Federico Mariani created CAMEL-24110:
----------------------------------------
Summary: camel-xslt-saxon: saxonReaderProperties null-guard is
always true - stylesheets parsed by raw unhardened SAXParser, URIResolvers
returning DOMSource broken
Key: CAMEL-24110
URL: https://issues.apache.org/jira/browse/CAMEL-24110
Project: Camel
Issue Type: Bug
Components: camel-xslt
Affects Versions: 4.21.0
Reporter: Federico Mariani
Attachments: XsltSaxonUriResolverDomSourceTest.java
h3. Problem
{{XsltSaxonEndpoint}} initializes {{saxonReaderProperties}} to an *empty
HashMap*, so the guards {{if (this.saxonReaderProperties != null)}} in
{{loadResource()}} and {{createBuilderForCustomStylesheet()}} - clearly meant
as "only when the user configured reader properties" - are always true. Every
stylesheet load is unconditionally re-wrapped by {{createReaderForSource()}}.
Consequences:
# A custom {{URIResolver}} returning a {{DOMSource}} (or a {{SAXSource}}
without reader) gets {{SAXSource.sourceToInputSource(source)}} -> {{null}},
producing a {{SAXSource}} with a null {{InputSource}} and the endpoint fails to
start with {{SaxonApiException: I/O error reported by XML parser processing
null}}. The identical route on plain {{xslt:}} works.
# Every stylesheet (and every {{allowTemplateFromHeader}} template) is parsed
through {{SAXParserFactory.newInstance()}} with zero features configured -
ignoring the hardened parser setup used everywhere else in Camel.
# In {{loadResource()}} the wrap happens *before* the {{source == null}} check,
and {{createReaderForSource()}} returns a non-null wrapper (or null on
parser-creation failure), so the intended {{IOException("Cannot load schema
resource ...")}} can never fire for a null resolver result.
h3. Reproducer
Attached {{XsltSaxonUriResolverDomSourceTest.java}} - a registry-bound
{{URIResolver}} returning a {{DOMSource}}; the xslt-saxon route fails at
context startup on current main.
h3. Fix direction
Guard with {{!saxonReaderProperties.isEmpty()}}, keep the null-source check
first, and harden the created XMLReader (secure processing, external entities
off) since it also parses header-supplied templates when
{{allowTemplateFromHeader=true}}.
----
_This issue was researched and filed by Claude Code on behalf of [~fmariani]
(GitHub: Croway), as part of a code review of camel-xslt and camel-xslt-saxon.
The attached JUnit reproducer fails deterministically on current main
(4.22.0-SNAPSHOT); place it in
{{components/camel-xslt-saxon/src/test/java/org/apache/camel/component/xslt/saxon/}}._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)