mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cid#1616070 XML external entity processing enabled

Browse Source 
reformat to get it seen by scanner

Change-Id: I9b9a40078e6474d87f4fe7cc6b19992023e24144
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171652
Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com>
Tested-by: Jenkins
This commit is contained in:
Caolán McNamara
2024-08-06 19:49:53 +01:00
parent c103bf4961
commit fb443c4f8e
5 changed files with 75 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
xmerge/source/xmerge/java/org/openoffice/xmerge/converter/dom/DOMDocument.java
View File

@@ -47,18 +47,22 @@ public class DOMDocument
private static DocumentBuilderFactory makeFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
for (String feature : featuresToDisable) {
try {
factory.setFeature(feature, false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {

26
xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/OfficeDocument.java
View File

@@ -62,18 +62,22 @@ public abstract class OfficeDocument
private static DocumentBuilderFactory makeFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
for (String feature : featuresToDisable) {
try {
factory.setFeature(feature, false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {

26
xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentDeserializerImpl.java
View File

@@ -62,18 +62,22 @@ public final class DocumentDeserializerImpl
private static DocumentBuilderFactory makeFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
for (String feature : featuresToDisable) {
try {
factory.setFeature(feature, false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {

26
xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentSerializerImpl.java
View File

@@ -72,18 +72,22 @@ public final class DocumentSerializerImpl
private static DocumentBuilderFactory makeFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
for (String feature : featuresToDisable) {
try {
factory.setFeature(feature, false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {

26
xmerge/source/xmerge/java/org/openoffice/xmerge/util/registry/ConverterInfoReader.java
View File

@@ -54,18 +54,22 @@ public class ConverterInfoReader {
private static DocumentBuilderFactory makeFactory() {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
String[] featuresToDisable = {
"http://xml.org/sax/features/external-general-entities",
"http://xml.org/sax/features/external-parameter-entities",
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
};
try {
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
for (String feature : featuresToDisable) {
try {
factory.setFeature(feature, false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
} catch (ParserConfigurationException e) {
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
}
try {