-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathXMLReaderTests.java
More file actions
102 lines (86 loc) · 5.06 KB
/
XMLReaderTests.java
File metadata and controls
102 lines (86 loc) · 5.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import java.net.Socket;
import org.xml.sax.InputSource;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLReaderFactory;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.dom4j.io.SAXReader;
public class XMLReaderTests {
public void unconfiguredReader(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void safeReaderFromConfig1(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false);
reader.parse(new InputSource(sock.getInputStream())); //safe
}
public void safeReaderFromConfig2(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.parse(new InputSource(sock.getInputStream())); //safe
}
public void safeReaderFromSAXParser(Socket sock) throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
SAXParser parser = factory.newSAXParser();
XMLReader reader = parser.getXMLReader();
reader.parse(new InputSource(sock.getInputStream())); //safe
}
public void safeReaderFromSAXReader(Socket sock) throws Exception {
SAXReader reader = new SAXReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
XMLReader xmlReader = reader.getXMLReader();
xmlReader.parse(new InputSource(sock.getInputStream())); //safe
}
public void partialConfiguredXMLReader1(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void partialConfiguredXMLReader2(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void partilaConfiguredXMLReader3(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void misConfiguredXMLReader1(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void misConfiguredXMLReader2(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", true);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd",false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void misConfiguredXMLReader3(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", true);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
public void misConfiguredXMLReader4(Socket sock) throws Exception {
XMLReader reader = XMLReaderFactory.createXMLReader();
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
reader.parse(new InputSource(sock.getInputStream())); //unsafe
}
}