Repository: knox Updated Branches: refs/heads/master 7046c2273 -> 1c72a57e2
KNOX-1622 - Enable the secure processing feature on all XPathFactory instances Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1c72a57e Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1c72a57e Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1c72a57e Branch: refs/heads/master Commit: 1c72a57e27d29fcd37607935fa34247cf0727bc6 Parents: 7046c22 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Nov 23 15:30:23 2018 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Nov 23 15:30:23 2018 +0000 ---------------------------------------------------------------------- .../discovery/ambari/ServiceURLPropertyConfig.java | 9 ++++++++- .../filter/rewrite/impl/xml/XmlFilterReader.java | 14 +++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/1c72a57e/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java ---------------------------------------------------------------------- diff --git a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java index ab9751e..4d8864f 100644 --- a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java +++ b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java @@ -23,6 +23,7 @@ import org.w3c.dom.NamedNodeMap; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import javax.xml.XMLConstants; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathConstants; import javax.xml.xpath.XPathExpression; @@ -52,7 +53,13 @@ class ServiceURLPropertyConfig { private static XPathExpression URL_PATTERN; private static XPathExpression PROPERTIES; static { - XPath xpath = XPathFactory.newInstance().newXPath(); + XPathFactory xpathFactory = XPathFactory.newInstance(); + try { + xpathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + } catch (javax.xml.xpath.XPathFactoryConfigurationException ex) { + // ignore + } + XPath xpath = xpathFactory.newXPath(); try { SERVICE_URL_PATTERN_MAPPINGS = xpath.compile("/service-discovery-url-mappings/service"); URL_PATTERN = xpath.compile("url-pattern/text()"); http://git-wip-us.apache.org/repos/asf/knox/blob/1c72a57e/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java ---------------------------------------------------------------------- diff --git a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java index 34255b0..6c907f8 100644 --- a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java +++ b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java @@ -36,6 +36,7 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.Text; +import javax.xml.XMLConstants; import javax.xml.namespace.QName; import javax.xml.parsers.ParserConfigurationException; import javax.xml.stream.XMLEventReader; @@ -614,7 +615,18 @@ public abstract class XmlFilterReader extends Reader { } private static class XmlPathCompiler implements UrlRewriteFilterPathDescriptor.Compiler<XPathExpression> { - private static XPath XPATH = XPathFactory.newInstance().newXPath(); + private static XPath XPATH; + + static { + XPathFactory xpathFactory = XPathFactory.newInstance(); + try { + xpathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + } catch (javax.xml.xpath.XPathFactoryConfigurationException ex) { + // ignore + } + XPATH = xpathFactory.newXPath(); + } + @Override public XPathExpression compile( String expression, XPathExpression compiled ) { try {