Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMykola Nikishov2017-09-01 20:01:07 +0000
committerMykola Nikishov2018-01-29 17:31:26 +0000
commitd8c703314ff500c8933466044d4e90a91001217b (patch)
tree8d5a37dd2552b9ab52b86e3d7f06f69a16514754
parentb7ad5ef487b48b93ef7093818044a1b91c720371 (diff)
downloadrt.equinox.p2-d8c703314ff500c8933466044d4e90a91001217b.tar.gz
rt.equinox.p2-d8c703314ff500c8933466044d4e90a91001217b.tar.xz
rt.equinox.p2-d8c703314ff500c8933466044d4e90a91001217b.zip
Bug 518031 - Throw exception if unable to create a secured XML factory
Secured XML factory must be either successfully created or fail in an obvious way. Do not hide actual problem by catching an exception and let the caller to decide what to do with it. Change-Id: I8f3c6f29d2874dbb0f4952d1322150923582f642 Signed-off-by: Mykola Nikishov <mn@mn.com.ua>
-rw-r--r--bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/SecureXMLUtil.java54
-rw-r--r--bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java8
-rw-r--r--bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/FeatureManifestParser.java2
-rw-r--r--bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/ProductFile.java3
-rw-r--r--bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/metadata/repository/StandaloneSerializationTest.java7
-rw-r--r--bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/CategoryParser.java6
-rw-r--r--bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DefaultSiteParser.java2
-rw-r--r--bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DigestParser.java2
8 files changed, 38 insertions, 46 deletions
diff --git a/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/SecureXMLUtil.java b/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/SecureXMLUtil.java
index 3bd154bc8..559104838 100644
--- a/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/SecureXMLUtil.java
+++ b/bundles/org.eclipse.equinox.p2.core/src/org/eclipse/equinox/internal/p2/core/helpers/SecureXMLUtil.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 20017 Manumitting Technologies Inc and others.
+ * Copyright (c) 2017 Manumitting Technologies Inc and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -12,61 +12,47 @@ package org.eclipse.equinox.internal.p2.core.helpers;
import javax.xml.XMLConstants;
import javax.xml.parsers.*;
-import org.eclipse.core.runtime.IStatus;
-import org.eclipse.core.runtime.Status;
-import org.eclipse.equinox.internal.p2.core.Activator;
import org.xml.sax.*;
import org.xml.sax.helpers.XMLReaderFactory;
/**
- * A utility class for processing XML data in a secure fashion,
- * avoiding XML Entity Expansion problems
+ * A utility class for creating an XML-related factories suitable for
+ * for processing XML data from possibly malicious sources in a secure
+ * fashion, avoiding XML Entity Expansion problem.
*/
public class SecureXMLUtil {
/**
- * Create a new {@link DocumentBuilderFactory} suitable for processing
- * XML data from possibly malicious sources. For example, data retrieved
- * from remote p2 metadata and artifacts repositories.
+ * Create a new {@link DocumentBuilderFactory}.
+ *
+ * @throws ParserConfigurationException
*/
- public static DocumentBuilderFactory newSecureDocumentBuilderFactory() {
+ public static DocumentBuilderFactory newSecureDocumentBuilderFactory() throws ParserConfigurationException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- // FEATURE_SECURE_PROCESSING is documented as must be supported by all implementations
- try {
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- } catch (ParserConfigurationException e) {
- LogHelper.log(new Status(IStatus.WARNING, Activator.ID, "Feature not supported", e)); //$NON-NLS-1$
- }
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return factory;
}
/**
- * Create a new {@link SAXParserFactory} suitable for processing
- * XML data from possibly malicious sources. For example, data retrieved
- * from remote p2 metadata and artifacts repositories.
+ * Create a new {@link SAXParserFactory}.
+ *
+ * @throws ParserConfigurationException
+ * @throws SAXNotSupportedException
+ * @throws SAXNotRecognizedException
*/
- public static SAXParserFactory newSecureSAXParserFactory() {
+ public static SAXParserFactory newSecureSAXParserFactory() throws SAXNotRecognizedException, SAXNotSupportedException, ParserConfigurationException {
SAXParserFactory factory = SAXParserFactory.newInstance();
- // FEATURE_SECURE_PROCESSING is documented as must be supported by all implementations
- try {
- factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
- LogHelper.log(new Status(IStatus.WARNING, Activator.ID, "Feature not supported", e)); //$NON-NLS-1$
- }
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return factory;
}
/**
- * Create a new {@link XMLReader} suitable for processing
- * XML data from possibly malicious sources. For example, data retrieved
- * from remote p2 metadata and artifacts repositories.
+ * Create a new {@link XMLReader}.
+ *
+ * @throws SAXException
*/
public static XMLReader newSecureXMLReader() throws SAXException {
XMLReader reader = XMLReaderFactory.createXMLReader();
- try {
- reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
- LogHelper.log(new Status(IStatus.WARNING, Activator.ID, "Feature not supported", e)); //$NON-NLS-1$
- }
+ reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return reader;
}
}
diff --git a/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java b/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java
index 65d33563d..8f6cf0c88 100644
--- a/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java
+++ b/bundles/org.eclipse.equinox.p2.metadata.repository/src/org/eclipse/equinox/p2/metadata/io/IUDeserializer.java
@@ -34,12 +34,16 @@ public class IUDeserializer {
* Construct a new instance of the deserializer.
*/
public IUDeserializer() {
- deserializer = new IUDeserializerParser(SecureXMLUtil.newSecureSAXParserFactory());
+ try {
+ deserializer = new IUDeserializerParser(SecureXMLUtil.newSecureSAXParserFactory());
+ } catch (SAXNotRecognizedException | SAXNotSupportedException | ParserConfigurationException e) {
+ throw new FactoryConfigurationError(e);
+ }
}
/**
* Deserialize a set of {@link IInstallableUnit} from the input stream.
- * @param input the input stream to deserialize {@link IInstallableUnit}s from.
+ * @param input the input stream to deserialize {@link IInstallableUnit}s from.
* @return the collection of {@link IInstallableUnit}s read from the input stream.
* @throws IOException
*/
diff --git a/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/FeatureManifestParser.java b/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/FeatureManifestParser.java
index 9e983a9aa..21b3b11fc 100644
--- a/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/FeatureManifestParser.java
+++ b/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/FeatureManifestParser.java
@@ -34,7 +34,6 @@ import org.xml.sax.helpers.DefaultHandler;
*/
public class FeatureManifestParser extends DefaultHandler {
- private final static SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
private SAXParser parser;
protected Feature result;
private URL url;
@@ -53,6 +52,7 @@ public class FeatureManifestParser extends DefaultHandler {
if (!createParser)
return;
try {
+ SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
parserFactory.setNamespaceAware(true);
this.parser = parserFactory.newSAXParser();
} catch (ParserConfigurationException e) {
diff --git a/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/ProductFile.java b/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/ProductFile.java
index ac07b1158..bd37a4691 100644
--- a/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/ProductFile.java
+++ b/bundles/org.eclipse.equinox.p2.publisher.eclipse/src/org/eclipse/equinox/internal/p2/publisher/eclipse/ProductFile.java
@@ -66,8 +66,6 @@ public class ProductFile extends DefaultHandler implements IProductDescriptor {
private static final String PROPERTY_ECLIPSE_APPLICATION = "eclipse.application"; //$NON-NLS-1$
private static final String PROPERTY_ECLIPSE_PRODUCT = "eclipse.product"; //$NON-NLS-1$
- private final static SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
-
private static final String PROGRAM_ARGS = "programArgs"; //$NON-NLS-1$
private static final String PROGRAM_ARGS_LINUX = "programArgsLin"; //$NON-NLS-1$
private static final String PROGRAM_ARGS_MAC = "programArgsMac"; //$NON-NLS-1$
@@ -225,6 +223,7 @@ public class ProductFile extends DefaultHandler implements IProductDescriptor {
this.currentOS = os;
this.location = new File(location);
try {
+ SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
parserFactory.setNamespaceAware(true);
parser = parserFactory.newSAXParser();
InputStream in = new BufferedInputStream(new FileInputStream(location));
diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/metadata/repository/StandaloneSerializationTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/metadata/repository/StandaloneSerializationTest.java
index 468f7d335..ad97decb2 100644
--- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/metadata/repository/StandaloneSerializationTest.java
+++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/metadata/repository/StandaloneSerializationTest.java
@@ -12,10 +12,13 @@ package org.eclipse.equinox.p2.tests.metadata.repository;
import java.io.*;
import java.util.*;
+import javax.xml.parsers.ParserConfigurationException;
import junit.framework.TestCase;
import org.eclipse.equinox.p2.metadata.*;
import org.eclipse.equinox.p2.metadata.io.IUDeserializer;
import org.eclipse.equinox.p2.metadata.io.IUSerializer;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
public class StandaloneSerializationTest extends TestCase {
public void testNothingToWrite() {
@@ -35,7 +38,7 @@ public class StandaloneSerializationTest extends TestCase {
}
}
- public void testNoContent() {
+ public void testNoContent() throws SAXNotRecognizedException, SAXNotSupportedException, ParserConfigurationException {
//Write file w/o content
File f = null;
try {
@@ -68,7 +71,7 @@ public class StandaloneSerializationTest extends TestCase {
f.delete();
}
- public void testWritingThenLoading() {
+ public void testWritingThenLoading() throws SAXNotRecognizedException, SAXNotSupportedException, ParserConfigurationException {
MetadataFactory.InstallableUnitDescription iu = new MetadataFactory.InstallableUnitDescription();
iu.setId("foo");
iu.setVersion(Version.create("1.0.0"));
diff --git a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/CategoryParser.java b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/CategoryParser.java
index 61aedd5f3..cf4273878 100644
--- a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/CategoryParser.java
+++ b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/CategoryParser.java
@@ -32,7 +32,6 @@ import org.xml.sax.helpers.DefaultHandler;
* This class was initially copied from org.eclipse.update.core.model.DefaultSiteParser.
*/
public class CategoryParser extends DefaultHandler {
- private final static SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
private static final String PLUGIN_ID = Activator.ID;
private static final String ARCHIVE = "archive"; //$NON-NLS-1$
@@ -110,8 +109,9 @@ public class CategoryParser extends DefaultHandler {
status = null;
DESCRIPTION_SITE_ALREADY_SEEN = false;
try {
- parserFactory.setNamespaceAware(true);
- this.parser = parserFactory.newSAXParser();
+ SAXParserFactory parserfactory = SecureXMLUtil.newSecureSAXParserFactory();
+ parserfactory.setNamespaceAware(true);
+ this.parser = parserfactory.newSAXParser();
} catch (ParserConfigurationException e) {
log(e);
} catch (SAXException e) {
diff --git a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DefaultSiteParser.java b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DefaultSiteParser.java
index 7570b15c6..a7ce67a95 100644
--- a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DefaultSiteParser.java
+++ b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DefaultSiteParser.java
@@ -41,7 +41,6 @@ public class DefaultSiteParser extends DefaultHandler {
private static final String BUNDLE = "bundle"; //$NON-NLS-1$
private static final String FEATURES = "features/"; //$NON-NLS-1$
private static final String PLUGINS = "plugins/"; //$NON-NLS-1$
- private final static SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
private static final String PLUGIN_ID = Activator.ID;
private static final String SITE = "site"; //$NON-NLS-1$
@@ -138,6 +137,7 @@ public class DefaultSiteParser extends DefaultHandler {
status = null;
DESCRIPTION_SITE_ALREADY_SEEN = false;
try {
+ SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
parserFactory.setNamespaceAware(true);
this.parser = parserFactory.newSAXParser();
} catch (ParserConfigurationException e) {
diff --git a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DigestParser.java b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DigestParser.java
index 068e1a07d..cf8881e48 100644
--- a/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DigestParser.java
+++ b/bundles/org.eclipse.equinox.p2.updatesite/src/org/eclipse/equinox/internal/p2/updatesite/DigestParser.java
@@ -35,7 +35,6 @@ import org.xml.sax.helpers.DefaultHandler;
*/
public class DigestParser extends DefaultHandler {
- private final static SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
private SAXParser parser;
private final List<Feature> features = new ArrayList<>();
private final FeatureManifestParser featureHandler = new FeatureManifestParser(false);
@@ -43,6 +42,7 @@ public class DigestParser extends DefaultHandler {
public DigestParser() {
super();
try {
+ SAXParserFactory parserFactory = SecureXMLUtil.newSecureSAXParserFactory();
parserFactory.setNamespaceAware(true);
this.parser = parserFactory.newSAXParser();
} catch (ParserConfigurationException e) {

Back to the top