Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSarika Sinha2021-11-22 13:04:49 +0000
committerSarika Sinha2021-12-24 14:25:28 +0000
commita1bdb6ec67e4303cc819d8bf0765c7a51021a060 (patch)
tree9a66a458f32a78ed4c25d277c664a052d50ed547
parent05b1266ff591ea1c3222d1c817f466edf6870fdb (diff)
downloadeclipse.platform.debug-R4_16_maintenance.tar.gz
eclipse.platform.debug-R4_16_maintenance.tar.xz
eclipse.platform.debug-R4_16_maintenance.zip
Bug 577894 - Security Issue -- XXE AttackR4_16_maintenance
Applications using XMLMemento are vulnerable to XXE Attack see https://docs.oracle.com/en/java/javase/17/security/java-api-xml-processing-jaxp-security-guide.html Change-Id: I3f413123158ce2ff76ff250f84fe338520d0882e Reviewed-on: https://git.eclipse.org/r/c/platform/eclipse.platform.debug/+/187978 Reviewed-by: Kalyan Prasad Tatavarthi <kalyan_prasad@in.ibm.com> Tested-by: Platform Bot <platform-bot@eclipse.org> (cherry picked from commit e81a54a076c159432d2e8b1c661d94a805516849) Reviewed-on: https://git.eclipse.org/r/c/platform/eclipse.platform.debug/+/188348 Tested-by: Sarika Sinha <sarika.sinha@in.ibm.com> Reviewed-by: Sarika Sinha <sarika.sinha@in.ibm.com>
-rw-r--r--org.eclipse.debug.core/core/org/eclipse/debug/internal/core/XMLMemento.java47
1 files changed, 43 insertions, 4 deletions
diff --git a/org.eclipse.debug.core/core/org/eclipse/debug/internal/core/XMLMemento.java b/org.eclipse.debug.core/core/org/eclipse/debug/internal/core/XMLMemento.java
index d8b6fe817..55ad375a5 100644
--- a/org.eclipse.debug.core/core/org/eclipse/debug/internal/core/XMLMemento.java
+++ b/org.eclipse.debug.core/core/org/eclipse/debug/internal/core/XMLMemento.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2000, 2018 IBM Corporation and others.
+ * Copyright (c) 2000, 2021 IBM Corporation and others.
*
* This program and the accompanying materials
* are made available under the terms of the Eclipse Public License 2.0
@@ -19,6 +19,7 @@ import java.io.PrintWriter;
import java.io.Reader;
import java.io.Writer;
import java.util.ArrayList;
+import java.util.Arrays;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -43,6 +44,8 @@ public final class XMLMemento {
private Element element;
+ private static String FILE_STRING = "file"; //$NON-NLS-1$
+
/**
* Creates a <code>Document</code> from the <code>Reader</code>
* and returns a memento on the first <code>Element</code> for reading
@@ -61,6 +64,27 @@ public final class XMLMemento {
}
/**
+ * Clients who need to use the "file" protocol can override this method to
+ * return the original attribute value
+ *
+ * @param attributeOldValue
+ * @return return the new attribute value after concatenating the "file"
+ * protocol restriction if does not exist already
+ */
+ private static String getAttributeNewValue(Object attributeOldValue) {
+ StringBuffer strNewValue = new StringBuffer(FILE_STRING);
+ if (attributeOldValue instanceof String && ((String) attributeOldValue).length() != 0) {
+ String strOldValue = (String) attributeOldValue;
+ boolean exists = Arrays.asList(strOldValue.split(",")).stream().anyMatch(x -> x.trim().equals(FILE_STRING)); //$NON-NLS-1$
+ if (!exists) {
+ strNewValue.append(", ").append(strOldValue); //$NON-NLS-1$
+ } else {
+ strNewValue = new StringBuffer(strOldValue);
+ }
+ }
+ return strNewValue.toString();
+ }
+ /**
* Creates a <code>Document</code> from the <code>Reader</code>
* and returns a memento on the first <code>Element</code> for reading
* the document.
@@ -78,10 +102,20 @@ public final class XMLMemento {
throws Exception {
String errorMessage = null;
Exception exception = null;
-
+ DocumentBuilderFactory factory = null;
+ Object attributeDTDOldValue = null;
+ Object attributeSchemaOldValue = null;
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory
- .newInstance();
+ factory = DocumentBuilderFactory.newInstance();
+ try {
+ attributeDTDOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD);
+ attributeSchemaOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA);
+ } catch (NullPointerException | IllegalArgumentException e) {
+ // Attributes not defined
+ }
+ factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, getAttributeNewValue(attributeDTDOldValue));
+ factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, getAttributeNewValue(attributeSchemaOldValue));
+
DocumentBuilder parser = factory.newDocumentBuilder();
InputSource source = new InputSource(reader);
if (baseDir != null) {
@@ -104,6 +138,11 @@ public final class XMLMemento {
} catch (SAXException e) {
exception = e;
// errorMessage = WorkbenchMessages.XMLMemento_formatError;
+ } finally {
+ if (factory != null) {
+ factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, attributeDTDOldValue);
+ factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, attributeSchemaOldValue);
+ }
}
String problemText = null;

Back to the top