directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject directory-kerby git commit: Securing the DocumentBuilderFactory instance
Date Thu, 08 Mar 2018 11:02:21 GMT
Repository: directory-kerby
Updated Branches:
  refs/heads/1.1.x-fixes c9f496889 -> 42c15e9bd


Securing the DocumentBuilderFactory instance


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/42c15e9b
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/42c15e9b
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/42c15e9b

Branch: refs/heads/1.1.x-fixes
Commit: 42c15e9bdfe6e2bca85bf36e89908023d2110dcd
Parents: c9f4968
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Mar 8 10:42:46 2018 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Mar 8 10:43:26 2018 +0000

----------------------------------------------------------------------
 .../src/main/java/org/apache/kerby/config/XmlConfigLoader.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/42c15e9b/kerby-common/kerby-config/src/main/java/org/apache/kerby/config/XmlConfigLoader.java
----------------------------------------------------------------------
diff --git a/kerby-common/kerby-config/src/main/java/org/apache/kerby/config/XmlConfigLoader.java
b/kerby-common/kerby-config/src/main/java/org/apache/kerby/config/XmlConfigLoader.java
index 2fd2f9c..78ac7a4 100644
--- a/kerby-common/kerby-config/src/main/java/org/apache/kerby/config/XmlConfigLoader.java
+++ b/kerby-common/kerby-config/src/main/java/org/apache/kerby/config/XmlConfigLoader.java
@@ -29,6 +29,7 @@ import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.w3c.dom.Text;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.InputStream;
@@ -46,6 +47,8 @@ public class XmlConfigLoader extends ConfigLoader {
 
     private Element loadResourceDocument(Resource resource) throws Exception {
         DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
+        docBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE);
+        docBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl",
true);
 
         docBuilderFactory.setIgnoringComments(true);
         docBuilderFactory.setNamespaceAware(true);
@@ -150,4 +153,4 @@ public class XmlConfigLoader extends ConfigLoader {
         }
         return null;
     }
-}
\ No newline at end of file
+}


Mime
View raw message