Package mondrian.util
Class XmlParserFactoryProducer
java.lang.Object
mondrian.util.XmlParserFactoryProducer
Class was created to prevent XXE Security Vulnerabilities
http://jira.pentaho.com/browse/PPP-3506
Created by Yury_Bakhmutski on 10/21/2016.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic DocumentBuilderFactoryCreates an instance ofDocumentBuilderFactoryclass with enabledXMLConstants.FEATURE_SECURE_PROCESSINGproperty.static SAXParserFactoryCreates an instance ofSAXParserFactoryclass with enabledXMLConstants.FEATURE_SECURE_PROCESSINGproperty.static org.dom4j.io.SAXReadergetSAXReader(EntityResolver resolver)
-
Constructor Details
-
XmlParserFactoryProducer
public XmlParserFactoryProducer()
-
-
Method Details
-
createSecureDocBuilderFactory
public static DocumentBuilderFactory createSecureDocBuilderFactory() throws ParserConfigurationExceptionCreates an instance ofDocumentBuilderFactoryclass with enabledXMLConstants.FEATURE_SECURE_PROCESSINGproperty. Enabling this feature prevents from some XXE attacks (e.g. XML bomb) See PPP-3506 for more details.- Throws:
ParserConfigurationException- if feature can't be enabled
-
createSecureSAXParserFactory
public static SAXParserFactory createSecureSAXParserFactory() throws SAXNotSupportedException, SAXNotRecognizedException, ParserConfigurationExceptionCreates an instance ofSAXParserFactoryclass with enabledXMLConstants.FEATURE_SECURE_PROCESSINGproperty. Enabling this feature prevents from some XXE attacks (e.g. XML bomb)- Throws:
ParserConfigurationException- if a parser cannot be created which satisfies the requested configuration.SAXNotRecognizedException- When the underlying XMLReader does not recognize the property name.SAXNotSupportedException- When the underlying XMLReader recognizes the property name but doesn't support the property.
-
getSAXReader
-