[jira] [Resolved] (XERCESJ-1631) Testing Xerces security Manager maxOccurNodeLimit

[Michael Glavassevich (JIRA)]

     [ 
https://issues.apache.org/jira/browse/XERCESJ-1631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Glavassevich resolved XERCESJ-1631.
-------------------------------------------

    Resolution: Not A Problem

SecurityManger.setMaxOccurNodeLimit() specifies a limit on the size of Xerces' 
internal representation of the complex type. This setting is only loosely 
related to maxOccurs in the XSD. There have been multiple improvements made to 
Xerces to make this representation more efficient, particularly for the example 
you gave, so even maxOccurs="250000" may only require one node in the data 
structure for the complex type.

In the future please use the Xerces-J user mailing list for questions.

> Testing Xerces security Manager maxOccurNodeLimit
> -------------------------------------------------
>
>                 Key: XERCESJ-1631
>                 URL: https://issues.apache.org/jira/browse/XERCESJ-1631
>             Project: Xerces2-J
>          Issue Type: Test
>          Components: Samples
>    Affects Versions: 2.9.1
>            Reporter: pavan
>            Priority: Critical
>              Labels: security
>
> I have been using Xerces security manager in order to add DDos limits to the 
> XML Parser. I am unable to test this property MaxOccurNodeLimit. I don't know 
> whether this maxOccurs is related to the maxOccurs attribute present in the 
> XSD. I have made up a following test by having the simple schema as
> <?xml version="1.0" encoding="UTF-8" ?>
> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema";>
> <xs:element name="foo">
>    <xs:complexType>
>      <xs:choice>
>        <xs:element name="child1" type="xs:int" maxoccurs="250000"/>
>        <xs:element name="child2" type="xs:string" maxoccurs="250000"/>
>      </xs:choice>
>    </xs:complexType>
> </xs:element>
> </xs:schema>
> And then i have created an XML file following this schema
>  <?xml version="1.0"?>
>    <foo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>         xsi:noNamespaceSchemaLocation="maxOccurs.xsd">
>     <child2>value</child2>
>                   .
>                   . 5000 child2 tags
>                   .
>         <child2>value</child2>
>      </foo>
> I have specified the maxOccurLimit as 4000 and i have given a node which was 
> repeated for 5000 times and i expected an exception. But the xml parsing is 
> getting successful. Is there any wrong with my understanding about this 
> limit. If anybody has a clue please provide me an example of how to test it 
> as well
> Thanks



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-dev-h...@xerces.apache.org