mbien commented on code in PR #9449:
URL: https://github.com/apache/netbeans/pull/9449#discussion_r3436736016
##########
nb/o.n.upgrader/src/org/netbeans/upgrade/CopyFiles.java:
##########
@@ -232,6 +256,79 @@ private EditableProperties getProperties(String
relativePath) throws IOException
return properties;
}
+ /**
+ * Copies var/attributes.xml, filtering to keep only fileobject entries
that
+ * contain an AuxilaryConfiguration attribute.
+ *
+ * @param sourceFile source attributes.xml
+ * @param targetFile target attributes.xml
+ * @throws IOException if parsing or writing fails
+ */
+ private static void copyFilteredAttributesXml(File sourceFile, File
targetFile) throws IOException {
+ try {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
false); //NOI18N
Review Comment:
could you try adding
```java
dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
```
even though its on by default, setting it explicitly will activate
additional checks (JEP 185).
##########
nb/o.n.upgrader/src/org/netbeans/upgrade/CopyFiles.java:
##########
@@ -232,6 +256,79 @@ private EditableProperties getProperties(String
relativePath) throws IOException
return properties;
}
+ /**
+ * Copies var/attributes.xml, filtering to keep only fileobject entries
that
+ * contain an AuxilaryConfiguration attribute.
+ *
+ * @param sourceFile source attributes.xml
+ * @param targetFile target attributes.xml
+ * @throws IOException if parsing or writing fails
+ */
+ private static void copyFilteredAttributesXml(File sourceFile, File
targetFile) throws IOException {
+ try {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd";,
false); //NOI18N
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.parse(sourceFile);
+ Element root = doc.getDocumentElement();
+ NodeList children = root.getChildNodes();
+
+ // Collect fileobject nodes to remove (can't modify NodeList while
iterating)
+ List<Node> toRemove = new ArrayList<>();
+ for (int i = 0; i < children.getLength(); i++) {
+ if (children.item(i) instanceof Element el
+ && "fileobject".equals(el.getTagName()) //NOI18N
+ && !hasAuxiliaryConfiguration(el)) {
+ toRemove.add(el);
+ }
+ }
+
+ for (Node node : toRemove) {
+ root.removeChild(node);
+ }
+
+ // Only write if there are remaining entries
+ if (root.getElementsByTagName("fileobject").getLength() == 0) {
//NOI18N
+ LOGGER.log(Level.FINE, "No AuxiliaryConfiguration entries
found in {0}, skipping", sourceFile); //NOI18N
+ return;
+ }
+
+ TransformerFactory tf = TransformerFactory.newInstance();
Review Comment:
same here
```java
tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
```
##########
platform/core.ui/src/org/netbeans/core/ui/resources/layer.xml:
##########
@@ -780,7 +780,7 @@
<attr name="displayName"
bundlevalue="org.netbeans.core.ui.options.general.Bundle#General.Options.Export.displayName"/>
</file>
<file name="Other">
- <attr name="include" stringvalue="config/Preferences/.*"/>
+ <attr name="include"
stringvalue="config/Preferences/.*|var/attributes.xml"/>
Review Comment:
might be worth to add a comment mentioning that `attributes.xml` is filtered
in `upgrade.CopyFiles`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
