } else { + systemProp = System.getProperty(factoryId); + } if (systemProp != null) { dPrint("found system property, value=" + systemProp); // There's a bug here - because 'cl' is ignored. @@ -262,7 +268,8 @@ } } catch (SecurityException se) { - if (debug) se.printStackTrace(); + throw new FactoryConfigurationError( + "Failed to read factoryId '" + factoryId + "'", se); } // Try read $java.home/lib/stax.properties followed by