ppkarwasz opened a new pull request, #13: URL: https://github.com/apache/commons-xml/pull/13
Applies the COMMONSXML-1 capability-driven approach to the Schema path, replacing the per-implementation class-name dispatch for `SchemaFactory` with a single wrapper-based recipe shared by every implementation. - `HardeningSchemaFactory` installs a deny-all `LSResourceResolver` on the factory (compile-time `xs:import`/`include`/`redefine`) and rewrites every `newSchema(Source[])` through an `XmlFactories`-hardened reader. - `HardeningSchema` re-installs the resolver on each `Validator`/`ValidatorHandler` (validate-time `xsi:schemaLocation`), and `HardeningValidator` rewrites the Source on every `validate(Source)`. - No FSP and no limit configuration on the factory: the hardened reader from `XmlFactories.harden(Source)` already carries them, so DOCTYPE / external-entity / Billion Laughs payloads in the schema or instance document are bounded there. - `StockJdkProvider.configure(SchemaFactory)`, `XercesProvider.configure(SchemaFactory)` with its per-product hardeners, `XmlFactories.dispatch(SchemaFactory)` and `Limits.applyToJdkSchema` are removed; `XmlFactories.newSchemaFactory()` wraps in `HardeningSchemaFactory` directly. No new class is introduced (net -84 lines). **Behaviour:** the JAXP 1.5 `ACCESS_EXTERNAL_*` properties are deliberately not set (the deny-all resolver covers the same fetches, and dropping them avoids the JDK 8 property-override bug, letting a caller re-enable specific lookups via their own resolver). The JDK block now surfaces as `SecurityException` rather than `SAXException`; the attack-test assertions already accept both. An unrecognized implementation is hardened rather than rejected. The schema-engine-internal `maxOccurs` node limit is no longer pinned on the factory (not exercised by any test); document-parsing limits remain covered via the hardened reader. `mvn verify` green across the stock JDK and external Xerces profiles. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
