Wed, 15 Jan 2014 10:49:32 -0800
Merge
1.1 --- a/src/com/sun/org/apache/xalan/internal/XalanConstants.java Mon Jan 13 22:31:55 2014 -0800 1.2 +++ b/src/com/sun/org/apache/xalan/internal/XalanConstants.java Wed Jan 15 10:49:32 2014 -0800 1.3 @@ -79,7 +79,7 @@ 1.4 /** 1.5 * JDK maximum general entity size limit 1.6 */ 1.7 - public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = 1.8 + public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT = 1.9 ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; 1.10 /** 1.11 * JDK maximum parameter entity size limit 1.12 @@ -129,7 +129,7 @@ 1.13 /** 1.14 * JDK maximum general entity size limit 1.15 */ 1.16 - public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; 1.17 + public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; 1.18 /** 1.19 * JDK maximum parameter entity size limit 1.20 */
2.1 --- a/src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java Mon Jan 13 22:31:55 2014 -0800 2.2 +++ b/src/com/sun/org/apache/xalan/internal/lib/ExsltStrings.java Wed Jan 15 10:49:32 2014 -0800 2.3 @@ -52,6 +52,8 @@ 2.4 */ 2.5 public class ExsltStrings extends ExsltBase 2.6 { 2.7 + static final String JDK_DEFAULT_DOM = "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"; 2.8 + 2.9 /** 2.10 * The str:align function aligns a string within another string. 2.11 * <p> 2.12 @@ -225,7 +227,7 @@ 2.13 token = str.substring(fromIndex); 2.14 } 2.15 2.16 - Document doc = DocumentHolder.m_doc; 2.17 + Document doc = getDocument(); 2.18 synchronized (doc) 2.19 { 2.20 Element element = doc.createElement("token"); 2.21 @@ -289,7 +291,7 @@ 2.22 { 2.23 StringTokenizer lTokenizer = new StringTokenizer(toTokenize, delims); 2.24 2.25 - Document doc = DocumentHolder.m_doc; 2.26 + Document doc = getDocument(); 2.27 synchronized (doc) 2.28 { 2.29 while (lTokenizer.hasMoreTokens()) 2.30 @@ -305,7 +307,7 @@ 2.31 else 2.32 { 2.33 2.34 - Document doc = DocumentHolder.m_doc; 2.35 + Document doc = getDocument(); 2.36 synchronized (doc) 2.37 { 2.38 for (int i = 0; i < toTokenize.length(); i++) 2.39 @@ -327,31 +329,23 @@ 2.40 { 2.41 return tokenize(toTokenize, " \t\n\r"); 2.42 } 2.43 + 2.44 /** 2.45 - * This class is not loaded until first referenced (see Java Language 2.46 - * Specification by Gosling/Joy/Steele, section 12.4.1) 2.47 - * 2.48 - * The static members are created when this class is first referenced, as a 2.49 - * lazy initialization not needing checking against null or any 2.50 - * synchronization. 2.51 - * 2.52 + * @return an instance of DOM Document 2.53 */ 2.54 - private static class DocumentHolder 2.55 - { 2.56 - // Reuse the Document object to reduce memory usage. 2.57 - private static final Document m_doc; 2.58 - static { 2.59 - try 2.60 - { 2.61 - m_doc =DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); 2.62 + private static Document getDocument() 2.63 + { 2.64 + try 2.65 + { 2.66 + if (System.getSecurityManager() == null) { 2.67 + return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); 2.68 + } else { 2.69 + return DocumentBuilderFactory.newInstance(JDK_DEFAULT_DOM, null).newDocumentBuilder().newDocument(); 2.70 } 2.71 - 2.72 - catch(ParserConfigurationException pce) 2.73 - { 2.74 - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 2.75 - } 2.76 - 2.77 + } 2.78 + catch(ParserConfigurationException pce) 2.79 + { 2.80 + throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 2.81 } 2.82 } 2.83 - 2.84 }
3.1 --- a/src/com/sun/org/apache/xalan/internal/lib/Extensions.java Mon Jan 13 22:31:55 2014 -0800 3.2 +++ b/src/com/sun/org/apache/xalan/internal/lib/Extensions.java Wed Jan 15 10:49:32 2014 -0800 3.3 @@ -56,6 +56,7 @@ 3.4 */ 3.5 public class Extensions 3.6 { 3.7 + static final String JDK_DEFAULT_DOM = "com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl"; 3.8 /** 3.9 * Constructor Extensions 3.10 * 3.11 @@ -114,23 +115,14 @@ 3.12 3.13 // This no longer will work right since the DTM. 3.14 // Document myDoc = myProcessor.getContextNode().getOwnerDocument(); 3.15 - try 3.16 - { 3.17 - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 3.18 - DocumentBuilder db = dbf.newDocumentBuilder(); 3.19 - Document myDoc = db.newDocument(); 3.20 + Document myDoc = getDocument(); 3.21 3.22 Text textNode = myDoc.createTextNode(textNodeValue); 3.23 DocumentFragment docFrag = myDoc.createDocumentFragment(); 3.24 3.25 docFrag.appendChild(textNode); 3.26 3.27 - return new NodeSet(docFrag); 3.28 - } 3.29 - catch(ParserConfigurationException pce) 3.30 - { 3.31 - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 3.32 - } 3.33 + return new NodeSet(docFrag); 3.34 } 3.35 } 3.36 3.37 @@ -249,8 +241,7 @@ 3.38 public static NodeList tokenize(String toTokenize, String delims) 3.39 { 3.40 3.41 - Document doc = DocumentHolder.m_doc; 3.42 - 3.43 + Document doc = getDocument(); 3.44 3.45 StringTokenizer lTokenizer = new StringTokenizer(toTokenize, delims); 3.46 NodeSet resultSet = new NodeSet(); 3.47 @@ -308,17 +299,7 @@ 3.48 public static Node checkEnvironment(ExpressionContext myContext) 3.49 { 3.50 3.51 - Document factoryDocument; 3.52 - try 3.53 - { 3.54 - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 3.55 - DocumentBuilder db = dbf.newDocumentBuilder(); 3.56 - factoryDocument = db.newDocument(); 3.57 - } 3.58 - catch(ParserConfigurationException pce) 3.59 - { 3.60 - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 3.61 - } 3.62 + Document factoryDocument = getDocument(); 3.63 3.64 Node resultNode = null; 3.65 try 3.66 @@ -391,30 +372,21 @@ 3.67 } 3.68 3.69 /** 3.70 - * This class is not loaded until first referenced (see Java Language 3.71 - * Specification by Gosling/Joy/Steele, section 12.4.1) 3.72 - * 3.73 - * The static members are created when this class is first referenced, as a 3.74 - * lazy initialization not needing checking against null or any 3.75 - * synchronization. 3.76 - * 3.77 + * @return an instance of DOM Document 3.78 */ 3.79 - private static class DocumentHolder 3.80 - { 3.81 - // Reuse the Document object to reduce memory usage. 3.82 - private static final Document m_doc; 3.83 - static 3.84 + private static Document getDocument() 3.85 + { 3.86 + try 3.87 { 3.88 - try 3.89 - { 3.90 - m_doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); 3.91 + if (System.getSecurityManager() == null) { 3.92 + return DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); 3.93 + } else { 3.94 + return DocumentBuilderFactory.newInstance(JDK_DEFAULT_DOM, null).newDocumentBuilder().newDocument(); 3.95 } 3.96 - 3.97 - catch(ParserConfigurationException pce) 3.98 - { 3.99 - throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 3.100 - } 3.101 - 3.102 + } 3.103 + catch(ParserConfigurationException pce) 3.104 + { 3.105 + throw new com.sun.org.apache.xml.internal.utils.WrappedRuntimeException(pce); 3.106 } 3.107 } 3.108 }
4.1 --- a/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Mon Jan 13 22:31:55 2014 -0800 4.2 +++ b/src/com/sun/org/apache/xalan/internal/utils/XMLSecurityManager.java Wed Jan 15 10:49:32 2014 -0800 4.3 @@ -73,8 +73,8 @@ 4.4 XalanConstants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), 4.5 TOTAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_TOTAL_ENTITY_SIZE_LIMIT, 4.6 XalanConstants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), 4.7 - GENEAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENEAL_ENTITY_SIZE_LIMIT, 4.8 - XalanConstants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), 4.9 + GENERAL_ENTITY_SIZE_LIMIT(XalanConstants.JDK_GENERAL_ENTITY_SIZE_LIMIT, 4.10 + XalanConstants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), 4.11 PARAMETER_ENTITY_SIZE_LIMIT(XalanConstants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, 4.12 XalanConstants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); 4.13
5.1 --- a/src/com/sun/org/apache/xerces/internal/impl/Constants.java Mon Jan 13 22:31:55 2014 -0800 5.2 +++ b/src/com/sun/org/apache/xerces/internal/impl/Constants.java Wed Jan 15 10:49:32 2014 -0800 5.3 @@ -240,7 +240,7 @@ 5.4 /** 5.5 * JDK maximum general entity size limit 5.6 */ 5.7 - public static final String JDK_GENEAL_ENTITY_SIZE_LIMIT = 5.8 + public static final String JDK_GENERAL_ENTITY_SIZE_LIMIT = 5.9 ORACLE_JAXP_PROPERTY_PREFIX + "maxGeneralEntitySizeLimit"; 5.10 /** 5.11 * JDK maximum parameter entity size limit 5.12 @@ -287,7 +287,7 @@ 5.13 /** 5.14 * JDK maximum general entity size limit 5.15 */ 5.16 - public static final String SP_GENEAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; 5.17 + public static final String SP_GENERAL_ENTITY_SIZE_LIMIT = "jdk.xml.maxGeneralEntitySizeLimit"; 5.18 /** 5.19 * JDK maximum parameter entity size limit 5.20 */
6.1 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 6.2 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDTDScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 6.3 @@ -44,6 +44,7 @@ 6.4 import com.sun.org.apache.xerces.internal.impl.XMLErrorReporter; 6.5 import com.sun.org.apache.xerces.internal.impl.XMLEntityHandler; 6.6 import com.sun.org.apache.xerces.internal.impl.Constants; 6.7 +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; 6.8 import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager; 6.9 import com.sun.xml.internal.stream.Entity; 6.10 6.11 @@ -262,6 +263,11 @@ 6.12 fEntityManager.startDTDEntity(inputSource); 6.13 } // setInputSource(XMLInputSource) 6.14 6.15 + 6.16 + public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer) { 6.17 + fLimitAnalyzer = limitAnalyzer; 6.18 + } 6.19 + 6.20 /** 6.21 * Scans the external subset of the document. 6.22 * 6.23 @@ -1625,10 +1631,10 @@ 6.24 XMLString literal = fString; 6.25 XMLString literal2 = fString; 6.26 int countChar = 0; 6.27 - if (fLimitAnalyzer == null && fSecurityManager != null) { 6.28 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 6.29 - fLimitAnalyzer.startEntity(entityName); 6.30 - } 6.31 + if (fLimitAnalyzer == null ) { 6.32 + fLimitAnalyzer = new XMLLimitAnalyzer(); 6.33 + } 6.34 + fLimitAnalyzer.startEntity(entityName); 6.35 6.36 if (fEntityScanner.scanLiteral(quote, fString) != quote) { 6.37 fStringBuffer.clear(); 6.38 @@ -2145,6 +2151,8 @@ 6.39 // set starting state 6.40 setScannerState(SCANNER_STATE_TEXT_DECL); 6.41 //new SymbolTable()); 6.42 + 6.43 + fLimitAnalyzer = new XMLLimitAnalyzer(); 6.44 } 6.45 6.46 /** 6.47 @@ -2164,18 +2172,18 @@ 6.48 */ 6.49 private void checkLimit(String entityName, int len) { 6.50 if (fLimitAnalyzer == null) { 6.51 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 6.52 + fLimitAnalyzer = new XMLLimitAnalyzer(); 6.53 } 6.54 fLimitAnalyzer.addValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, entityName, len); 6.55 - if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)) { 6.56 - fSecurityManager.debugPrint(); 6.57 + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { 6.58 + fSecurityManager.debugPrint(fLimitAnalyzer); 6.59 reportFatalError("MaxEntitySizeLimit", new Object[]{entityName, 6.60 fLimitAnalyzer.getValue(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), 6.61 fSecurityManager.getLimit(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT), 6.62 fSecurityManager.getStateLiteral(XMLSecurityManager.Limit.PARAMETER_ENTITY_SIZE_LIMIT)}); 6.63 } 6.64 - if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT)) { 6.65 - fSecurityManager.debugPrint(); 6.66 + if (fSecurityManager.isOverLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { 6.67 + fSecurityManager.debugPrint(fLimitAnalyzer); 6.68 reportFatalError("TotalEntitySizeLimit", 6.69 new Object[]{fLimitAnalyzer.getTotalValue(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT), 6.70 fSecurityManager.getLimit(XMLSecurityManager.Limit.TOTAL_ENTITY_SIZE_LIMIT),
7.1 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 7.2 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentFragmentScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 7.3 @@ -659,12 +659,12 @@ 7.4 dtdGrammarUtil = null; 7.5 7.6 if (fSecurityManager != null) { 7.7 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 7.8 fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT); 7.9 } else { 7.10 - fLimitAnalyzer = null; 7.11 fElementAttributeLimit = 0; 7.12 } 7.13 + fLimitAnalyzer = new XMLLimitAnalyzer(); 7.14 + fEntityManager.setLimitAnalyzer(fLimitAnalyzer); 7.15 } 7.16 7.17 /** 7.18 @@ -3154,16 +3154,16 @@ 7.19 */ 7.20 protected void checkLimit(XMLStringBuffer buffer) { 7.21 if (fLimitAnalyzer.isTracking(fCurrentEntityName)) { 7.22 - fLimitAnalyzer.addValue(Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); 7.23 - if (fSecurityManager.isOverLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT)) { 7.24 - fSecurityManager.debugPrint(); 7.25 + fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length); 7.26 + if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { 7.27 + fSecurityManager.debugPrint(fLimitAnalyzer); 7.28 reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName, 7.29 - fLimitAnalyzer.getValue(Limit.GENEAL_ENTITY_SIZE_LIMIT), 7.30 - fSecurityManager.getLimit(Limit.GENEAL_ENTITY_SIZE_LIMIT), 7.31 - fSecurityManager.getStateLiteral(Limit.GENEAL_ENTITY_SIZE_LIMIT)}); 7.32 + fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT), 7.33 + fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT), 7.34 + fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)}); 7.35 } 7.36 - if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT)) { 7.37 - fSecurityManager.debugPrint(); 7.38 + if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) { 7.39 + fSecurityManager.debugPrint(fLimitAnalyzer); 7.40 reportFatalError("TotalEntitySizeLimit", 7.41 new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT), 7.42 fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
8.1 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Mon Jan 13 22:31:55 2014 -0800 8.2 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLDocumentScannerImpl.java Wed Jan 15 10:49:32 2014 -0800 8.3 @@ -1090,6 +1090,8 @@ 8.4 8.5 ((XMLDTDScannerImpl)fDTDScanner).reset(fPropertyManager); 8.6 } 8.7 + 8.8 + fDTDScanner.setLimitAnalyzer(fLimitAnalyzer); 8.9 do { 8.10 again = false; 8.11 switch (fScannerState) {
9.1 --- a/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Mon Jan 13 22:31:55 2014 -0800 9.2 +++ b/src/com/sun/org/apache/xerces/internal/impl/XMLEntityManager.java Wed Jan 15 10:49:32 2014 -0800 9.3 @@ -1300,8 +1300,8 @@ 9.4 if(fLimitAnalyzer != null) { 9.5 fLimitAnalyzer.addValue(entityExpansionIndex, name, 1); 9.6 } 9.7 - if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex)){ 9.8 - fSecurityManager.debugPrint(); 9.9 + if( fSecurityManager != null && fSecurityManager.isOverLimit(entityExpansionIndex, fLimitAnalyzer)){ 9.10 + fSecurityManager.debugPrint(fLimitAnalyzer); 9.11 fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN,"EntityExpansionLimitExceeded", 9.12 new Object[]{fSecurityManager.getLimitValueByIndex(entityExpansionIndex)}, 9.13 XMLErrorReporter.SEVERITY_FATAL_ERROR ); 9.14 @@ -1368,9 +1368,9 @@ 9.15 //close the reader 9.16 try{ 9.17 if (fLimitAnalyzer != null) { 9.18 - fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENEAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name); 9.19 + fLimitAnalyzer.endEntity(XMLSecurityManager.Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntity.name); 9.20 if (fCurrentEntity.name.equals("[xml]")) { 9.21 - fSecurityManager.debugPrint(); 9.22 + fSecurityManager.debugPrint(fLimitAnalyzer); 9.23 } 9.24 } 9.25 fCurrentEntity.close(); 9.26 @@ -1439,7 +1439,6 @@ 9.27 fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); 9.28 9.29 fSecurityManager = (XMLSecurityManager)propertyManager.getProperty(SECURITY_MANAGER); 9.30 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 9.31 9.32 // initialize state 9.33 //fStandalone = false; 9.34 @@ -1501,7 +1500,6 @@ 9.35 fStaxEntityResolver = (StaxEntityResolverWrapper)componentManager.getProperty(STAX_ENTITY_RESOLVER, null); 9.36 fValidationManager = (ValidationManager)componentManager.getProperty(VALIDATION_MANAGER, null); 9.37 fSecurityManager = (XMLSecurityManager)componentManager.getProperty(SECURITY_MANAGER, null); 9.38 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 9.39 entityExpansionIndex = fSecurityManager.getIndex(Constants.JDK_ENTITY_EXPANSION_LIMIT); 9.40 9.41 // JAXP 1.5 feature 9.42 @@ -1659,7 +1657,6 @@ 9.43 if (suffixLength == Constants.SECURITY_MANAGER_PROPERTY.length() && 9.44 propertyId.endsWith(Constants.SECURITY_MANAGER_PROPERTY)) { 9.45 fSecurityManager = (XMLSecurityManager)value; 9.46 - fLimitAnalyzer = fSecurityManager.getLimitAnalyzer(); 9.47 } 9.48 } 9.49 9.50 @@ -1668,8 +1665,13 @@ 9.51 { 9.52 XMLSecurityPropertyManager spm = (XMLSecurityPropertyManager)value; 9.53 fAccessExternalDTD = spm.getValue(XMLSecurityPropertyManager.Property.ACCESS_EXTERNAL_DTD); 9.54 - } 9.55 } 9.56 + } 9.57 + 9.58 + public void setLimitAnalyzer(XMLLimitAnalyzer fLimitAnalyzer) { 9.59 + this.fLimitAnalyzer = fLimitAnalyzer; 9.60 + } 9.61 + 9.62 /** 9.63 * Returns a list of property identifiers that are recognized by 9.64 * this component. This method may return null if no properties
10.1 --- a/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Mon Jan 13 22:31:55 2014 -0800 10.2 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLLimitAnalyzer.java Wed Jan 15 10:49:32 2014 -0800 10.3 @@ -77,7 +77,6 @@ 10.4 } 10.5 } 10.6 10.7 - private XMLSecurityManager securityManager; 10.8 /** 10.9 * Max value accumulated for each property 10.10 */ 10.11 @@ -101,8 +100,7 @@ 10.12 * Default constructor. Establishes default values for known security 10.13 * vulnerabilities. 10.14 */ 10.15 - public XMLLimitAnalyzer(XMLSecurityManager securityManager) { 10.16 - this.securityManager = securityManager; 10.17 + public XMLLimitAnalyzer() { 10.18 values = new int[Limit.values().length]; 10.19 totalValue = new int[Limit.values().length]; 10.20 names = new String[Limit.values().length]; 10.21 @@ -157,7 +155,7 @@ 10.22 } 10.23 10.24 10.25 - if (index == Limit.GENEAL_ENTITY_SIZE_LIMIT.ordinal() || 10.26 + if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() || 10.27 index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) { 10.28 totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value; 10.29 } 10.30 @@ -221,7 +219,7 @@ 10.31 } 10.32 } 10.33 10.34 - public void debugPrint() { 10.35 + public void debugPrint(XMLSecurityManager securityManager) { 10.36 Formatter formatter = new Formatter(); 10.37 System.out.println(formatter.format("%30s %15s %15s %15s %30s", 10.38 "Property","Limit","Total size","Size","Entity Name"));
11.1 --- a/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Mon Jan 13 22:31:55 2014 -0800 11.2 +++ b/src/com/sun/org/apache/xerces/internal/utils/XMLSecurityManager.java Wed Jan 15 10:49:32 2014 -0800 11.3 @@ -65,7 +65,7 @@ 11.4 MAX_OCCUR_NODE_LIMIT(Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), 11.5 ELEMENT_ATTRIBUTE_LIMIT(Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), 11.6 TOTAL_ENTITY_SIZE_LIMIT(Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), 11.7 - GENEAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENEAL_ENTITY_SIZE_LIMIT, Constants.SP_GENEAL_ENTITY_SIZE_LIMIT, 0, 0), 11.8 + GENERAL_ENTITY_SIZE_LIMIT(Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), 11.9 PARAMETER_ENTITY_SIZE_LIMIT(Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000); 11.10 11.11 final String apiProperty; 11.12 @@ -148,7 +148,6 @@ 11.13 private boolean[] isSet; 11.14 11.15 11.16 - private XMLLimitAnalyzer limitAnalyzer; 11.17 /** 11.18 * Index of the special entityCountInfo property 11.19 */ 11.20 @@ -169,7 +168,6 @@ 11.21 * @param secureProcessing 11.22 */ 11.23 public XMLSecurityManager(boolean secureProcessing) { 11.24 - limitAnalyzer = new XMLLimitAnalyzer(this); 11.25 values = new int[Limit.values().length]; 11.26 states = new State[Limit.values().length]; 11.27 isSet = new boolean[Limit.values().length]; 11.28 @@ -249,13 +247,15 @@ 11.29 if (index == indexEntityCountInfo) { 11.30 printEntityCountInfo = (String)value; 11.31 } else { 11.32 - int temp = 0; 11.33 - try { 11.34 + int temp; 11.35 + if (Integer.class.isAssignableFrom(value.getClass())) { 11.36 + temp = ((Integer)value).intValue(); 11.37 + } else { 11.38 temp = Integer.parseInt((String) value); 11.39 if (temp < 0) { 11.40 temp = 0; 11.41 } 11.42 - } catch (NumberFormatException e) {} 11.43 + } 11.44 setLimit(index, state, temp); 11.45 } 11.46 } 11.47 @@ -387,8 +387,9 @@ 11.48 * @param size the size (count or length) of the entity 11.49 * @return true if the size is over the limit, false otherwise 11.50 */ 11.51 - public boolean isOverLimit(Limit limit, String entityName, int size) { 11.52 - return isOverLimit(limit.ordinal(), entityName, size); 11.53 + public boolean isOverLimit(Limit limit, String entityName, int size, 11.54 + XMLLimitAnalyzer limitAnalyzer) { 11.55 + return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer); 11.56 } 11.57 11.58 /** 11.59 @@ -400,7 +401,8 @@ 11.60 * @param size the size (count or length) of the entity 11.61 * @return true if the size is over the limit, false otherwise 11.62 */ 11.63 - public boolean isOverLimit(int index, String entityName, int size) { 11.64 + public boolean isOverLimit(int index, String entityName, int size, 11.65 + XMLLimitAnalyzer limitAnalyzer) { 11.66 if (values[index] == NO_LIMIT) { 11.67 return false; 11.68 } 11.69 @@ -418,11 +420,11 @@ 11.70 * @param size the size (count or length) of the entity 11.71 * @return true if the size is over the limit, false otherwise 11.72 */ 11.73 - public boolean isOverLimit(Limit limit) { 11.74 - return isOverLimit(limit.ordinal()); 11.75 + public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) { 11.76 + return isOverLimit(limit.ordinal(), limitAnalyzer); 11.77 } 11.78 11.79 - public boolean isOverLimit(int index) { 11.80 + public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) { 11.81 if (values[index] == NO_LIMIT) { 11.82 return false; 11.83 } 11.84 @@ -436,29 +438,12 @@ 11.85 } 11.86 } 11.87 11.88 - public void debugPrint() { 11.89 + public void debugPrint(XMLLimitAnalyzer limitAnalyzer) { 11.90 if (printEntityCountInfo.equals(Constants.JDK_YES)) { 11.91 - limitAnalyzer.debugPrint(); 11.92 + limitAnalyzer.debugPrint(this); 11.93 } 11.94 } 11.95 11.96 - /** 11.97 - * Return the limit analyzer 11.98 - * 11.99 - * @return the limit analyzer 11.100 - */ 11.101 - public XMLLimitAnalyzer getLimitAnalyzer() { 11.102 - return limitAnalyzer; 11.103 - } 11.104 - 11.105 - /** 11.106 - * Set limit analyzer 11.107 - * 11.108 - * @param analyzer a limit analyzer 11.109 - */ 11.110 - public void setLimitAnalyzer(XMLLimitAnalyzer analyzer) { 11.111 - limitAnalyzer = analyzer; 11.112 - } 11.113 11.114 /** 11.115 * Indicate if a property is set explicitly
12.1 --- a/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Mon Jan 13 22:31:55 2014 -0800 12.2 +++ b/src/com/sun/org/apache/xerces/internal/xni/parser/XMLDTDScanner.java Wed Jan 15 10:49:32 2014 -0800 12.3 @@ -20,6 +20,7 @@ 12.4 12.5 package com.sun.org.apache.xerces.internal.xni.parser; 12.6 12.7 +import com.sun.org.apache.xerces.internal.utils.XMLLimitAnalyzer; 12.8 import java.io.IOException; 12.9 import com.sun.org.apache.xerces.internal.xni.XNIException; 12.10 12.11 @@ -95,4 +96,5 @@ 12.12 public boolean scanDTDExternalSubset(boolean complete) 12.13 throws IOException, XNIException; 12.14 12.15 + public void setLimitAnalyzer(XMLLimitAnalyzer limitAnalyzer); 12.16 } // interface XMLDTDScanner
13.1 --- a/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Mon Jan 13 22:31:55 2014 -0800 13.2 +++ b/src/com/sun/org/apache/xml/internal/resolver/CatalogManager.java Wed Jan 15 10:49:32 2014 -0800 13.3 @@ -24,20 +24,17 @@ 13.4 package com.sun.org.apache.xml.internal.resolver; 13.5 13.6 import com.sun.org.apache.xerces.internal.utils.SecuritySupport; 13.7 +import com.sun.org.apache.xml.internal.resolver.helpers.BootstrapResolver; 13.8 +import com.sun.org.apache.xml.internal.resolver.helpers.Debug; 13.9 import java.io.InputStream; 13.10 - 13.11 +import java.net.MalformedURLException; 13.12 import java.net.URL; 13.13 -import java.net.MalformedURLException; 13.14 - 13.15 import java.util.MissingResourceException; 13.16 import java.util.PropertyResourceBundle; 13.17 import java.util.ResourceBundle; 13.18 import java.util.StringTokenizer; 13.19 import java.util.Vector; 13.20 - 13.21 -import com.sun.org.apache.xml.internal.resolver.helpers.Debug; 13.22 -import com.sun.org.apache.xml.internal.resolver.helpers.BootstrapResolver; 13.23 -import com.sun.org.apache.xml.internal.resolver.Catalog; 13.24 +import sun.reflect.misc.ReflectUtil; 13.25 13.26 /** 13.27 * CatalogManager provides an interface to the catalog properties. 13.28 @@ -687,7 +684,7 @@ 13.29 catalog = new Catalog(); 13.30 } else { 13.31 try { 13.32 - catalog = (Catalog) Class.forName(catalogClassName).newInstance(); 13.33 + catalog = (Catalog) ReflectUtil.forName(catalogClassName).newInstance(); 13.34 } catch (ClassNotFoundException cnfe) { 13.35 debug.message(1,"Catalog class named '" 13.36 + catalogClassName
14.1 --- a/src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java Mon Jan 13 22:31:55 2014 -0800 14.2 +++ b/src/com/sun/org/apache/xml/internal/resolver/readers/DOMCatalogReader.java Wed Jan 15 10:49:32 2014 -0800 14.3 @@ -23,24 +23,21 @@ 14.4 14.5 package com.sun.org.apache.xml.internal.resolver.readers; 14.6 14.7 -import java.util.Hashtable; 14.8 +import com.sun.org.apache.xml.internal.resolver.Catalog; 14.9 +import com.sun.org.apache.xml.internal.resolver.CatalogException; 14.10 +import com.sun.org.apache.xml.internal.resolver.helpers.Namespaces; 14.11 import java.io.IOException; 14.12 import java.io.InputStream; 14.13 +import java.net.MalformedURLException; 14.14 import java.net.URL; 14.15 import java.net.URLConnection; 14.16 -import java.net.MalformedURLException; 14.17 - 14.18 +import java.util.Hashtable; 14.19 +import javax.xml.parsers.DocumentBuilder; 14.20 import javax.xml.parsers.DocumentBuilderFactory; 14.21 -import javax.xml.parsers.DocumentBuilder; 14.22 import javax.xml.parsers.ParserConfigurationException; 14.23 - 14.24 -import com.sun.org.apache.xml.internal.resolver.Catalog; 14.25 -import com.sun.org.apache.xml.internal.resolver.CatalogException; 14.26 -import com.sun.org.apache.xml.internal.resolver.readers.CatalogReader; 14.27 -import com.sun.org.apache.xml.internal.resolver.helpers.Namespaces; 14.28 - 14.29 +import org.w3c.dom.*; 14.30 import org.xml.sax.SAXException; 14.31 -import org.w3c.dom.*; 14.32 +import sun.reflect.misc.ReflectUtil; 14.33 14.34 /** 14.35 * A DOM-based CatalogReader. 14.36 @@ -199,7 +196,7 @@ 14.37 DOMCatalogParser domParser = null; 14.38 14.39 try { 14.40 - domParser = (DOMCatalogParser) Class.forName(domParserClass).newInstance(); 14.41 + domParser = (DOMCatalogParser) ReflectUtil.forName(domParserClass).newInstance(); 14.42 } catch (ClassNotFoundException cnfe) { 14.43 catalog.getCatalogManager().debug.message(1, "Cannot load XML Catalog Parser class", domParserClass); 14.44 throw new CatalogException(CatalogException.UNPARSEABLE);
15.1 --- a/src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java Mon Jan 13 22:31:55 2014 -0800 15.2 +++ b/src/com/sun/org/apache/xml/internal/resolver/readers/SAXCatalogReader.java Wed Jan 15 10:49:32 2014 -0800 15.3 @@ -23,19 +23,21 @@ 15.4 15.5 package com.sun.org.apache.xml.internal.resolver.readers; 15.6 15.7 -import java.util.Hashtable; 15.8 +import com.sun.org.apache.xml.internal.resolver.Catalog; 15.9 +import com.sun.org.apache.xml.internal.resolver.CatalogException; 15.10 +import com.sun.org.apache.xml.internal.resolver.CatalogManager; 15.11 +import com.sun.org.apache.xml.internal.resolver.helpers.Debug; 15.12 +import java.io.FileNotFoundException; 15.13 import java.io.IOException; 15.14 -import java.io.FileNotFoundException; 15.15 import java.io.InputStream; 15.16 +import java.net.MalformedURLException; 15.17 import java.net.URL; 15.18 import java.net.URLConnection; 15.19 -import java.net.MalformedURLException; 15.20 import java.net.UnknownHostException; 15.21 - 15.22 +import java.util.Hashtable; 15.23 import javax.xml.parsers.ParserConfigurationException; 15.24 +import javax.xml.parsers.SAXParser; 15.25 import javax.xml.parsers.SAXParserFactory; 15.26 -import javax.xml.parsers.SAXParser; 15.27 - 15.28 import org.xml.sax.AttributeList; 15.29 import org.xml.sax.Attributes; 15.30 import org.xml.sax.ContentHandler; 15.31 @@ -45,12 +47,7 @@ 15.32 import org.xml.sax.Locator; 15.33 import org.xml.sax.Parser; 15.34 import org.xml.sax.SAXException; 15.35 - 15.36 -import com.sun.org.apache.xml.internal.resolver.Catalog; 15.37 -import com.sun.org.apache.xml.internal.resolver.CatalogManager; 15.38 -import com.sun.org.apache.xml.internal.resolver.CatalogException; 15.39 -import com.sun.org.apache.xml.internal.resolver.readers.CatalogReader; 15.40 -import com.sun.org.apache.xml.internal.resolver.helpers.Debug; 15.41 +import sun.reflect.misc.ReflectUtil; 15.42 15.43 /** 15.44 * A SAX-based CatalogReader. 15.45 @@ -246,7 +243,7 @@ 15.46 } 15.47 parser.parse(new InputSource(is), spHandler); 15.48 } else { 15.49 - Parser parser = (Parser) Class.forName(parserClass).newInstance(); 15.50 + Parser parser = (Parser) ReflectUtil.forName(parserClass).newInstance(); 15.51 parser.setDocumentHandler(this); 15.52 if (bResolver != null) { 15.53 parser.setEntityResolver(bResolver); 15.54 @@ -352,7 +349,7 @@ 15.55 15.56 try { 15.57 saxParser = (SAXCatalogParser) 15.58 - Class.forName(saxParserClass).newInstance(); 15.59 + ReflectUtil.forName(saxParserClass).newInstance(); 15.60 15.61 saxParser.setCatalog(catalog); 15.62 saxParser.startDocument(); 15.63 @@ -413,7 +410,7 @@ 15.64 15.65 try { 15.66 saxParser = (SAXCatalogParser) 15.67 - Class.forName(saxParserClass).newInstance(); 15.68 + ReflectUtil.forName(saxParserClass).newInstance(); 15.69 15.70 saxParser.setCatalog(catalog); 15.71 saxParser.startDocument();