diff options
author | Sarika Sinha | 2021-12-13 18:22:27 +0000 |
---|---|---|
committer | Sarika Sinha | 2022-01-05 18:31:45 +0000 |
commit | 7497b10d49d453620c23be0bcd8d33265807eb14 (patch) | |
tree | 3ef3108fd7020bb4f55708f7e2cfe86f6ba6693d | |
parent | c0dc76e2c62e0f1071b58bb67094cd7096f90aa7 (diff) | |
download | eclipse.platform.ui-7497b10d49d453620c23be0bcd8d33265807eb14.tar.gz eclipse.platform.ui-7497b10d49d453620c23be0bcd8d33265807eb14.tar.xz eclipse.platform.ui-7497b10d49d453620c23be0bcd8d33265807eb14.zip |
Bug 577894 - Security Issue -- XXE AttackR4_7_maintenance
Applications using XMLMemento are vulnerable to XXE Attack
see https://docs.oracle.com/en/java/javase/17/security/java-api-xml-processing-jaxp-security-guide.html
Change-Id: I31013372fe98566731410406dcad3044dc6992d9
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/188792
Reviewed-by: Kalyan Prasad Tatavarthi <kalyan_prasad@in.ibm.com>
Tested-by: Platform Bot <platform-bot@eclipse.org>
(cherry picked from commit 0e1a84ff99587099d104c0ecd0f35e25fe400d74)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189016
Tested-by: Sarika Sinha <sarika.sinha@in.ibm.com>
Reviewed-by: Sarika Sinha <sarika.sinha@in.ibm.com>
(cherry picked from commit e74a513e0f0269842ebd5f133efee94e83562d84)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189030
(cherry picked from commit 04989448df32a5698a4a5cd6f26bd1f3b3be613c)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189271
(cherry picked from commit 0909d771ba66b9bdde554a0f1ec2271c63c8b741)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189272
(cherry picked from commit 179c6870178c6ac9f84afffea9480519b70018c4)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189274
(cherry picked from commit 8b551e012dac5497baf51f5eea6cd597ed9aeff7)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189275
(cherry picked from commit d31e90339b098c809d95037851b0066a014173cb)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189276
(cherry picked from commit fc45dd7946ae5adeb4bc613dd354b2aa21e5e5db)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189277
(cherry picked from commit 51cbd97d40cb8a95dd0f92186a75f131b125a382)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189278
(cherry picked from commit c5d33013a9f86762bfe07aea91e277e14bb4f996)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189279
(cherry picked from commit 2e7f1c9819bcb256a49edc48d205ddb7502a6a58)
Reviewed-on: https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189280
-rw-r--r-- | bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java | 84 |
1 files changed, 62 insertions, 22 deletions
diff --git a/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java b/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java index f04e3cf76c9..97b7ea564fe 100644 --- a/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java +++ b/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2000, 2015 IBM Corporation and others. + * Copyright (c) 2000, 2021 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -16,6 +16,7 @@ import java.io.Reader; import java.io.StringWriter; import java.io.Writer; import java.util.ArrayList; +import java.util.Arrays; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -49,6 +50,8 @@ public final class XMLMemento implements IMemento { private Element element; + private static String FILE_STRING = "file"; //$NON-NLS-1$ + /** * Creates a <code>Document</code> from the <code>Reader</code> * and returns a memento on the first <code>Element</code> for reading @@ -66,28 +69,60 @@ public final class XMLMemento implements IMemento { return createReadRoot(reader, null); } - /** - * Creates a <code>Document</code> from the <code>Reader</code> - * and returns a memento on the first <code>Element</code> for reading - * the document. - * - * @param reader the <code>Reader</code> used to create the memento's document - * @param baseDir the directory used to resolve relative file names - * in the XML document. This directory must exist and include the - * trailing separator. The directory format, including the separators, - * must be valid for the platform. Can be <code>null</code> if not - * needed. - * @return a memento on the first <code>Element</code> for reading the document - * @throws WorkbenchException if IO problems, invalid format, or no element. - */ - public static XMLMemento createReadRoot(Reader reader, String baseDir) - throws WorkbenchException { + /** + * Clients who need to use the "file" protocol can override this method to + * return the original attribute value + * + * @param attributeOldValue + * @return return the new attribute value after concatenating the "file" + * protocol restriction if does not exist already + */ + private static String getAttributeNewValue(Object attributeOldValue) { + StringBuffer strNewValue = new StringBuffer(FILE_STRING); + if (attributeOldValue instanceof String && ((String) attributeOldValue).length() != 0) { + String strOldValue = (String) attributeOldValue; + boolean exists = Arrays.asList(strOldValue.split(",")).stream().anyMatch(x -> x.trim().equals(FILE_STRING)); //$NON-NLS-1$ + if (!exists) { + strNewValue.append(", ").append(strOldValue); //$NON-NLS-1$ + } else { + strNewValue = new StringBuffer(strOldValue); + } + } + return strNewValue.toString(); + } + + /** + * Creates a <code>Document</code> from the <code>Reader</code> and returns a + * memento on the first <code>Element</code> for reading the document. + * + * @param reader the <code>Reader</code> used to create the memento's document + * @param baseDir the directory used to resolve relative file names in the XML + * document. This directory must exist and include the trailing + * separator. The directory format, including the separators, + * must be valid for the platform. Can be <code>null</code> if + * not needed. + * @return a memento on the first <code>Element</code> for reading the document + * @throws WorkbenchException if IO problems, invalid format, or no element. + */ + public static XMLMemento createReadRoot(Reader reader, String baseDir) throws WorkbenchException { String errorMessage = null; - Exception exception = null; + Exception exception = null; + DocumentBuilderFactory factory = null; + Object attributeDTDOldValue = null; + Object attributeSchemaOldValue = null; + try { + factory = DocumentBuilderFactory.newInstance(); + try { + attributeDTDOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD); + attributeSchemaOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA); + } catch (NullPointerException | IllegalArgumentException e) { + // Attributes not defined + } + factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, + getAttributeNewValue(attributeDTDOldValue)); + factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, + getAttributeNewValue(attributeSchemaOldValue)); - try { - DocumentBuilderFactory factory = DocumentBuilderFactory - .newInstance(); DocumentBuilder parser = factory.newDocumentBuilder(); InputSource source = new InputSource(reader); if (baseDir != null) { @@ -134,7 +169,12 @@ public final class XMLMemento implements IMemento { } catch (SAXException e) { exception = e; errorMessage = WorkbenchMessages.XMLMemento_formatError; - } + } finally { + if (factory != null) { + factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, attributeDTDOldValue); + factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, attributeSchemaOldValue); + } + } String problemText = null; if (exception != null) { |