From general-return-2293-archive-asf-public=cust-asf.ponee.io@attic.apache.org Sun Jun 10 12:38:44 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 8BFE018062B for ; Sun, 10 Jun 2018 12:38:43 +0200 (CEST) Received: (qmail 27036 invoked by uid 500); 10 Jun 2018 10:38:42 -0000 Mailing-List: contact general-help@attic.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: general@attic.apache.org Delivered-To: mailing list general@attic.apache.org Received: (qmail 27025 invoked by uid 99); 10 Jun 2018 10:38:42 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 10 Jun 2018 10:38:42 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id EAA653A0114 for ; Sun, 10 Jun 2018 10:38:41 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1833263 - in /xmlbeans/trunk: src/common/org/apache/xmlbeans/impl/common/StaxHelper.java src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java test/src/drt/drtcases/MarshalTests.java Date: Sun, 10 Jun 2018 10:38:41 -0000 To: general@attic.apache.org From: fanningpj@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20180610103841.EAA653A0114@svn01-us-west.apache.org> Author: fanningpj Date: Sun Jun 10 10:38:41 2018 New Revision: 1833263 URL: http://svn.apache.org/viewvc?rev=1833263&view=rev Log: use safe XML parsers Added: xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java Modified: xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java Added: xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java?rev=1833263&view=auto ============================================================================== --- xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java (added) +++ xmlbeans/trunk/src/common/org/apache/xmlbeans/impl/common/StaxHelper.java Sun Jun 10 10:38:41 2018 @@ -0,0 +1,78 @@ +/* Copyright 2017, 2018 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xmlbeans.impl.common; + +import javax.xml.stream.XMLEventFactory; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLOutputFactory; + + +/** + * Provides handy methods for working with StAX parsers and readers + */ +public final class StaxHelper { + private static final XBLogger logger = XBLogFactory.getLogger(StaxHelper.class); + + private StaxHelper() {} + + /** + * Creates a new StAX XMLInputFactory, with sensible defaults + */ + public static XMLInputFactory newXMLInputFactory() { + XMLInputFactory factory = XMLInputFactory.newFactory(); + trySetProperty(factory, XMLInputFactory.IS_NAMESPACE_AWARE, true); + trySetProperty(factory, XMLInputFactory.IS_VALIDATING, false); + trySetProperty(factory, XMLInputFactory.SUPPORT_DTD, false); + trySetProperty(factory, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); + return factory; + } + + /** + * Creates a new StAX XMLOutputFactory, with sensible defaults + */ + public static XMLOutputFactory newXMLOutputFactory() { + XMLOutputFactory factory = XMLOutputFactory.newFactory(); + trySetProperty(factory, XMLOutputFactory.IS_REPAIRING_NAMESPACES, true); + return factory; + } + + /** + * Creates a new StAX XMLEventFactory, with sensible defaults + */ + public static XMLEventFactory newXMLEventFactory() { + return XMLEventFactory.newFactory(); + } + + private static void trySetProperty(XMLInputFactory factory, String feature, boolean flag) { + try { + factory.setProperty(feature, flag); + } catch (Exception e) { + logger.log(XBLogger.WARN, "StAX Property unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(XBLogger.WARN, "Cannot set StAX property because outdated StAX parser in classpath", feature, ame); + } + } + + private static void trySetProperty(XMLOutputFactory factory, String feature, boolean flag) { + try { + factory.setProperty(feature, flag); + } catch (Exception e) { + logger.log(XBLogger.WARN, "StAX Property unsupported", feature, e); + } catch (AbstractMethodError ame) { + logger.log(XBLogger.WARN, "Cannot set StAX property because outdated StAX parser in classpath", feature, ame); + } + } +} Modified: xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java URL: http://svn.apache.org/viewvc/xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java?rev=1833263&r1=1833262&r2=1833263&view=diff ============================================================================== --- xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java (original) +++ xmlbeans/trunk/src/xmlcomp/org/apache/xmlbeans/impl/tool/StreamInstanceValidator.java Sun Jun 10 10:38:41 2018 @@ -21,6 +21,7 @@ import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlObject; import org.apache.xmlbeans.XmlOptions; import org.apache.xmlbeans.XmlError; +import org.apache.xmlbeans.impl.common.StaxHelper; import org.apache.xmlbeans.impl.validator.ValidatingXMLStreamReader; import javax.xml.stream.XMLInputFactory; @@ -39,7 +40,7 @@ import java.util.HashSet; public class StreamInstanceValidator { - private static final XMLInputFactory XML_INPUT_FACTORY = XMLInputFactory.newInstance(); + private static final XMLInputFactory XML_INPUT_FACTORY = StaxHelper.newXMLInputFactory(); public static void printUsage() { Modified: xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java URL: http://svn.apache.org/viewvc/xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java?rev=1833263&r1=1833262&r2=1833263&view=diff ============================================================================== --- xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java (original) +++ xmlbeans/trunk/test/src/drt/drtcases/MarshalTests.java Sun Jun 10 10:38:41 2018 @@ -44,6 +44,7 @@ import org.apache.xmlbeans.XmlException; import org.apache.xmlbeans.XmlObject; import org.apache.xmlbeans.XmlOptions; import org.apache.xmlbeans.impl.binding.compile.Schema2Java; +import org.apache.xmlbeans.impl.common.StaxHelper; import org.apache.xmlbeans.impl.common.XmlReaderToWriter; import org.apache.xmlbeans.impl.common.XmlStreamUtils; import org.apache.xmlbeans.impl.marshal.BindingContextFactoryImpl; @@ -53,8 +54,6 @@ import org.apache.xmlbeans.impl.xb.xsdsc import org.w3c.dom.Document; import javax.xml.namespace.QName; -import javax.xml.stream.XMLInputFactory; -import javax.xml.stream.XMLOutputFactory; import javax.xml.stream.XMLStreamException; import javax.xml.stream.XMLStreamReader; import javax.xml.stream.XMLStreamWriter; @@ -120,7 +119,7 @@ public class MarshalTests extends TestCa String doc = "food"; StringReader sr = new StringReader(doc); final XMLStreamReader reader = - XMLInputFactory.newInstance().createXMLStreamReader(sr); + StaxHelper.newXMLInputFactory().createXMLStreamReader(sr); dumpReader(reader); } @@ -132,7 +131,7 @@ public class MarshalTests extends TestCa { StringWriter sw = new StringWriter(); final XMLStreamWriter writer = - XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); writer.writeStartDocument(); writer.writeStartElement("dummy"); @@ -166,10 +165,9 @@ public class MarshalTests extends TestCa StringReader sr = new StringReader(DOC); final XMLStreamReader reader = - XMLInputFactory.newInstance().createXMLStreamReader(sr); + StaxHelper.newXMLInputFactory().createXMLStreamReader(sr); - //uncomment when stax bug is fixed - //dumpReader(reader, true); + dumpReader(reader, true); } public void testManySimpleTypesUnmarshall() @@ -301,7 +299,7 @@ public class MarshalTests extends TestCa StringReader stringReader = new StringReader(xmldoc); XMLStreamReader xrdr = - XMLInputFactory.newInstance().createXMLStreamReader(stringReader); + StaxHelper.newXMLInputFactory().createXMLStreamReader(stringReader); final XmlOptions options = new XmlOptions(); Collection errors = new LinkedList(); @@ -694,7 +692,7 @@ public class MarshalTests extends TestCa StringWriter sw = new StringWriter(); XMLStreamWriter xml_out = - XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); xml_out.writeStartDocument(); xml_out.writeStartElement("DUMMY_ROOT"); @@ -838,7 +836,7 @@ public class MarshalTests extends TestCa StringWriter sw = new StringWriter(); XMLStreamWriter xml_out = - XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); xml_out.writeStartDocument(); xml_out.writeStartElement("DUMMY_ROOT"); @@ -972,7 +970,7 @@ public class MarshalTests extends TestCa BindingContext bindingContext = getBindingContext(getBindingConfigDocument()); StringWriter sw = new StringWriter(); - XMLStreamWriter w = XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + XMLStreamWriter w = StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); final XmlOptions options = new XmlOptions(); Collection errors = new LinkedList(); @@ -1001,7 +999,7 @@ public class MarshalTests extends TestCa StringReader sr = new StringReader(sw.getBuffer().toString()); XMLStreamReader rdr = - XMLInputFactory.newInstance().createXMLStreamReader(sr); + StaxHelper.newXMLInputFactory().createXMLStreamReader(sr); while (!rdr.isStartElement()) { rdr.next(); } @@ -1034,7 +1032,7 @@ public class MarshalTests extends TestCa BindingContext bindingContext = getBindingContext(getBindingConfigDocument()); StringWriter sw = new StringWriter(); - XMLStreamWriter w = XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + XMLStreamWriter w = StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); final XmlOptions options = new XmlOptions(); Collection errors = new LinkedList(); @@ -1047,7 +1045,7 @@ public class MarshalTests extends TestCa //now unmarshall from String and compare objects... StringReader sr = new StringReader(sw.getBuffer().toString()); XMLStreamReader rdr = - XMLInputFactory.newInstance().createXMLStreamReader(sr); + StaxHelper.newXMLInputFactory().createXMLStreamReader(sr); Unmarshaller umctx = bindingContext.createUnmarshaller(); Object out_obj = umctx.unmarshal(rdr, options); reportErrors(errors, "byname-doc-writer"); @@ -1074,7 +1072,7 @@ public class MarshalTests extends TestCa BindingContext bindingContext = getBindingContext(getBindingConfigDocument()); StringWriter sw = new StringWriter(); - XMLStreamWriter w = XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + XMLStreamWriter w = StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); final XmlOptions options = new XmlOptions(); Collection errors = new LinkedList(); @@ -1093,7 +1091,7 @@ public class MarshalTests extends TestCa //now unmarshall from String and compare objects... StringReader sr = new StringReader(sw.getBuffer().toString()); XMLStreamReader rdr = - XMLInputFactory.newInstance().createXMLStreamReader(sr); + StaxHelper.newXMLInputFactory().createXMLStreamReader(sr); Unmarshaller umctx = bindingContext.createUnmarshaller(); while (!rdr.isStartElement()) { rdr.next(); @@ -1556,7 +1554,7 @@ public class MarshalTests extends TestCa StringWriter sw = new StringWriter(); XMLStreamWriter xsw = - XMLOutputFactory.newInstance().createXMLStreamWriter(sw); + StaxHelper.newXMLOutputFactory().createXMLStreamWriter(sw); XmlReaderToWriter.writeAll(reader, xsw); @@ -1582,14 +1580,14 @@ public class MarshalTests extends TestCa } } - public void testByNameBeanUnmarshal() + public void testByNameBeanUnmarshal()StreamInstanceValidator throws Exception { BindingContext bindingContext = getBindingContext(getBindingConfigDocument()); File doc = TestEnv.xbeanCase("marshal/doc2.xml"); - final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); + final XMLInputFactory xmlInputFactory = StaxHelper.newXMLInputFactory(); XMLStreamReader xrdr = xmlInputFactory.createXMLStreamReader(doc.toURL().toString(), new FileInputStream(doc)); @@ -1618,7 +1616,7 @@ public class MarshalTests extends TestCa File doc = TestEnv.xbeanCase("marshal/doc3.xml"); - final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); + final XMLInputFactory xmlInputFactory = StaxHelper.newXMLInputFactory(); XMLStreamReader xrdr = xmlInputFactory.createXMLStreamReader(new FileReader(doc)); @@ -1675,7 +1673,7 @@ public class MarshalTests extends TestCa final String javaType = "com.mytest.MyClass"; final QName schemaType = MYCLASS_NAME; - final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); + final XMLInputFactory xmlInputFactory = StaxHelper.newXMLInputFactory(); XMLStreamReader xrdr = xmlInputFactory.createXMLStreamReader(new FileReader(doc)); @@ -1719,7 +1717,7 @@ public class MarshalTests extends TestCa final int trials = 5; - final XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance(); + final XMLInputFactory xmlInputFactory = StaxHelper.newXMLInputFactory(); final XmlOptions xmlOptions = new XmlOptions(); @@ -1804,7 +1802,7 @@ public class MarshalTests extends TestCa //now try unmarshalType... final FileInputStream fis = new FileInputStream(instance); final XMLStreamReader rdr = - XMLInputFactory.newInstance().createXMLStreamReader(fis); + StaxHelper.newXMLInputFactory().createXMLStreamReader(fis); QName schema_type = new QName("http://nosuch.domain.name", "USAddress"); String java_type = obj.getClass().getName();