accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [1/6] accumulo git commit: ACCUMULO-4534 Disable external entities in SAX parser
Date Sun, 11 Dec 2016 21:56:18 GMT
Repository: accumulo
Updated Branches:
  refs/heads/1.7 47b57f730 -> 3bd701b88
  refs/heads/1.8 037c1384a -> 5a11a021f
  refs/heads/master 3dc9b373d -> 315ccd921


ACCUMULO-4534 Disable external entities in SAX parser

Closes apache/accumulo#192


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/3bd701b8
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/3bd701b8
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/3bd701b8

Branch: refs/heads/1.7
Commit: 3bd701b883492f06766631af30e7b08f14d3454c
Parents: 47b57f7
Author: Josh Elser <elserj@apache.org>
Authored: Thu Dec 8 22:44:09 2016 -0500
Committer: Josh Elser <elserj@apache.org>
Committed: Sun Dec 11 16:15:39 2016 -0500

----------------------------------------------------------------------
 .../java/org/apache/accumulo/server/util/RestoreZookeeper.java    | 3 +++
 1 file changed, 3 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/3bd701b8/server/base/src/main/java/org/apache/accumulo/server/util/RestoreZookeeper.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/util/RestoreZookeeper.java
b/server/base/src/main/java/org/apache/accumulo/server/util/RestoreZookeeper.java
index 8da1ce9..b30ccfb 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/util/RestoreZookeeper.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/util/RestoreZookeeper.java
@@ -118,6 +118,9 @@ public class RestoreZookeeper {
     }
 
     SAXParserFactory factory = SAXParserFactory.newInstance();
+    // Prevent external entities by failing on any doctypes. We don't expect any doctypes,
so this
+    // is a simple switch to remove any chance of external entities causing problems.
+    factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
     SAXParser parser = factory.newSAXParser();
     parser.parse(in, new Restore(ZooReaderWriter.getInstance(), opts.overwrite));
     in.close();


Mime
View raw message