Bug 577894 - Security Issue -- XXE AttackR4_7_maintenance

Applications using XMLMemento are vulnerable to XXE Attack

see https://docs.oracle.com/en/java/javase/17/security/java-api-xml-processing-jaxp-security-guide.html

Change-Id: I31013372fe98566731410406dcad3044dc6992d9
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/188792
Reviewed-by: Kalyan Prasad Tatavarthi <kalyan_prasad@in.ibm.com>
Tested-by: Platform Bot <platform-bot@eclipse.org>
(cherry picked from commit 0e1a84ff99587099d104c0ecd0f35e25fe400d74)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189016
Tested-by: Sarika Sinha <sarika.sinha@in.ibm.com>
Reviewed-by: Sarika Sinha <sarika.sinha@in.ibm.com>
(cherry picked from commit e74a513e0f0269842ebd5f133efee94e83562d84)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189030
(cherry picked from commit 04989448df32a5698a4a5cd6f26bd1f3b3be613c)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189271
(cherry picked from commit 0909d771ba66b9bdde554a0f1ec2271c63c8b741)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189272
(cherry picked from commit 179c6870178c6ac9f84afffea9480519b70018c4)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189274
(cherry picked from commit 8b551e012dac5497baf51f5eea6cd597ed9aeff7)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189275
(cherry picked from commit d31e90339b098c809d95037851b0066a014173cb)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189276
(cherry picked from commit fc45dd7946ae5adeb4bc613dd354b2aa21e5e5db)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189277
(cherry picked from commit 51cbd97d40cb8a95dd0f92186a75f131b125a382)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189278
(cherry picked from commit c5d33013a9f86762bfe07aea91e277e14bb4f996)
Reviewed-on:
https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189279
(cherry picked from commit 2e7f1c9819bcb256a49edc48d205ddb7502a6a58)
Reviewed-on: https://git.eclipse.org/r/c/platform/eclipse.platform.ui/+/189280

1 files changed, 62 insertions, 22 deletions

diff --git a/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java b/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java
index f04e3cf76c9..97b7ea564fe 100644
--- a/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java
+++ b/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2000, 2015 IBM Corporation and others.
+ * Copyright (c) 2000, 2021 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -16,6 +16,7 @@ import java.io.Reader;
 import java.io.StringWriter;
 import java.io.Writer;
 import java.util.ArrayList;
+import java.util.Arrays;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -49,6 +50,8 @@ public final class XMLMemento implements IMemento {
 
     private Element element;
 
+	private static String FILE_STRING = "file"; //$NON-NLS-1$
+
     /**
      * Creates a <code>Document</code> from the <code>Reader</code>
      * and returns a memento on the first <code>Element</code> for reading
@@ -66,28 +69,60 @@ public final class XMLMemento implements IMemento {
         return createReadRoot(reader, null);
     }
 
-    /**
-     * Creates a <code>Document</code> from the <code>Reader</code>
-     * and returns a memento on the first <code>Element</code> for reading
-     * the document.
-     *
-     * @param reader the <code>Reader</code> used to create the memento's document
-     * @param baseDir the directory used to resolve relative file names
-     * 		in the XML document. This directory must exist and include the
-     * 		trailing separator. The directory format, including the separators,
-     * 		must be valid for the platform. Can be <code>null</code> if not
-     * 		needed.
-     * @return a memento on the first <code>Element</code> for reading the document
-     * @throws WorkbenchException if IO problems, invalid format, or no element.
-     */
-    public static XMLMemento createReadRoot(Reader reader, String baseDir)
-            throws WorkbenchException {
+	/**
+	 * Clients who need to use the "file" protocol can override this method to
+	 * return the original attribute value
+	 *
+	 * @param attributeOldValue
+	 * @return return the new attribute value after concatenating the "file"
+	 *         protocol restriction if does not exist already
+	 */
+	private static String getAttributeNewValue(Object attributeOldValue) {
+		StringBuffer strNewValue = new StringBuffer(FILE_STRING);
+		if (attributeOldValue instanceof String && ((String) attributeOldValue).length() != 0) {
+			String strOldValue = (String) attributeOldValue;
+			boolean exists = Arrays.asList(strOldValue.split(",")).stream().anyMatch(x -> x.trim().equals(FILE_STRING)); //$NON-NLS-1$
+			if (!exists) {
+				strNewValue.append(", ").append(strOldValue); //$NON-NLS-1$
+			} else {
+				strNewValue = new StringBuffer(strOldValue);
+			}
+		}
+		return strNewValue.toString();
+	}
+
+	/**
+	 * Creates a <code>Document</code> from the <code>Reader</code> and returns a
+	 * memento on the first <code>Element</code> for reading the document.
+	 *
+	 * @param reader  the <code>Reader</code> used to create the memento's document
+	 * @param baseDir the directory used to resolve relative file names in the XML
+	 *                document. This directory must exist and include the trailing
+	 *                separator. The directory format, including the separators,
+	 *                must be valid for the platform. Can be <code>null</code> if
+	 *                not needed.
+	 * @return a memento on the first <code>Element</code> for reading the document
+	 * @throws WorkbenchException if IO problems, invalid format, or no element.
+	 */
+	public static XMLMemento createReadRoot(Reader reader, String baseDir) throws WorkbenchException {
         String errorMessage = null;
-        Exception exception = null;
+		Exception exception = null;
+		DocumentBuilderFactory factory = null;
+		Object attributeDTDOldValue = null;
+		Object attributeSchemaOldValue = null;
+		try {
+			factory = DocumentBuilderFactory.newInstance();
+			try {
+				attributeDTDOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD);
+				attributeSchemaOldValue = factory.getAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA);
+			} catch (NullPointerException | IllegalArgumentException e) {
+				// Attributes not defined
+			}
+			factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD,
+					getAttributeNewValue(attributeDTDOldValue));
+			factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA,
+					getAttributeNewValue(attributeSchemaOldValue));
 
-        try {
-            DocumentBuilderFactory factory = DocumentBuilderFactory
-                    .newInstance();
             DocumentBuilder parser = factory.newDocumentBuilder();
             InputSource source = new InputSource(reader);
             if (baseDir != null) {
@@ -134,7 +169,12 @@ public final class XMLMemento implements IMemento {
         } catch (SAXException e) {
             exception = e;
             errorMessage = WorkbenchMessages.XMLMemento_formatError;
-        }
+		} finally {
+			if (factory != null) {
+				factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_DTD, attributeDTDOldValue);
+				factory.setAttribute(javax.xml.XMLConstants.ACCESS_EXTERNAL_SCHEMA, attributeSchemaOldValue);
+			}
+		}
 
         String problemText = null;
         if (exception != null) {