From commits-return-62494-archive-asf-public=cust-asf.ponee.io@camel.apache.org Mon Apr 16 10:58:48 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 7954518077A for ; Mon, 16 Apr 2018 10:58:47 +0200 (CEST) Received: (qmail 81415 invoked by uid 500); 16 Apr 2018 08:58:46 -0000 Mailing-List: contact commits-help@camel.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@camel.apache.org Delivered-To: mailing list commits@camel.apache.org Received: (qmail 81393 invoked by uid 99); 16 Apr 2018 08:58:46 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Apr 2018 08:58:46 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id C513A8092C; Mon, 16 Apr 2018 08:58:45 +0000 (UTC) Date: Mon, 16 Apr 2018 08:58:46 +0000 To: "commits@camel.apache.org" Subject: [camel] 01/02: CAMEL-12444: Improved DTD handling in validator component. MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: davsclaus@apache.org In-Reply-To: <152386912537.32006.9419058847084567612@gitbox.apache.org> References: <152386912537.32006.9419058847084567612@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: camel X-Git-Refname: refs/heads/camel-2.21.x X-Git-Reftype: branch X-Git-Rev: 24eefa559fe6b310629d2bf00663d2679ec81b96 X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20180416085845.C513A8092C@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch camel-2.21.x in repository https://gitbox.apache.org/repos/asf/camel.git commit 24eefa559fe6b310629d2bf00663d2679ec81b96 Author: Claus Ibsen AuthorDate: Mon Apr 16 10:55:24 2018 +0200 CAMEL-12444: Improved DTD handling in validator component. --- .../org/apache/camel/processor/validation/SchemaReader.java | 1 + .../camel/processor/validation/ValidatingProcessor.java | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/camel-core/src/main/java/org/apache/camel/processor/validation/SchemaReader.java b/camel-core/src/main/java/org/apache/camel/processor/validation/SchemaReader.java index ac42cc9..c77aea0 100644 --- a/camel-core/src/main/java/org/apache/camel/processor/validation/SchemaReader.java +++ b/camel-core/src/main/java/org/apache/camel/processor/validation/SchemaReader.java @@ -175,6 +175,7 @@ public class SchemaReader { } if (camelContext == null || !Boolean.parseBoolean(camelContext.getGlobalOptions().get(ACCESS_EXTERNAL_DTD))) { try { + LOG.debug("Configuring SchemaFactory to not allow access to external DTD/Schema"); factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); } catch (SAXException e) { LOG.warn(e.getMessage(), e); diff --git a/camel-core/src/main/java/org/apache/camel/processor/validation/ValidatingProcessor.java b/camel-core/src/main/java/org/apache/camel/processor/validation/ValidatingProcessor.java index 96b3db8..8bba7e7 100644 --- a/camel-core/src/main/java/org/apache/camel/processor/validation/ValidatingProcessor.java +++ b/camel-core/src/main/java/org/apache/camel/processor/validation/ValidatingProcessor.java @@ -22,6 +22,7 @@ import java.io.InputStream; import java.net.URL; import java.util.Collections; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Result; import javax.xml.transform.Source; @@ -53,6 +54,8 @@ import org.apache.camel.util.IOHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static org.apache.camel.processor.validation.SchemaReader.ACCESS_EXTERNAL_DTD; + /** * A processor which validates the XML version of the inbound message body * against some schema either in XSD or RelaxNG @@ -100,6 +103,16 @@ public class ValidatingProcessor implements AsyncProcessor { } Validator validator = schema.newValidator(); + // turn off access to external schema by default + if (!Boolean.parseBoolean(exchange.getContext().getGlobalOptions().get(ACCESS_EXTERNAL_DTD))) { + try { + LOG.debug("Configuring Validator to not allow access to external DTD/Schema"); + validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + } catch (SAXException e) { + LOG.warn(e.getMessage(), e); + } + } // the underlying input stream, which we need to close to avoid locking files or other resources Source source = null; -- To stop receiving notification emails like this one, please contact davsclaus@apache.org.