cid#1616070 XML external entity processing enabled
reformat to get it seen by scanner Change-Id: I9b9a40078e6474d87f4fe7cc6b19992023e24144 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/171652 Reviewed-by: Caolán McNamara <caolan.mcnamara@collabora.com> Tested-by: Jenkins
This commit is contained in:
@@ -47,18 +47,22 @@ public class DOMDocument
|
||||
private static DocumentBuilderFactory makeFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
|
@@ -62,18 +62,22 @@ public abstract class OfficeDocument
|
||||
private static DocumentBuilderFactory makeFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
|
@@ -62,18 +62,22 @@ public final class DocumentDeserializerImpl
|
||||
private static DocumentBuilderFactory makeFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
|
@@ -72,18 +72,22 @@ public final class DocumentSerializerImpl
|
||||
private static DocumentBuilderFactory makeFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
|
@@ -54,18 +54,22 @@ public class ConverterInfoReader {
|
||||
private static DocumentBuilderFactory makeFactory() {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
String[] featuresToDisable = {
|
||||
"http://xml.org/sax/features/external-general-entities",
|
||||
"http://xml.org/sax/features/external-parameter-entities",
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd"
|
||||
};
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
for (String feature : featuresToDisable) {
|
||||
try {
|
||||
factory.setFeature(feature, false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
try {
|
||||
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
|
||||
} catch (ParserConfigurationException e) {
|
||||
Debug.log(Debug.ERROR, "Exception when calling setFeature: ", e);
|
||||
}
|
||||
|
||||
try {
|
||||
|
Reference in New Issue
Block a user