This is an automated email from the ASF dual-hosted git repository.
stevel pushed a commit to branch branch-3.3.5
in repository https://gitbox.apache.org/repos/asf/hadoop.git
The following commit(s) were added to refs/heads/branch-3.3.5 by this push:
new b67c950380b HADOOP-18575. Make XML transformer factory more lenient
(#5224)
b67c950380b is described below
commit b67c950380b4612a5743bd4627baf1ce93eff766
Author: PJ Fanning <pjfann...@users.noreply.github.com>
AuthorDate: Sun Dec 18 13:25:10 2022 +0100
HADOOP-18575. Make XML transformer factory more lenient (#5224)
Due diligence followup to
HADOOP-18469. Add secure XML parser factories to XMLUtils (#4940)
Contributed by P J Fanning
---
.../main/java/org/apache/hadoop/util/XMLUtils.java | 34 +++++++++++++++++++---
.../java/org/apache/hadoop/util/TestXMLUtils.java | 12 ++++++++
2 files changed, 42 insertions(+), 4 deletions(-)
diff --git
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/XMLUtils.java
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/XMLUtils.java
index a8040ad90a8..7aa4b2bcc58 100644
---
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/XMLUtils.java
+++
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/util/XMLUtils.java
@@ -29,6 +29,8 @@ import javax.xml.transform.stream.*;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;
import java.io.*;
@@ -41,6 +43,9 @@ import java.io.*;
@InterfaceStability.Unstable
public class XMLUtils {
+ private static final Logger LOG =
+ LoggerFactory.getLogger(XMLUtils.class);
+
public static final String DISALLOW_DOCTYPE_DECL =
"http://apache.org/xml/features/disallow-doctype-decl";;
public static final String LOAD_EXTERNAL_DECL =
@@ -138,8 +143,8 @@ public class XMLUtils {
throws TransformerConfigurationException {
TransformerFactory trfactory = TransformerFactory.newInstance();
trfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
"");
return trfactory;
}
@@ -156,8 +161,29 @@ public class XMLUtils {
throws TransformerConfigurationException {
SAXTransformerFactory trfactory = (SAXTransformerFactory)
SAXTransformerFactory.newInstance();
trfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
- trfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+ bestEffortSetAttribute(trfactory, XMLConstants.ACCESS_EXTERNAL_STYLESHEET,
"");
return trfactory;
}
+
+ /**
+ * Set an attribute value on a {@link TransformerFactory}. If the
TransformerFactory
+ * does not support the attribute, the method just returns
<code>false</code> and
+ * logs the issue at debug level.
+ *
+ * @param transformerFactory to update
+ * @param name of the attribute to set
+ * @param value to set on the attribute
+ * @return whether the attribute was successfully set
+ */
+ static boolean bestEffortSetAttribute(TransformerFactory transformerFactory,
+ String name, Object value) {
+ try {
+ transformerFactory.setAttribute(name, value);
+ return true;
+ } catch (Throwable t) {
+ LOG.debug("Issue setting TransformerFactory attribute {}: {}", name,
t.toString());
+ }
+ return false;
+ }
}
diff --git
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestXMLUtils.java
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestXMLUtils.java
index ec1b74338a1..0ebec96213b 100644
---
a/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestXMLUtils.java
+++
b/hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestXMLUtils.java
@@ -20,10 +20,12 @@ package org.apache.hadoop.util;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.SAXParser;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
@@ -31,6 +33,7 @@ import javax.xml.transform.stream.StreamSource;
import org.apache.hadoop.test.AbstractHadoopTestBase;
import org.assertj.core.api.Assertions;
+import org.junit.Assert;
import org.junit.Test;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
@@ -128,6 +131,15 @@ public class TestXMLUtils extends AbstractHadoopTestBase {
}
}
+ @Test
+ public void testBestEffortSetAttribute() throws Exception {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Assert.assertFalse("unexpected attribute results in return of false",
+ XMLUtils.bestEffortSetAttribute(factory, "unsupportedAttribute
false", "abc"));
+ Assert.assertTrue("expected attribute results in return of false",
+ XMLUtils.bestEffortSetAttribute(factory,
XMLConstants.ACCESS_EXTERNAL_DTD, ""));
+ }
+
private static InputStream getResourceStream(final String filename) {
return TestXMLUtils.class.getResourceAsStream(filename);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org
