/hg/release/icedtea7-forest-2.3/jaxp: 4 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Tue Oct 15 16:11:44 PDT 2013
changeset d31a609466d9 in /hg/release/icedtea7-forest-2.3/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp?cmd=changeset;node=d31a609466d9
author: joehw
date: Thu Oct 10 16:18:30 2013 +0100
8013503: Improve stream factories
Reviewed-by: alanb, dfuchs, mullan
changeset f5d8437f4407 in /hg/release/icedtea7-forest-2.3/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp?cmd=changeset;node=f5d8437f4407
author: joehw
date: Thu Oct 10 16:30:46 2013 +0100
8012425: Transform TransformerFactory
Reviewed-by: alanb, dfuchs, mullan
changeset 00f1d7d220a9 in /hg/release/icedtea7-forest-2.3/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp?cmd=changeset;node=00f1d7d220a9
author: joehw
date: Thu Oct 10 16:45:02 2013 +0100
8017298: Better XML support
Reviewed-by: alanb, dfuchs, mullan
changeset aeaabc10209e in /hg/release/icedtea7-forest-2.3/jaxp
details: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jaxp?cmd=changeset;node=aeaabc10209e
author: joehw
date: Fri Oct 11 11:35:02 2013 +0100
8014530: Better digital signature processing
Reviewed-by: alanb, dfuchs, mullan, lancea
diffstat:
src/com/sun/org/apache/xalan/internal/XalanConstants.java | 110 ++
src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java | 50 +
src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java | 449 ++++++++
src/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java | 16 +
src/com/sun/org/apache/xalan/internal/xsltc/compiler/XSLTC.java | 24 +-
src/com/sun/org/apache/xalan/internal/xsltc/trax/TemplatesHandlerImpl.java | 4 +-
src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java | 10 +
src/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java | 8 +
src/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java | 25 +
src/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java | 10 +-
src/com/sun/org/apache/xerces/internal/impl/Constants.java | 109 +-
src/com/sun/org/apache/xerces/internal/impl/PropertyManager.java | 12 +-
src/com/sun/org/apache/xerces/internal/impl/XML11NSDocumentScannerImpl.java | 4 +-
src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java | 64 +-
src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java | 48 +-
src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java | 51 +-
src/com/sun/org/apache/xerces/internal/impl/XMLNSDocumentScannerImpl.java | 4 +-
src/com/sun/org/apache/xerces/internal/impl/XMLScanner.java | 54 +-
src/com/sun/org/apache/xerces/internal/impl/msg/XMLMessages.properties | 11 +-
src/com/sun/org/apache/xerces/internal/impl/xs/models/CMNodeFactory.java | 22 +-
src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSAttributeChecker.java | 3 +-
src/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java | 6 +-
src/com/sun/org/apache/xerces/internal/jaxp/DocumentBuilderImpl.java | 12 +-
src/com/sun/org/apache/xerces/internal/jaxp/SAXParserImpl.java | 41 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/AbstractXMLSchema.java | 23 +
src/com/sun/org/apache/xerces/internal/jaxp/validation/StAXValidatorHelper.java | 14 +
src/com/sun/org/apache/xerces/internal/jaxp/validation/StreamValidatorHelper.java | 36 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/ValidatorHandlerImpl.java | 6 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaFactory.java | 16 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/XMLSchemaValidatorComponentManager.java | 45 +-
src/com/sun/org/apache/xerces/internal/jaxp/validation/XSGrammarPoolContainer.java | 7 +
src/com/sun/org/apache/xerces/internal/parsers/AbstractSAXParser.java | 37 +-
src/com/sun/org/apache/xerces/internal/parsers/SAXParser.java | 2 +
src/com/sun/org/apache/xerces/internal/parsers/SecurityConfiguration.java | 5 +-
src/com/sun/org/apache/xerces/internal/parsers/XML11Configuration.java | 72 +-
src/com/sun/org/apache/xerces/internal/util/SecurityManager.java | 226 ----
src/com/sun/org/apache/xerces/internal/util/SymbolTable.java | 4 +-
src/com/sun/org/apache/xerces/internal/utils/SecuritySupport.java | 52 +
src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java | 236 ++++
src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java | 521 ++++++++++
src/com/sun/org/apache/xerces/internal/xinclude/XIncludeHandler.java | 10 +-
src/com/sun/org/apache/xml/internal/utils/XMLReaderManager.java | 57 +-
src/com/sun/xml/internal/stream/Entity.java | 2 +-
src/javax/xml/stream/FactoryFinder.java | 23 +-
src/javax/xml/stream/XMLEventFactory.java | 14 +-
src/javax/xml/stream/XMLInputFactory.java | 15 +-
src/javax/xml/stream/XMLOutputFactory.java | 13 +-
47 files changed, 2149 insertions(+), 434 deletions(-)
diffs (truncated from 4095 to 500 lines):
diff -r aac1cda37627 -r aeaabc10209e src/com/sun/org/apache/xalan/internal/XalanConstants.java
--- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Thu Aug 08 23:15:34 2013 +0100
+++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Fri Oct 11 11:35:02 2013 +0100
@@ -40,6 +40,116 @@
//
// Constants
+ //Xerces security manager
+ public static final String SECURITY_MANAGER =
+ "http://apache.org/xml/properties/security-manager";
+
+ //
+ // Implementation limits: API properties
+ //
+ /** Oracle JAXP property prefix ("http://www.oracle.com/xml/jaxp/properties/"). */
+ public static final String ORACLE_JAXP_PROPERTY_PREFIX =
+ "http://www.oracle.com/xml/jaxp/properties/";
+ /**
+ * JDK entity expansion limit; Note that the existing system property
+ * "entityExpansionLimit" with no prefix is still observed
+ */
+ public static final String JDK_ENTITY_EXPANSION_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "entityExpansionLimit";
+
+ /**
+ * JDK element attribute limit; Note that the existing system property
+ * "elementAttributeLimit" with no prefix is still observed
+ */
+ public static final String JDK_ELEMENT_ATTRIBUTE_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "elementAttributeLimit";
+
+ /**
+ * JDK maxOccur limit; Note that the existing system property
+ * "maxOccurLimit" with no prefix is still observed
+ */
+ public static final String JDK_MAX_OCCUR_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxOccurLimit";
+
+ /**
+ * JDK total entity size limit
+ */
+ public static final String JDK_TOTAL_ENTITY_SIZE_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "totalEntitySizeLimit";
+
+ /**
+ * JDK maximum general entity size limit
+ */
+ public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit";
+ /**
+ * JDK maximum parameter entity size limit
+ */
+ public static final String JDK_PARAMETER_ENTITY_SIZE_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxParameterEntitySizeLimit";
+ /**
+ * JDK maximum XML name limit
+ */
+ public static final String JDK_XML_NAME_LIMIT =
+ ORACLE_JAXP_PROPERTY_PREFIX + "maxXMLNameLimit";
+ /**
+ * JDK property indicating whether the parser shall print out entity
+ * count information
+ * Value: a string "yes" means print, "no" or any other string means not.
+ */
+ public static final String JDK_ENTITY_COUNT_INFO =
+ ORACLE_JAXP_PROPERTY_PREFIX + "getEntityCountInfo";
+
+ //
+ // Implementation limits: corresponding System Properties of the above
+ // API properties
+ //
+ /**
+ * JDK entity expansion limit; Note that the existing system property
+ * "entityExpansionLimit" with no prefix is still observed
+ */
+ public static final String SP_ENTITY_EXPANSION_LIMIT = "jdk.xml.entityExpansionLimit";
+
+ /**
+ * JDK element attribute limit; Note that the existing system property
+ * "elementAttributeLimit" with no prefix is still observed
+ */
+ public static final String SP_ELEMENT_ATTRIBUTE_LIMIT = "jdk.xml.elementAttributeLimit";
+
+ /**
+ * JDK maxOccur limit; Note that the existing system property
+ * "maxOccurLimit" with no prefix is still observed
+ */
+ public static final String SP_MAX_OCCUR_LIMIT = "jdk.xml.maxOccurLimit";
+
+ /**
+ * JDK total entity size limit
+ */
+ public static final String SP_TOTAL_ENTITY_SIZE_LIMIT = "jdk.xml.totalEntitySizeLimit";
+
+ /**
+ * JDK maximum general entity size limit
+ */
+ public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit";
+ /**
+ * JDK maximum parameter entity size limit
+ */
+ public static final String SP_PARAMETER_ENTITY_SIZE_LIMIT = "jdk.xml.maxParameterEntitySizeLimit";
+ /**
+ * JDK maximum XML name limit
+ */
+ public static final String SP_XML_NAME_LIMIT = "jdk.xml.maxXMLNameLimit";
+
+ //legacy System Properties
+ public final static String ENTITY_EXPANSION_LIMIT = "entityExpansionLimit";
+ public static final String ELEMENT_ATTRIBUTE_LIMIT = "elementAttributeLimit" ;
+ public final static String MAX_OCCUR_LIMIT = "maxOccurLimit";
+
+ /**
+ * A string "yes" that can be used for properties such as getEntityCountInfo
+ */
+ public static final String JDK_YES = "yes";
+
//
// Oracle Feature:
/**
diff -r aac1cda37627 -r aeaabc10209e src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java
--- a/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java Thu Aug 08 23:15:34 2013 +0100
+++ b/src/com/sun/org/apache/xalan/internal/utils/SecuritySupport.java Fri Oct 11 11:35:02 2013 +0100
@@ -26,6 +26,7 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.InputStream;
import java.security.AccessController;
@@ -36,6 +37,7 @@
import java.util.Locale;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
+import java.util.Properties;
/**
* This class is duplicated for each subpackage so keep it in sync. It is
@@ -200,6 +202,54 @@
})).longValue();
}
+ /**
+ * Read from $java.home/lib/jaxp.properties for the specified property
+ * The program
+ *
+ * @param propertyId the Id of the property
+ * @return the value of the property
+ */
+ static String readJAXPProperty(String propertyId) {
+ String value = null;
+ InputStream is = null;
+ try {
+ if (firstTime) {
+ synchronized (cacheProps) {
+ if (firstTime) {
+ String configFile = getSystemProperty("java.home") + File.separator +
+ "lib" + File.separator + "jaxp.properties";
+ File f = new File(configFile);
+ if (getFileExists(f)) {
+ is = getFileInputStream(f);
+ cacheProps.load(is);
+ }
+ firstTime = false;
+ }
+ }
+ }
+ value = cacheProps.getProperty(propertyId);
+
+ }
+ catch (Exception ex) {}
+ finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (IOException ex) {}
+ }
+ }
+ return value;
+ }
+
+ /**
+ * Cache for properties in java.home/lib/jaxp.properties
+ */
+ static final Properties cacheProps = new Properties();
+
+ /**
+ * Flag indicating if the program has tried reading java.home/lib/jaxp.properties
+ */
+ static volatile boolean firstTime = true;
private SecuritySupport() {
}
diff -r aac1cda37627 -r aeaabc10209e src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Fri Oct 11 11:35:02 2013 +0100
@@ -0,0 +1,449 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright (c) 2013 Oracle and/or its affiliates. All rights reserved.
+ *
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License"). You
+ * may not use this file except in compliance with the License. You can
+ * obtain a copy of the License at
+ * https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
+ * or packager/legal/LICENSE.txt. See the License for the specific
+ * language governing permissions and limitations under the License.
+ *
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at packager/legal/LICENSE.txt.
+ *
+ * GPL Classpath Exception:
+ * Oracle designates this particular file as subject to the "Classpath"
+ * exception as provided by Oracle in the GPL Version 2 section of the License
+ * file that accompanied this code.
+ *
+ * Modifications:
+ * If applicable, add the following below the License Header, with the fields
+ * enclosed by brackets [] replaced by your own identifying information:
+ * "Portions Copyright [year] [name of copyright owner]"
+ *
+ * Contributor(s):
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license." If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above. However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+package com.sun.org.apache.xalan.internal.utils;
+
+import com.sun.org.apache.xalan.internal.XalanConstants;
+
+
+/**
+ * This class is not the same as that in Xerces. It is used to manage the
+ * state of corresponding Xerces properties and pass the values over to
+ * the Xerces Security Manager.
+ *
+ * @author Joe Wang Oracle Corp.
+ *
+ */
+public final class XMLSecurityManager {
+
+ /**
+ * States of the settings of a property, in the order: default value, value
+ * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
+ * properties, and jaxp api properties
+ */
+ public static enum State {
+ //this order reflects the overriding order
+
+ DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"),
+ JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"),
+ APIPROPERTY("property");
+
+ final String literal;
+ State(String literal) {
+ this.literal = literal;
+ }
+
+ String literal() {
+ return literal;
+ }
+ }
+
+ /**
+ * Limits managed by the security manager
+ */
+ public static enum Limit {
+
+ ENTITY_EXPANSION_LIMIT(XalanConstants.JDK_ENTITY_EXPANSION_LIMIT,
+ XalanConstants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
+ MAX_OCCUR_NODE_LIMIT(XalanConstants.JDK_MAX_OCCUR_LIMIT,
+ XalanConstants.SP_MAX_OCCUR_LIMIT, 0, 5000),
+ ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.JDK_ELEMENT_ATTRIBUTE_LIMIT,
+ XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
+ TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT,
+ XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
+ GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT,
+ XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0),
+ PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT,
+ XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000);
+
+ final String apiProperty;
+ final String systemProperty;
+ final int defaultValue;
+ final int secureValue;
+
+ Limit(String apiProperty, String systemProperty, int value, int secureValue) {
+ this.apiProperty = apiProperty;
+ this.systemProperty = systemProperty;
+ this.defaultValue = value;
+ this.secureValue = secureValue;
+ }
+
+ public boolean equalsAPIPropertyName(String propertyName) {
+ return (propertyName == null) ? false : apiProperty.equals(propertyName);
+ }
+
+ public boolean equalsSystemPropertyName(String propertyName) {
+ return (propertyName == null) ? false : systemProperty.equals(propertyName);
+ }
+
+ public String apiProperty() {
+ return apiProperty;
+ }
+
+ String systemProperty() {
+ return systemProperty;
+ }
+
+ int defaultValue() {
+ return defaultValue;
+ }
+
+ int secureValue() {
+ return secureValue;
+ }
+ }
+
+ /**
+ * Map old property names with the new ones
+ */
+ public static enum NameMap {
+
+ ENTITY_EXPANSION_LIMIT(XalanConstants.SP_ENTITY_EXPANSION_LIMIT,
+ XalanConstants.ENTITY_EXPANSION_LIMIT),
+ MAX_OCCUR_NODE_LIMIT(XalanConstants.SP_MAX_OCCUR_LIMIT,
+ XalanConstants.MAX_OCCUR_LIMIT),
+ ELEMENT_ATTRIBUTE_LIMIT(XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT,
+ XalanConstants.ELEMENT_ATTRIBUTE_LIMIT);
+ final String newName;
+ final String oldName;
+
+ NameMap(String newName, String oldName) {
+ this.newName = newName;
+ this.oldName = oldName;
+ }
+
+ String getOldName(String newName) {
+ if (newName.equals(this.newName)) {
+ return oldName;
+ }
+ return null;
+ }
+ }
+ /**
+ * Values of the properties
+ */
+ private final int[] values;
+ /**
+ * States of the settings for each property
+ */
+ private State[] states;
+ /**
+ * States that determine if properties are set explicitly
+ */
+ private boolean[] isSet;
+
+
+ /**
+ * Index of the special entityCountInfo property
+ */
+ private int indexEntityCountInfo = 10000;
+ private String printEntityCountInfo = "";
+
+ /**
+ * Default constructor. Establishes default values for known security
+ * vulnerabilities.
+ */
+ public XMLSecurityManager() {
+ this(false);
+ }
+
+ /**
+ * Instantiate Security Manager in accordance with the status of
+ * secure processing
+ * @param secureProcessing
+ */
+ public XMLSecurityManager(boolean secureProcessing) {
+ values = new int[Limit.values().length];
+ states = new State[Limit.values().length];
+ isSet = new boolean[Limit.values().length];
+ for (Limit limit : Limit.values()) {
+ if (secureProcessing) {
+ values[limit.ordinal()] = limit.secureValue();
+ states[limit.ordinal()] = State.FSP;
+ } else {
+ values[limit.ordinal()] = limit.defaultValue();
+ states[limit.ordinal()] = State.DEFAULT;
+ }
+ }
+ //read system properties or jaxp.properties
+ readSystemProperties();
+ }
+
+ /**
+ * Setting FEATURE_SECURE_PROCESSING explicitly
+ */
+ public void setSecureProcessing(boolean secure) {
+ for (Limit limit : Limit.values()) {
+ if (secure) {
+ setLimit(limit.ordinal(), State.FSP, limit.secureValue());
+ } else {
+ setLimit(limit.ordinal(), State.FSP, limit.defaultValue());
+ }
+ }
+ }
+
+ /**
+ * Set limit by property name and state
+ * @param propertyName property name
+ * @param state the state of the property
+ * @param value the value of the property
+ * @return true if the property is managed by the security manager; false
+ * if otherwise.
+ */
+ public boolean setLimit(String propertyName, State state, Object value) {
+ int index = getIndex(propertyName);
+ if (index > -1) {
+ setLimit(index, state, value);
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Set the value for a specific limit.
+ *
+ * @param limit the limit
+ * @param state the state of the property
+ * @param value the value of the property
+ */
+ public void setLimit(Limit limit, State state, int value) {
+ setLimit(limit.ordinal(), state, value);
+ }
+
+ /**
+ * Set the value of a property by its index
+ *
+ * @param index the index of the property
+ * @param state the state of the property
+ * @param value the value of the property
+ */
+ public void setLimit(int index, State state, Object value) {
+ if (index == indexEntityCountInfo) {
+ //if it's explicitly set, it's treated as yes no matter the value
+ printEntityCountInfo = (String)value;
+ } else {
+ int temp = 0;
+ try {
+ temp = Integer.parseInt((String) value);
+ if (temp < 0) {
+ temp = 0;
+ }
+ } catch (NumberFormatException e) {}
+ setLimit(index, state, temp); }
+ }
+
+ /**
+ * Set the value of a property by its index
+ *
+ * @param index the index of the property
+ * @param state the state of the property
+ * @param value the value of the property
+ */
+ public void setLimit(int index, State state, int value) {
+ if (index == indexEntityCountInfo) {
+ //if it's explicitly set, it's treated as yes no matter the value
+ printEntityCountInfo = XalanConstants.JDK_YES;
+ } else {
+ //only update if it shall override
+ if (state.compareTo(states[index]) >= 0) {
+ values[index] = value;
+ states[index] = state;
+ isSet[index] = true;
+ }
+ }
+ }
+
+
+ /**
+ * Return the value of the specified property.
+ *
+ * @param propertyName the property name
+ * @return the value of the property as a string. If a property is managed
+ * by this manager, its value shall not be null.
+ */
+ public String getLimitAsString(String propertyName) {
+ int index = getIndex(propertyName);
+ if (index > -1) {
More information about the distro-pkg-dev
mailing list