This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new 77cb0827d35 Refactor XML parsing to use safer document builders in
multiple classes (#12129)
77cb0827d35 is described below
commit 77cb0827d354af69766de2052715410201684b95
Author: YoulongChen <[email protected]>
AuthorDate: Mon Jan 5 14:58:34 2026 +0800
Refactor XML parsing to use safer document builders in multiple classes
(#12129)
Co-authored-by: [email protected] <[email protected]>
---
.../LibvirtMigrateVolumeCommandWrapper.java | 5 +++--
.../main/java/com/cloud/test/DatabaseConfig.java | 2 +-
.../com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java | 23 +++++++++++-----------
3 files changed, 16 insertions(+), 14 deletions(-)
diff --git
a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateVolumeCommandWrapper.java
b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateVolumeCommandWrapper.java
index c0630f97886..22e35f53c05 100644
---
a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateVolumeCommandWrapper.java
+++
b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateVolumeCommandWrapper.java
@@ -42,6 +42,7 @@ import
org.apache.cloudstack.storage.datastore.client.ScaleIOGatewayClient;
import org.apache.cloudstack.storage.datastore.util.ScaleIOUtil;
import org.apache.cloudstack.storage.to.PrimaryDataStoreTO;
import org.apache.cloudstack.storage.to.VolumeObjectTO;
+import org.apache.cloudstack.utils.security.ParserUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.libvirt.Connect;
@@ -216,7 +217,7 @@ public class LibvirtMigrateVolumeCommandWrapper extends
CommandWrapper<MigrateVo
private String generateDestinationDiskLabel(String diskXml) throws
ParserConfigurationException, IOException, SAXException {
- DocumentBuilderFactory dbFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory dbFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
Document doc = dBuilder.parse(new
ByteArrayInputStream(diskXml.getBytes("UTF-8")));
doc.getDocumentElement().normalize();
@@ -230,7 +231,7 @@ public class LibvirtMigrateVolumeCommandWrapper extends
CommandWrapper<MigrateVo
protected String generateDestinationDiskXML(Domain dm, String srcVolumeId,
String diskFilePath, String destSecretUUID) throws LibvirtException,
ParserConfigurationException, IOException, TransformerException, SAXException {
final String domXml = dm.getXMLDesc(0);
- DocumentBuilderFactory dbFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory dbFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
Document doc = dBuilder.parse(new
ByteArrayInputStream(domXml.getBytes("UTF-8")));
doc.getDocumentElement().normalize();
diff --git a/server/src/main/java/com/cloud/test/DatabaseConfig.java
b/server/src/main/java/com/cloud/test/DatabaseConfig.java
index 27f2bf18ed7..f85b28e809e 100644
--- a/server/src/main/java/com/cloud/test/DatabaseConfig.java
+++ b/server/src/main/java/com/cloud/test/DatabaseConfig.java
@@ -429,7 +429,7 @@ public class DatabaseConfig {
try {
final File configFile = new File(_configFileName);
- SAXParserFactory spfactory = SAXParserFactory.newInstance();
+ SAXParserFactory spfactory =
ParserUtils.getSaferSAXParserFactory();
final SAXParser saxParser = spfactory.newSAXParser();
final DbConfigXMLHandler handler = new DbConfigXMLHandler();
handler.setParent(this);
diff --git a/utils/src/main/java/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
b/utils/src/main/java/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
index fa0f537014a..2f27d1f3a2d 100644
--- a/utils/src/main/java/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
+++ b/utils/src/main/java/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java
@@ -26,6 +26,7 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.logging.log4j.Logger;
+import org.apache.cloudstack.utils.security.ParserUtils;
import org.apache.logging.log4j.LogManager;
import org.w3c.dom.DOMException;
import org.w3c.dom.DOMImplementation;
@@ -67,7 +68,7 @@ public class VsmCommand {
public static String getAddPortProfile(String name, PortProfileType type,
BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String
espName) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -100,7 +101,7 @@ public class VsmCommand {
public static String getAddPortProfile(String name, PortProfileType type,
BindingType binding, SwitchPortMode mode, int vlanid) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -133,7 +134,7 @@ public class VsmCommand {
public static String getUpdatePortProfile(String name, SwitchPortMode
mode, List<Pair<VsmCommand.OperationType, String>> params) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -166,7 +167,7 @@ public class VsmCommand {
public static String getDeletePortProfile(String portName) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -199,7 +200,7 @@ public class VsmCommand {
public static String getAddPolicyMap(String name, int averageRate, int
maxRate, int burstRate) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -232,7 +233,7 @@ public class VsmCommand {
public static String getDeletePolicyMap(String name) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -265,7 +266,7 @@ public class VsmCommand {
public static String getServicePolicy(String policyMap, String
portProfile, boolean attach) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -297,7 +298,7 @@ public class VsmCommand {
public static String getPortProfile(String name) {
try {
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -334,7 +335,7 @@ public class VsmCommand {
public static String getPolicyMap(String name) {
try {
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
@@ -367,7 +368,7 @@ public class VsmCommand {
public static String getHello() {
try {
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
@@ -395,7 +396,7 @@ public class VsmCommand {
public static String getVServiceNode(String vlanId, String ipAddr) {
try {
// Create the document and root element.
- DocumentBuilderFactory docFactory =
DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory docFactory =
ParserUtils.getSaferDocumentBuilderFactory();
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
DOMImplementation domImpl = docBuilder.getDOMImplementation();
Document doc = createDocument(domImpl);
