Repository: oozie Updated Branches: refs/heads/branch-4.3 62eb28b7b -> 705a7c860
Fix parsing issue (asasvari via satishsaley) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/5356b501 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/5356b501 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/5356b501 Branch: refs/heads/branch-4.3 Commit: 5356b50138c5f5d276de16fbd2cb98e2d94c4354 Parents: 62eb28b Author: satishsaley <[email protected]> Authored: Mon Jan 15 10:06:14 2018 -0800 Committer: satishsaley <[email protected]> Committed: Mon Jan 15 10:06:14 2018 -0800 ---------------------------------------------------------------------- .../org/apache/oozie/service/SchemaService.java | 36 ++++++- .../org/apache/oozie/service/XLogService.java | 4 +- pom.xml | 2 +- .../apache/xerces/impl/XMLDTDScannerImpl.java | 104 +++++++++++++++++++ 4 files changed, 142 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/5356b501/core/src/main/java/org/apache/oozie/service/SchemaService.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/service/SchemaService.java b/core/src/main/java/org/apache/oozie/service/SchemaService.java index 1780eb1..88177e6 100644 --- a/core/src/main/java/org/apache/oozie/service/SchemaService.java +++ b/core/src/main/java/org/apache/oozie/service/SchemaService.java @@ -32,7 +32,13 @@ import javax.xml.validation.Validator; import org.apache.oozie.ErrorCode; import org.apache.oozie.util.IOUtils; +import org.apache.xerces.xni.XMLResourceIdentifier; +import org.apache.xerces.xni.XNIException; +import org.apache.xerces.xni.parser.XMLEntityResolver; +import org.apache.xerces.xni.parser.XMLInputSource; import org.xml.sax.SAXException; +import org.xml.sax.SAXNotRecognizedException; +import org.xml.sax.SAXNotSupportedException; /** * Service that loads Oozie workflow definition schema and registered extension @@ -73,6 +79,10 @@ public class SchemaService implements Service { private Schema slaSchema; + private SchemaFactory schemaFactory; + + private static NoXMLEntityResolver xmlEntityResolver; + private Schema loadSchema(String baseSchemas, String extSchema) throws SAXException, IOException { Set<String> schemaNames = new HashSet<String>(); String[] schemas = ConfigurationService.getStrings(baseSchemas); @@ -97,8 +107,7 @@ public class SchemaService implements Service { for (String schemaName : schemaNames) { sources.add(new StreamSource(IOUtils.getResourceAsStream(schemaName, -1))); } - SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); - return factory.newSchema(sources.toArray(new StreamSource[sources.size()])); + return schemaFactory.newSchema(sources.toArray(new StreamSource[sources.size()])); } /** @@ -110,10 +119,12 @@ public class SchemaService implements Service { @Override public void init(Services services) throws ServiceException { try { + schemaFactory = createSchemaFactory(); wfSchema = loadSchema(WF_CONF_SCHEMAS, WF_CONF_EXT_SCHEMAS); coordSchema = loadSchema(COORD_CONF_SCHEMAS, COORD_CONF_EXT_SCHEMAS); bundleSchema = loadSchema(BUNDLE_CONF_SCHEMAS, BUNDLE_CONF_EXT_SCHEMAS); slaSchema = loadSchema(SLA_CONF_SCHEMAS, SLA_CONF_EXT_SCHEMAS); + xmlEntityResolver = new NoXMLEntityResolver(); } catch (SAXException ex) { throw new ServiceException(ErrorCode.E0130, ex.getMessage(), ex); @@ -124,6 +135,19 @@ public class SchemaService implements Service { } /** + * Creates schema factory + * @return + * @throws SAXNotRecognizedException + * @throws SAXNotSupportedException + */ + private SchemaFactory createSchemaFactory() throws SAXNotRecognizedException, SAXNotSupportedException { + SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true); + factory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing";, true); + return factory; + } + + /** * Return the public interface of the service. * * @return {@link SchemaService}. @@ -205,7 +229,15 @@ public class SchemaService implements Service { validator.setFeature("http://apache.org/xml/features/disallow-doctype-decl";, true); validator.setFeature("http://xml.org/sax/features/external-general-entities";, false); validator.setFeature("http://xml.org/sax/features/external-parameter-entities";, false); + validator.setProperty("http://apache.org/xml/properties/internal/entity-resolver";, xmlEntityResolver); return validator; } + private static class NoXMLEntityResolver implements XMLEntityResolver { + @Override + public XMLInputSource resolveEntity(XMLResourceIdentifier xmlResourceIdentifier) throws XNIException, IOException { + throw new IOException("DOCTYPE is disallowed when the feature http://apache.org/xml/features/disallow-doctype-decl " + + "set to true."); + } + } } http://git-wip-us.apache.org/repos/asf/oozie/blob/5356b501/core/src/main/java/org/apache/oozie/service/XLogService.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/oozie/service/XLogService.java b/core/src/main/java/org/apache/oozie/service/XLogService.java index 04f04f4..4e649b8 100644 --- a/core/src/main/java/org/apache/oozie/service/XLogService.java +++ b/core/src/main/java/org/apache/oozie/service/XLogService.java @@ -144,6 +144,7 @@ public class XLogService implements Service, Instrumentable { String oozieHome = Services.getOozieHome(); String oozieLogs = System.getProperty(OOZIE_LOG_DIR, oozieHome + "/logs"); System.setProperty(OOZIE_LOG_DIR, oozieLogs); + try { LogManager.resetConfiguration(); log4jFileName = System.getProperty(LOG4J_FILE, DEFAULT_LOG4J_PROPERTIES); @@ -211,7 +212,8 @@ public class XLogService implements Service, Instrumentable { Properties props = new Properties(); props.load(is); - Configuration conf = new XConfiguration(); + XConfiguration conf = new XConfiguration(); + conf.setRestrictSystemProperties(false); for (Map.Entry entry : props.entrySet()) { conf.set((String) entry.getKey(), (String) entry.getValue()); } http://git-wip-us.apache.org/repos/asf/oozie/blob/5356b501/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 224d3be..4959b6c 100644 --- a/pom.xml +++ b/pom.xml @@ -109,7 +109,7 @@ <tomcat.version>6.0.47</tomcat.version> <jline.version>0.9.94</jline.version> <openjpa.version>2.4.1</openjpa.version> - <xerces.version>2.10.0</xerces.version> + <xerces.version>2.11.0</xerces.version> <curator.version>2.5.0</curator.version> <jackson.version>1.8.8</jackson.version> <log4j.version>1.2.17</log4j.version> http://git-wip-us.apache.org/repos/asf/oozie/blob/5356b501/webapp/src/main/java/org/apache/xerces/impl/XMLDTDScannerImpl.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/xerces/impl/XMLDTDScannerImpl.java b/webapp/src/main/java/org/apache/xerces/impl/XMLDTDScannerImpl.java new file mode 100644 index 0000000..362918d --- /dev/null +++ b/webapp/src/main/java/org/apache/xerces/impl/XMLDTDScannerImpl.java @@ -0,0 +1,104 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.impl; + +import java.io.IOException; + +import org.apache.xerces.util.SymbolTable; +import org.apache.xerces.util.XMLChar; +import org.apache.xerces.util.XMLStringBuffer; +import org.apache.xerces.util.XMLSymbols; +import org.apache.xerces.xni.Augmentations; +import org.apache.xerces.xni.XMLDTDContentModelHandler; +import org.apache.xerces.xni.XMLDTDHandler; +import org.apache.xerces.xni.XMLLocator; +import org.apache.xerces.xni.XMLResourceIdentifier; +import org.apache.xerces.xni.XMLString; +import org.apache.xerces.xni.XNIException; +import org.apache.xerces.xni.parser.XMLComponent; +import org.apache.xerces.xni.parser.XMLComponentManager; +import org.apache.xerces.xni.parser.XMLConfigurationException; +import org.apache.xerces.xni.parser.XMLDTDScanner; +import org.apache.xerces.xni.parser.XMLInputSource; + +public class XMLDTDScannerImpl extends XMLScanner implements XMLDTDScanner, XMLComponent, XMLEntityHandler { + private static final String DTD_UNSUPPORTED_ERROR_MESSAGE = "DOCTYPE is disallowed when the feature " + + "http://apache.org/xml/features/disallow-doctype-decl set to true."; + + public XMLDTDScannerImpl() { + } + + public XMLDTDScannerImpl(SymbolTable symbolTable, XMLErrorReporter errorReporter, XMLEntityManager entityManager) { + } + + public void setInputSource(XMLInputSource inputSource) throws IOException { + } + + public boolean scanDTDExternalSubset(boolean complete) throws IOException, XNIException { + throw new UnsupportedOperationException(DTD_UNSUPPORTED_ERROR_MESSAGE); + } + + public boolean scanDTDInternalSubset(boolean complete, boolean standalone, boolean hasExternalSubset) throws IOException, XNIException { + throw new UnsupportedOperationException(DTD_UNSUPPORTED_ERROR_MESSAGE); + } + + public void reset(XMLComponentManager componentManager) throws XMLConfigurationException { + } + + public void reset() { + } + + public String[] getRecognizedFeatures() { + return null; + } + + public String[] getRecognizedProperties() { + return null; + } + + public Boolean getFeatureDefault(String featureId) { + return null; + } + + public Object getPropertyDefault(String propertyId) { + return null; + } + + public void setDTDHandler(XMLDTDHandler dtdHandler) { + } + + public XMLDTDHandler getDTDHandler() { + return null; + } + + public void setDTDContentModelHandler(XMLDTDContentModelHandler dtdContentModelHandler) { + } + + public XMLDTDContentModelHandler getDTDContentModelHandler() { + return null; + } + + public void startEntity(String name, XMLResourceIdentifier identifier, String encoding, Augmentations augs) throws XNIException { + } + + public void endEntity(String name, Augmentations augs) throws XNIException { + } + + +}
