File eclipse-CVE-2023-4218.patch of Package eclipse.32874
--- a/eclipse.jdt.core/org.eclipse.jdt.apt.core/src/org/eclipse/jdt/apt/core/internal/util/FactoryPathUtil.java 2024-03-19 10:01:54.583093542 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.apt.core/src/org/eclipse/jdt/apt/core/internal/util/FactoryPathUtil.java 2024-03-19 13:58:56.303373550 +0100
@@ -25,6 +25,7 @@
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.eclipse.core.internal.runtime.XmlProcessorFactory;
import org.eclipse.core.resources.IFile;
import org.eclipse.core.resources.IProject;
import org.eclipse.core.resources.IResource;
@@ -221,8 +222,9 @@
Element fpElement = null;
try {
- DocumentBuilder parser =
- DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .createDocumentBuilderWithErrorOnDOCTYPE();
fpElement = parser.parse(new InputSource(reader)).getDocumentElement();
}
--- a/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/base/XMLComparer.java 2024-03-19 10:01:54.613093606 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/base/XMLComparer.java 2024-03-19 13:58:56.306706890 +0100
@@ -164,8 +164,7 @@
"</model>\n";
// create "actual" model
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document actualModel = factory.newDocumentBuilder().newDocument();
+ Document actualModel = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element modelNode = actualModel.createElement(MODEL_TAG);
// primary type
Element typeNode = actualModel.createElement(TYPE_ELEMENT_TAG);
@@ -203,7 +202,7 @@
// load reference model
InputSource source = new InputSource(new StringReader(XML_FRAMEWORK_TEST_MODEL));
- Document expectedModel = factory.newDocumentBuilder().parse(source);
+ Document expectedModel = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().parse(source);
// compare actual and reference
ByteArrayOutputStream out = new ByteArrayOutputStream();
--- a/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/base/XMLConverter.java 2024-03-19 10:01:54.613093606 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/base/XMLConverter.java 2024-03-19 13:58:56.306706890 +0100
@@ -65,7 +65,7 @@
StringWriter s = new StringWriter();
DOMSource domSource = new DOMSource(model);
StreamResult streamResult = new StreamResult(s);
- TransformerFactory tf = TransformerFactory.newInstance();
+ TransformerFactory tf = org.eclipse.core.internal.runtime.XmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
Transformer serializer;
try {
serializer = tf.newTransformer();
@@ -146,8 +146,7 @@
* @throws ParserConfigurationException
*/
public static Document convertModel(Iterable<? extends javax.lang.model.element.Element> declarations) throws ParserConfigurationException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document model = factory.newDocumentBuilder().newDocument();
+ Document model = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
org.w3c.dom.Element modelNode = model.createElement(MODEL_TAG);
XMLConverter converter = new XMLConverter(model);
--- a/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/negative/NegativeModelProc.java 2024-03-19 10:01:54.613093606 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.compiler.apt.tests/processors/org/eclipse/jdt/compiler/apt/tests/processors/negative/NegativeModelProc.java 2024-03-19 13:58:56.306706890 +0100
@@ -41,7 +41,6 @@
import javax.lang.model.type.TypeKind;
import javax.lang.model.type.TypeMirror;
import javax.lang.model.util.Elements;
-import javax.xml.parsers.DocumentBuilderFactory;
import org.eclipse.jdt.compiler.apt.tests.processors.base.XMLComparer;
import org.eclipse.jdt.compiler.apt.tests.processors.base.XMLConverter;
@@ -844,8 +843,7 @@
Document actualModel = XMLConverter.convertModel(rootElements);
InputSource source = new InputSource(new StringReader(expected));
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document expectedModel = factory.newDocumentBuilder().parse(source);
+ Document expectedModel = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().parse(source);
ByteArrayOutputStream out = new ByteArrayOutputStream();
StringBuilder summary = new StringBuilder();
--- a/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/JavaModelManager.java 2024-03-19 10:01:54.859760804 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/JavaModelManager.java 2024-03-19 13:58:56.306706890 +0100
@@ -54,7 +54,6 @@
import java.util.zip.ZipFile;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.resources.IFile;
@@ -3612,7 +3611,8 @@
StringReader reader = new StringReader(xmlString);
Element cpElement;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
cpElement = parser.parse(new InputSource(reader)).getDocumentElement();
} catch(SAXException | ParserConfigurationException e){
return;
--- a/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/JavaProject.java 2024-03-19 10:01:54.859760804 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/JavaProject.java 2024-03-19 13:58:56.306706890 +0100
@@ -38,7 +38,6 @@
import java.util.stream.Collectors;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.resources.ICommand;
import org.eclipse.core.resources.IFile;
@@ -1268,7 +1267,8 @@
StringReader reader = new StringReader(xmlClasspath);
Element cpElement;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
cpElement = parser.parse(new InputSource(reader)).getDocumentElement();
} catch (SAXException | ParserConfigurationException e) {
throw new IOException(Messages.file_badFormat, e);
@@ -1329,8 +1329,9 @@
Element node;
try {
+ @SuppressWarnings("restriction")
DocumentBuilder parser =
- DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
node = parser.parse(new InputSource(reader)).getDocumentElement();
} catch (SAXException | ParserConfigurationException e) {
return null;
--- a/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/UserLibrary.java 2024-03-19 10:01:54.859760804 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.core/model/org/eclipse/jdt/internal/core/UserLibrary.java 2024-03-19 13:58:56.310040231 +0100
@@ -21,7 +21,6 @@
import java.util.ArrayList;
import java.util.HashMap;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.runtime.Assert;
@@ -150,7 +149,8 @@
public static UserLibrary createFromString(Reader reader) throws IOException {
Element cpElement;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser = org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
cpElement = parser.parse(new InputSource(reader)).getDocumentElement();
} catch (SAXException | ParserConfigurationException e) {
throw new IOException(Messages.file_badFormat, e);
--- a/eclipse.jdt.core/org.eclipse.jdt.core.internal.tools/src/org/eclipse/jdt/core/internal/tools/unicode/TableBuilder.java 2024-03-19 10:01:54.613093606 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.core.internal.tools/src/org/eclipse/jdt/core/internal/tools/unicode/TableBuilder.java 2024-03-19 13:58:56.306706890 +0100
@@ -42,11 +42,10 @@
List<String> result = new ArrayList<>();
SAXParser saxParser = null;
try {
- saxParser = SAXParserFactory.newInstance().newSAXParser();
- } catch (ParserConfigurationException e) {
- e.printStackTrace();
- return null;
- } catch (SAXException e) {
+ @SuppressWarnings("restriction")
+ SAXParser p = org.eclipse.core.internal.runtime.XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
+ saxParser =p;
+ } catch (SAXException | ParserConfigurationException e) {
e.printStackTrace();
return null;
}
--- a/eclipse.jdt.core/org.eclipse.jdt.core.tests.model/src/org/eclipse/jdt/core/tests/formatter/DecodeCodeFormatterPreferences.java 2024-03-19 10:01:54.633093649 +0100
+++ b/eclipse.jdt.core/org.eclipse.jdt.core.tests.model/src/org/eclipse/jdt/core/tests/formatter/DecodeCodeFormatterPreferences.java 2024-03-19 13:58:56.306706890 +0100
@@ -26,8 +26,8 @@
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
+import org.eclipse.core.internal.runtime.XmlProcessorFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -63,7 +63,7 @@
public static Map decodeCodeFormatterOptions(String fileName, String profileName) {
try {
- SAXParser saxParser = SAXParserFactory.newInstance().newSAXParser();
+ SAXParser saxParser = XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
final DecodeCodeFormatterPreferences preferences = new DecodeCodeFormatterPreferences(profileName);
saxParser.parse(new File(fileName), preferences);
return preferences.getEntries();
@@ -89,7 +89,7 @@
return null;
}
inputStream = new BufferedInputStream(zipFile.getInputStream(zipEntry));
- SAXParser saxParser = SAXParserFactory.newInstance().newSAXParser();
+ SAXParser saxParser = XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
final DecodeCodeFormatterPreferences preferences = new DecodeCodeFormatterPreferences(profileName);
saxParser.parse(inputStream, preferences);
return preferences.getEntries();
--- a/eclipse.jdt.ui/org.eclipse.jdt.junit.core/src/org/eclipse/jdt/internal/junit/model/JUnitModel.java 2024-03-19 10:01:55.446428735 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.junit.core/src/org/eclipse/jdt/internal/junit/model/JUnitModel.java 2024-03-19 14:27:33.606659565 +0100
@@ -33,7 +33,6 @@
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.sax.SAXSource;
import javax.xml.transform.stream.StreamResult;
@@ -65,6 +64,7 @@
import org.eclipse.jdt.internal.junit.Messages;
import org.eclipse.jdt.internal.junit.launcher.JUnitLaunchConfigurationConstants;
import org.eclipse.jdt.internal.junit.model.TestElement.Status;
+import org.eclipse.jdt.internal.junit.util.XmlProcessorFactoryJdtJunit;
import org.eclipse.jdt.junit.ITestRunListener;
/**
@@ -386,7 +386,7 @@
*/
public static TestRunSession importTestRunSession(File file) throws CoreException {
try {
- SAXParserFactory parserFactory= SAXParserFactory.newInstance();
+ SAXParserFactory parserFactory= XmlProcessorFactoryJdtJunit.createSAXFactoryWithErrorOnDOCTYPE();
// parserFactory.setValidating(true); // TODO: add DTD and debug flag
SAXParser parser= parserFactory.newSAXParser();
TestRunHandler handler= new TestRunHandler();
@@ -429,7 +429,7 @@
@Override
public void run() {
try {
- SAXParserFactory parserFactory= SAXParserFactory.newInstance();
+ SAXParserFactory parserFactory= XmlProcessorFactoryJdtJunit.createSAXFactoryWithErrorOnDOCTYPE();
// parserFactory.setValidating(true); // TODO: add DTD and debug flag
SAXParser parser= parserFactory.newSAXParser();
parser.parse(trimmedUrl, handler);
@@ -477,7 +477,7 @@
public static void importIntoTestRunSession(File swapFile, TestRunSession testRunSession) throws CoreException {
try {
- SAXParserFactory parserFactory= SAXParserFactory.newInstance();
+ SAXParserFactory parserFactory= XmlProcessorFactoryJdtJunit.createSAXFactoryWithErrorOnDOCTYPE();
// parserFactory.setValidating(true); // TODO: add DTD and debug flag
SAXParser parser= parserFactory.newSAXParser();
TestRunHandler handler= new TestRunHandler(testRunSession);
@@ -527,7 +527,7 @@
public static void exportTestRunSession(TestRunSession testRunSession, OutputStream out)
throws TransformerFactoryConfigurationError, TransformerException {
- Transformer transformer= TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtJunit.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
InputSource inputSource= new InputSource();
SAXSource source= new SAXSource(new TestRunSessionSerializer(testRunSession), inputSource);
StreamResult result= new StreamResult(out);
--- a/eclipse.jdt.ui/org.eclipse.jdt.junit.core/src/org/eclipse/jdt/internal/junit/util/XmlProcessorFactoryJdtJunit.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.junit.core/src/org/eclipse/jdt/internal/junit/util/XmlProcessorFactoryJdtJunit.java 2024-03-19 14:26:46.589900854 +0100
@@ -0,0 +1,166 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.jdt.internal.junit.util;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.TransformerFactory;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+public class XmlProcessorFactoryJdtJunit {
+ private XmlProcessorFactoryJdtJunit() {
+ // static Utility only
+ }
+
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE = createSAXFactoryWithErrorOnDOCTYPE(false);
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE(true);
+ private static final SAXParserFactory SAX_FACTORY_IGNORING_DOCTYPE = createSAXFactoryIgnoringDOCTYPE();
+
+ /**
+ * Creates TransformerFactory which throws TransformerException when
+ * detecting external entities.
+ *
+ * @return javax.xml.transform.TransformerFactory
+ */
+ public static TransformerFactory createTransformerFactoryWithErrorOnDOCTYPE() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ // prohibit the use of all protocols by external entities:
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ f.setNamespaceAware(awareness);
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryIgnoringDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // ignore DOCTYPE:
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return createSAXParserWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @param namespaceAware
+ * parameter for SAXParserFactory
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+ if (namespaceAware) {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+ return SAX_FACTORY_ERROR_ON_DOCTYPE.newSAXParser();
+ }
+
+ /**
+ * Creates SAXParser which does not throw Exception when detecting external
+ * entities but ignores them.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserIgnoringDOCTYPE()
+ throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException {
+ SAXParser parser = SAX_FACTORY_IGNORING_DOCTYPE.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+}
\ No newline at end of file
--- "a/eclipse.jdt.ui/org.eclipse.jdt.ui/core extension/org/eclipse/jdt/internal/corext/template/java/TemplateSet.java" 2024-03-19 10:01:55.476428800 +0100
+++ "b/eclipse.jdt.ui/org.eclipse.jdt.ui/core extension/org/eclipse/jdt/internal/corext/template/java/TemplateSet.java" 2024-03-19 14:26:46.589900854 +0100
@@ -29,7 +29,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -53,6 +52,8 @@
import org.eclipse.jface.text.templates.TemplateContextType;
import org.eclipse.jface.text.templates.TemplateException;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
+
/**
* <code>TemplateSet</code> manages a collection of templates and makes them
* persistent.
@@ -121,7 +122,7 @@
*/
public void addFromStream(InputStream stream, boolean allowDuplicates) throws CoreException {
try {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
DocumentBuilder parser= factory.newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
Document document= parser.parse(new InputSource(stream));
@@ -230,7 +231,7 @@
*/
public void saveToStream(OutputStream stream) throws CoreException {
try {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
DocumentBuilder builder= factory.newDocumentBuilder();
Document document= builder.newDocument();
@@ -262,7 +263,7 @@
}
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
DOMSource source = new DOMSource(document);
--- "a/eclipse.jdt.ui/org.eclipse.jdt.ui/core extension/org/eclipse/jdt/internal/corext/util/History.java" 2024-03-19 10:01:55.476428800 +0100
+++ "b/eclipse.jdt.ui/org.eclipse.jdt.ui/core extension/org/eclipse/jdt/internal/corext/util/History.java" 2024-03-19 14:28:39.276788126 +0100
@@ -32,7 +32,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -55,6 +54,7 @@
import org.eclipse.jdt.internal.ui.JavaPlugin;
import org.eclipse.jdt.internal.ui.JavaUIException;
import org.eclipse.jdt.internal.ui.JavaUIStatus;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
import org.eclipse.jdt.internal.core.manipulation.util.BasicElementLabels;
/**
@@ -257,7 +257,7 @@
private void load(InputSource inputSource) throws CoreException {
Element root;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
root = parser.parse(inputSource).getDocumentElement();
} catch (SAXException e) {
@@ -291,7 +291,7 @@
private void save(OutputStream stream) throws CoreException {
try {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
DocumentBuilder builder= factory.newDocumentBuilder();
Document document= builder.newDocument();
@@ -306,7 +306,7 @@
rootElement.appendChild(element);
}
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackager/JarPackageReader.java 2024-03-19 10:01:55.509762205 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackager/JarPackageReader.java 2024-03-19 14:26:46.593234194 +0100
@@ -69,6 +69,7 @@
import org.eclipse.jdt.internal.ui.IJavaStatusConstants;
import org.eclipse.jdt.internal.ui.JavaPlugin;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
/**
* Reads data from an InputStream and returns a JarPackage
@@ -120,7 +121,7 @@
}
public JarPackageData readXML(JarPackageData jarPackage) throws IOException, SAXException {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
DocumentBuilder parser= null;
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackager/JarPackageWriter.java 2024-03-19 10:01:55.509762205 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackager/JarPackageWriter.java 2024-03-19 14:26:46.593234194 +0100
@@ -27,7 +27,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -56,6 +55,7 @@
import org.eclipse.jdt.internal.ui.IJavaStatusConstants;
import org.eclipse.jdt.internal.ui.JavaPlugin;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
/**
* Writes a JarPackage to an underlying OutputStream
@@ -97,7 +97,7 @@
public void writeXML(JarPackageData jarPackage) throws IOException {
Assert.isNotNull(jarPackage);
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
try {
docBuilder= factory.newDocumentBuilder();
@@ -119,7 +119,7 @@
try {
// Write the document to the stream
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, fEncoding);
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/FatJarRsrcUrlAntExporter.java 2024-03-19 10:01:55.486428821 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/FatJarRsrcUrlAntExporter.java 2024-03-19 14:26:46.593234194 +0100
@@ -31,7 +31,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -44,6 +43,7 @@
import org.eclipse.debug.core.ILaunchConfiguration;
import org.eclipse.jdt.internal.ui.JavaPlugin;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
/**
* Create an ANT script for a runnable JAR with class loader export. The script is generated based
@@ -82,7 +82,7 @@
String absJarname= absJarfile.toString();
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
try {
docBuilder= factory.newDocumentBuilder();
@@ -164,7 +164,7 @@
try {
// Write the document to the stream
- Transformer transformer= TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/UnpackFatJarAntExporter.java 2024-03-19 10:01:55.486428821 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/UnpackFatJarAntExporter.java 2024-03-19 14:26:46.593234194 +0100
@@ -27,7 +27,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -39,6 +38,8 @@
import org.eclipse.debug.core.ILaunchConfiguration;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
+
/**
* @since 3.5
*/
@@ -54,7 +55,7 @@
String absJarname= absJarfile.toString();
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
try {
docBuilder= factory.newDocumentBuilder();
@@ -114,7 +115,7 @@
try {
// Write the document to the stream
- Transformer transformer= TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/UnpackJarAntExporter.java 2024-03-19 10:01:55.486428821 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/jarpackagerfat/UnpackJarAntExporter.java 2024-03-19 14:26:46.593234194 +0100
@@ -28,7 +28,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -40,6 +39,8 @@
import org.eclipse.debug.core.ILaunchConfiguration;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
+
/**
* Create an ANT script for a runnable JAR wit libraries in a sub-folder. The script is generated
* based on the classpath of the selected launch-configuration.
@@ -60,7 +61,7 @@
String absSubfolder= absJarfile.removeLastSegments(1).append(subfolder).toString();
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
try {
docBuilder= factory.newDocumentBuilder();
@@ -147,7 +148,7 @@
try {
// Write the document to the stream
- Transformer transformer= TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/javadocexport/JavadocReader.java 2024-03-19 10:01:55.516428886 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/javadocexport/JavadocReader.java 2024-03-19 14:26:46.593234194 +0100
@@ -31,6 +31,8 @@
import org.eclipse.core.runtime.Assert;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
+
/**
* Reads data from an InputStream and returns a JarPackage
@@ -62,7 +64,7 @@
public Element readXML() throws IOException, SAXException {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
DocumentBuilder parser= null;
try {
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/javadocexport/JavadocWriter.java 2024-03-19 10:01:55.513095546 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/javadocexport/JavadocWriter.java 2024-03-19 14:32:20.630554782 +0100
@@ -26,7 +26,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -45,6 +44,8 @@
import org.eclipse.jdt.core.IJavaProject;
import org.eclipse.jdt.core.IPackageFragment;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
+
public class JavadocWriter {
private static final char PATH_SEPARATOR= '/'; // use forward slash for all platforms
@@ -66,7 +67,7 @@
public Element createXML(JavadocOptionsManager store) throws ParserConfigurationException {
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
docBuilder= factory.newDocumentBuilder();
Document document= docBuilder.newDocument();
@@ -103,7 +104,7 @@
public static void writeDocument(Element javadocElement, String encoding, OutputStream outputStream) throws TransformerException {
// Write the document to the stream
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, encoding);
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/preferences/formatter/ProfileStore.java 2024-03-19 10:01:55.486428821 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/preferences/formatter/ProfileStore.java 2024-03-19 14:26:46.593234194 +0100
@@ -38,7 +38,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -62,6 +61,7 @@
import org.eclipse.jdt.internal.ui.JavaUIStatus;
import org.eclipse.jdt.internal.ui.preferences.formatter.ProfileManager.CustomProfile;
import org.eclipse.jdt.internal.ui.preferences.formatter.ProfileManager.Profile;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
/**
@@ -238,7 +238,7 @@
final ProfileDefaultHandler handler= new ProfileDefaultHandler();
try {
- final SAXParserFactory factory= SAXParserFactory.newInstance();
+ final SAXParserFactory factory= XmlProcessorFactoryJdtUi.createSAXFactoryWithErrorOnDOCTYPE();
final SAXParser parser= factory.newSAXParser();
parser.parse(inputSource, handler);
} catch (SAXException | IOException | ParserConfigurationException e) {
@@ -278,7 +278,7 @@
public static void writeProfilesToStream(Collection<Profile> profiles, OutputStream stream, String encoding, IProfileVersioner profileVersioner) throws CoreException {
try {
- final DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ final DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
final DocumentBuilder builder= factory.newDocumentBuilder();
final Document document= builder.newDocument();
@@ -295,7 +295,7 @@
}
}
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, encoding);
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/preferences/UserLibraryPreferencePage.java 2024-03-19 10:01:55.489762162 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/preferences/UserLibraryPreferencePage.java 2024-03-19 14:30:24.676994457 +0100
@@ -35,7 +35,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -117,6 +116,7 @@
import org.eclipse.jdt.internal.ui.JavaPlugin;
import org.eclipse.jdt.internal.ui.dialogs.StatusInfo;
import org.eclipse.jdt.internal.ui.util.ExceptionHandler;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
import org.eclipse.jdt.internal.ui.wizards.buildpaths.AccessRulesDialog;
import org.eclipse.jdt.internal.ui.wizards.buildpaths.ArchiveFileFilter;
import org.eclipse.jdt.internal.ui.wizards.buildpaths.BuildPathSupport;
@@ -567,7 +567,7 @@
OutputStream stream= new FileOutputStream(file);
try {
DocumentBuilder docBuilder= null;
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setValidating(false);
docBuilder= factory.newDocumentBuilder();
Document document= docBuilder.newDocument();
@@ -622,7 +622,7 @@
}
// Write the document to the stream
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, encoding);
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
@@ -649,7 +649,7 @@
InputStream stream= new FileInputStream(file);
Element cpElement;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
cpElement = parser.parse(new InputSource(stream)).getDocumentElement();
} catch (SAXException | ParserConfigurationException e) {
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/text/java/ContentAssistHistory.java 2024-03-19 10:01:55.496428843 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/text/java/ContentAssistHistory.java 2024-03-19 14:26:46.593234194 +0100
@@ -34,7 +34,6 @@
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -62,6 +61,7 @@
import org.eclipse.jdt.internal.ui.JavaPlugin;
import org.eclipse.jdt.internal.ui.JavaUIException;
import org.eclipse.jdt.internal.ui.JavaUIStatus;
+import org.eclipse.jdt.internal.ui.util.XmlProcessorFactoryJdtUi;
/**
* An LRU cache for code assist.
@@ -85,7 +85,7 @@
public void store(ContentAssistHistory history, StreamResult result) throws CoreException {
try {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory= XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
DocumentBuilder builder= factory.newDocumentBuilder();
Document document= builder.newDocument();
@@ -106,7 +106,7 @@
}
}
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ Transformer transformer= XmlProcessorFactoryJdtUi.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "no"); //$NON-NLS-1$
@@ -121,7 +121,7 @@
public ContentAssistHistory load(InputSource source) throws CoreException {
Element root;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = XmlProcessorFactoryJdtUi.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
root = parser.parse(source).getDocumentElement();
} catch (SAXException | ParserConfigurationException | IOException e) {
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/util/XmlProcessorFactoryJdtUi.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui/ui/org/eclipse/jdt/internal/ui/util/XmlProcessorFactoryJdtUi.java 2024-03-19 14:26:46.593234194 +0100
@@ -0,0 +1,166 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.jdt.internal.ui.util;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.TransformerFactory;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+public class XmlProcessorFactoryJdtUi {
+ private XmlProcessorFactoryJdtUi() {
+ // static Utility only
+ }
+
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE = createSAXFactoryWithErrorOnDOCTYPE(false);
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE(true);
+ private static final SAXParserFactory SAX_FACTORY_IGNORING_DOCTYPE = createSAXFactoryIgnoringDOCTYPE();
+
+ /**
+ * Creates TransformerFactory which throws TransformerException when
+ * detecting external entities.
+ *
+ * @return javax.xml.transform.TransformerFactory
+ */
+ public static TransformerFactory createTransformerFactoryWithErrorOnDOCTYPE() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ // prohibit the use of all protocols by external entities:
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ f.setNamespaceAware(awareness);
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryIgnoringDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // ignore DOCTYPE:
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return createSAXParserWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @param namespaceAware
+ * parameter for SAXParserFactory
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+ if (namespaceAware) {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+ return SAX_FACTORY_ERROR_ON_DOCTYPE.newSAXParser();
+ }
+
+ /**
+ * Creates SAXParser which does not throw Exception when detecting external
+ * entities but ignores them.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserIgnoringDOCTYPE()
+ throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException {
+ SAXParser parser = SAX_FACTORY_IGNORING_DOCTYPE.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+}
\ No newline at end of file
--- a/eclipse.jdt.ui/org.eclipse.jdt.ui.tests/ui/org/eclipse/jdt/ui/tests/jarexport/FatJarExportTests.java 2024-03-19 10:01:55.436428713 +0100
+++ b/eclipse.jdt.ui/org.eclipse.jdt.ui.tests/ui/org/eclipse/jdt/ui/tests/jarexport/FatJarExportTests.java 2024-03-19 14:26:46.589900854 +0100
@@ -28,7 +28,6 @@
import java.util.zip.ZipFile;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import junit.framework.Test;
import junit.framework.TestCase;
@@ -73,6 +72,7 @@
import org.eclipse.jdt.core.JavaCore;
import org.eclipse.jdt.internal.corext.util.JavaModelUtil;
+import org.eclipse.jdt.internal.junit.util.XmlProcessorFactoryJdtJunit;
import org.eclipse.jdt.launching.IJavaLaunchConfigurationConstants;
import org.eclipse.jdt.launching.IVMInstall;
@@ -664,7 +664,7 @@
*/
private static Element readXML(IPath xmlFilePath) throws Exception {
try (InputStream in = new FileInputStream(xmlFilePath.toFile())) {
- DocumentBuilder parser= DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser= XmlProcessorFactoryJdtJunit.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
Element root= parser.parse(new InputSource(in)).getDocumentElement();
in.close();
--- a/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/history/RefactoringHistoryManager.java 2024-03-19 10:01:55.423095351 +0100
+++ b/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/history/RefactoringHistoryManager.java 2024-03-19 14:26:46.593234194 +0100
@@ -39,7 +39,6 @@
import java.util.TimeZone;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.xml.sax.InputSource;
@@ -84,6 +83,7 @@
import org.eclipse.ltk.internal.core.refactoring.RefactoringCorePlugin;
import org.eclipse.ltk.internal.core.refactoring.RefactoringSessionReader;
import org.eclipse.ltk.internal.core.refactoring.RefactoringSessionTransformer;
+import org.eclipse.ltk.internal.core.refactoring.XmlProcessorFactoryLtk;
/**
* Manager for persistable refactoring histories.
@@ -906,7 +906,7 @@
private Document getCachedDocument(final IPath path, final InputStream input) throws SAXException, IOException, ParserConfigurationException {
if (path.equals(fCachedPath) && fCachedDocument != null)
return fCachedDocument;
- DocumentBuilder parser= DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser= XmlProcessorFactoryLtk.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
parser.setErrorHandler(new DefaultHandler());
final Document document= parser.parse(new InputSource(input));
fCachedDocument= document;
--- a/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/RefactoringSessionReader.java 2024-03-19 10:01:55.423095351 +0100
+++ b/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/RefactoringSessionReader.java 2024-03-19 14:26:46.593234194 +0100
@@ -136,7 +136,7 @@
fSessionFound= false;
try {
source.setSystemId("/"); //$NON-NLS-1$
- createParser(SAXParserFactory.newInstance()).parse(source, this);
+ createParser(XmlProcessorFactoryLtk.createSAXFactoryWithErrorOnDOCTYPE()).parse(source, this);
if (!fSessionFound)
throw new CoreException(new Status(IStatus.ERROR, RefactoringCorePlugin.getPluginId(), IRefactoringCoreStatusCodes.REFACTORING_HISTORY_FORMAT_ERROR, RefactoringCoreMessages.RefactoringSessionReader_no_session, null));
if (fRefactoringDescriptors != null) {
--- a/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/RefactoringSessionTransformer.java 2024-03-19 10:01:55.423095351 +0100
+++ b/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/RefactoringSessionTransformer.java 2024-03-19 14:26:46.593234194 +0100
@@ -19,7 +19,6 @@
import java.util.Iterator;
import java.util.List;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
@@ -138,7 +137,7 @@
Assert.isTrue(flags >= RefactoringDescriptor.NONE);
try {
if (fDocument == null)
- fDocument= DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ fDocument= XmlProcessorFactoryLtk.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder().newDocument();
} catch (ParserConfigurationException | FactoryConfigurationError exception) {
throw new CoreException(new Status(IStatus.ERROR, RefactoringCorePlugin.getPluginId(), IRefactoringCoreStatusCodes.REFACTORING_HISTORY_IO_ERROR, exception.getLocalizedMessage(), null));
}
@@ -203,7 +202,7 @@
public void beginSession(final String comment, final String version) throws CoreException {
if (fDocument == null) {
try {
- fDocument= DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ fDocument= XmlProcessorFactoryLtk.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder().newDocument();
fSession= fDocument.createElement(IRefactoringSerializationConstants.ELEMENT_SESSION);
fSessionArguments= new ArrayList<>(2);
Attr attribute= fDocument.createAttribute(IRefactoringSerializationConstants.ATTRIBUTE_VERSION);
--- a/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/XmlProcessorFactoryLtk.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.jdt.ui/org.eclipse.ltk.core.refactoring/src/org/eclipse/ltk/internal/core/refactoring/XmlProcessorFactoryLtk.java 2024-03-19 14:26:46.593234194 +0100
@@ -0,0 +1,166 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.ltk.internal.core.refactoring;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.TransformerFactory;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+public class XmlProcessorFactoryLtk {
+ private XmlProcessorFactoryLtk() {
+ // static Utility only
+ }
+
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE = createSAXFactoryWithErrorOnDOCTYPE(false);
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE(true);
+ private static final SAXParserFactory SAX_FACTORY_IGNORING_DOCTYPE = createSAXFactoryIgnoringDOCTYPE();
+
+ /**
+ * Creates TransformerFactory which throws TransformerException when
+ * detecting external entities.
+ *
+ * @return javax.xml.transform.TransformerFactory
+ */
+ public static TransformerFactory createTransformerFactoryWithErrorOnDOCTYPE() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ // prohibit the use of all protocols by external entities:
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ f.setNamespaceAware(awareness);
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryIgnoringDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // ignore DOCTYPE:
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return createSAXParserWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @param namespaceAware
+ * parameter for SAXParserFactory
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+ if (namespaceAware) {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+ return SAX_FACTORY_ERROR_ON_DOCTYPE.newSAXParser();
+ }
+
+ /**
+ * Creates SAXParser which does not throw Exception when detecting external
+ * entities but ignores them.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserIgnoringDOCTYPE()
+ throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException {
+ SAXParser parser = SAX_FACTORY_IGNORING_DOCTYPE.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+}
\ No newline at end of file
--- a/eclipse.pde.build/org.eclipse.pde.build/src_ant/org/eclipse/pde/internal/build/tasks/JNLPGenerator.java 2024-03-19 10:01:54.569760179 +0100
+++ b/eclipse.pde.build/org.eclipse.pde.build/src_ant/org/eclipse/pde/internal/build/tasks/JNLPGenerator.java 2024-03-19 12:46:16.971563577 +0100
@@ -46,7 +46,6 @@
* feature.includes = extension
* feature.plugin = jar
*/
- private final static SAXParserFactory parserFactory = SAXParserFactory.newInstance();
private PrintWriter out;
private String destination;
private String provider;
@@ -89,8 +88,7 @@
this.locale = locale;
this.generateOfflineAllowed = generateOfflineAllowed;
try {
- parserFactory.setNamespaceAware(true);
- parser = parserFactory.newSAXParser();
+ parser = XmlParserFactory.createNsAwareSAXParserWithErrorOnDOCTYPE();;
} catch (ParserConfigurationException e) {
System.out.println(e);
} catch (SAXException e) {
--- a/eclipse.pde.build/org.eclipse.pde.build/src_ant/org/eclipse/pde/internal/build/tasks/XmlParserFactory.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.pde.build/org.eclipse.pde.build/src_ant/org/eclipse/pde/internal/build/tasks/XmlParserFactory.java 2024-03-19 12:44:11.157984851 +0100
@@ -0,0 +1,42 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.pde.internal.build.tasks;
+
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+
+import org.xml.sax.SAXException;
+
+public class XmlParserFactory {
+ private XmlParserFactory() {
+ // static Utility only
+ }
+
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE();
+
+ private static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ f.setNamespaceAware(true);
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ public static SAXParser createNsAwareSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+
+}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/ApiBaselineManager.java 2024-03-19 10:01:54.273092873 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/ApiBaselineManager.java 2024-03-20 09:29:06.196226859 +0100
@@ -31,7 +31,6 @@
import java.util.Set;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
@@ -61,6 +60,7 @@
import org.eclipse.pde.core.plugin.ModelEntry;
import org.eclipse.pde.core.plugin.PluginRegistry;
import org.eclipse.pde.internal.core.DependencyManager;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -426,7 +426,7 @@
long start = System.currentTimeMillis();
DocumentBuilder parser = null;
try {
- parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
} catch (ParserConfigurationException | FactoryConfigurationError e) {
abort("Error restoring API baseline", e); //$NON-NLS-1$
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/APIFileGenerator.java 2024-03-19 10:01:54.273092873 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/APIFileGenerator.java 2024-03-19 13:23:43.742521888 +0100
@@ -32,10 +32,8 @@
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
-import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.jdt.core.JavaCore;
@@ -48,6 +46,7 @@
import org.eclipse.pde.api.tools.internal.provisional.model.IApiTypeContainer;
import org.eclipse.pde.api.tools.internal.provisional.scanner.TagScanner;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.BundleException;
import org.osgi.framework.Constants;
import org.xml.sax.Attributes;
@@ -459,15 +458,9 @@
* @return true if it contains a source extension point, false otherwise
*/
private boolean containsAPIToolsNature(String pluginXMLContents) {
- SAXParserFactory factory = null;
- try {
- factory = SAXParserFactory.newInstance();
- } catch (FactoryConfigurationError e) {
- return false;
- }
SAXParser saxParser = null;
try {
- saxParser = factory.newSAXParser();
+ saxParser = PDEXmlProcessorFactory.createSAXParserIgnoringDOCTYPE();
} catch (ParserConfigurationException | SAXException e) {
// ignore
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/model/BundleComponent.java 2024-03-19 10:01:54.273092873 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/model/BundleComponent.java 2024-03-20 08:58:08.409268636 +0100
@@ -36,10 +36,8 @@
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
-import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.IStatus;
@@ -80,6 +78,7 @@
import org.eclipse.pde.api.tools.internal.util.Util;
import org.eclipse.pde.internal.core.TargetWeaver;
import org.eclipse.pde.internal.core.util.ManifestUtils;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.BundleException;
import org.osgi.framework.Constants;
import org.osgi.framework.Version;
@@ -1057,15 +1056,9 @@
* @return true if it contains a source extension point, false otherwise
*/
private boolean containsSourceExtensionPoint(String pluginXMLContents) {
- SAXParserFactory factory = null;
- try {
- factory = SAXParserFactory.newInstance();
- } catch (FactoryConfigurationError e) {
- return false;
- }
SAXParser saxParser = null;
try {
- saxParser = factory.newSAXParser();
+ saxParser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
} catch (ParserConfigurationException | SAXException e) {
// ignore
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/UseReportConverter.java 2024-03-19 10:01:54.276426214 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/UseReportConverter.java 2024-03-20 10:16:44.000012562 +0100
@@ -38,7 +38,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
@@ -67,6 +66,7 @@
import org.eclipse.pde.api.tools.internal.provisional.search.IMetadata;
import org.eclipse.pde.api.tools.internal.util.Signatures;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.Version;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
@@ -778,9 +778,8 @@
*/
SAXParser getParser() throws Exception {
if (this.parser == null) {
- SAXParserFactory factory = SAXParserFactory.newInstance();
try {
- this.parser = factory.newSAXParser();
+ this.parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
} catch (ParserConfigurationException pce) {
throw new Exception(SearchMessages.UseReportConverter_pce_error_getting_parser, pce);
} catch (SAXException se) {
@@ -858,7 +857,7 @@
protected void applyXSLT(Source xslt, File xmlfile, File htmlfile) throws TransformerException {
Source xml = new StreamSource(xmlfile);
Result html = new StreamResult(htmlfile);
- TransformerFactory factory = TransformerFactory.newInstance();
+ TransformerFactory factory = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
Transformer former = factory.newTransformer(xslt);
former.transform(xml, html);
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/UseScanParser.java 2024-03-19 10:01:54.276426214 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/UseScanParser.java 2024-03-20 08:58:08.412601975 +0100
@@ -24,7 +24,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.core.runtime.SubMonitor;
@@ -36,6 +35,7 @@
import org.eclipse.pde.api.tools.internal.provisional.descriptors.IComponentDescriptor;
import org.eclipse.pde.api.tools.internal.provisional.descriptors.IMemberDescriptor;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -311,9 +311,9 @@
* builds
*/
SAXParser getParser() throws Exception {
- SAXParserFactory factory = SAXParserFactory.newInstance();
try {
- return factory.newSAXParser();
+ return PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
+
} catch (ParserConfigurationException pce) {
throw new Exception(SearchMessages.UseReportConverter_pce_error_getting_parser, pce);
} catch (SAXException se) {
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlReferenceDescriptorWriter.java 2024-03-19 10:01:54.276426214 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlReferenceDescriptorWriter.java 2024-03-20 10:19:14.850323527 +0100
@@ -27,7 +27,6 @@
import java.util.Map.Entry;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
@@ -46,6 +45,7 @@
import org.eclipse.pde.api.tools.internal.provisional.model.IApiMember;
import org.eclipse.pde.api.tools.internal.util.Signatures;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -86,7 +86,7 @@
public XmlReferenceDescriptorWriter(String location) {
fLocation = location;
try {
- parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
} catch (FactoryConfigurationError | ParserConfigurationException pce) {
ApiPlugin.log(pce);
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlSearchReporter.java 2024-03-19 10:01:54.276426214 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlSearchReporter.java 2024-03-20 10:21:07.123888283 +0100
@@ -24,7 +24,6 @@
import java.util.List;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
@@ -40,6 +39,7 @@
import org.eclipse.pde.api.tools.internal.provisional.search.IApiSearchReporter;
import org.eclipse.pde.api.tools.internal.provisional.search.IMetadata;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.helpers.DefaultHandler;
@@ -69,7 +69,7 @@
fLocation = location;
this.debug = debug;
try {
- parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
} catch (FactoryConfigurationError | ParserConfigurationException pce) {
ApiPlugin.log(pce);
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/util/Util.java 2024-03-19 10:01:54.273092873 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/util/Util.java 2024-03-20 13:27:46.155319267 +0100
@@ -61,7 +61,6 @@
import java.util.zip.ZipInputStream;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
@@ -141,6 +140,7 @@
import org.eclipse.pde.api.tools.internal.provisional.problems.IApiProblem;
import org.eclipse.pde.api.tools.internal.provisional.problems.IApiProblemTypes;
import org.eclipse.pde.api.tools.internal.search.SkippedComponent;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.objectweb.asm.Opcodes;
import org.osgi.framework.Version;
import org.w3c.dom.Document;
@@ -1875,10 +1875,9 @@
* @throws CoreException if unable to create a new document
*/
public static Document newDocument() throws CoreException {
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
DocumentBuilder docBuilder = null;
try {
- docBuilder = dfactory.newDocumentBuilder();
+ docBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
} catch (ParserConfigurationException e) {
abort("Unable to create new XML document.", e); //$NON-NLS-1$
}
@@ -1898,7 +1897,7 @@
Element root = null;
InputStream stream = null;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
stream = new ByteArrayInputStream(document.getBytes(StandardCharsets.UTF_8));
root = parser.parse(stream).getDocumentElement();
@@ -1989,7 +1988,7 @@
public static String serializeDocument(Document document) throws CoreException {
try {
ByteArrayOutputStream s = new ByteArrayOutputStream();
- TransformerFactory factory = TransformerFactory.newInstance();
+ TransformerFactory factory = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
Transformer transformer = factory.newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/AnalysisReportConversionTask.java 2024-03-19 10:01:54.269759533 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/AnalysisReportConversionTask.java 2024-03-20 08:58:08.415935315 +0100
@@ -26,7 +26,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Task;
@@ -34,6 +33,7 @@
import org.eclipse.pde.api.tools.internal.IApiXmlConstants;
import org.eclipse.pde.api.tools.internal.provisional.ApiPlugin;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -444,10 +444,9 @@
if (!this.reportsRoot.exists() || !this.reportsRoot.isDirectory()) {
throw new BuildException(NLS.bind(Messages.invalid_directory_name, this.xmlReportsLocation));
}
- SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser parser = null;
try {
- parser = factory.newSAXParser();
+ parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
} catch (ParserConfigurationException | SAXException e) {
e.printStackTrace();
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/APIDeprecationReportConversionTask.java 2024-03-19 10:01:54.269759533 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/APIDeprecationReportConversionTask.java 2024-03-20 08:58:08.415935315 +0100
@@ -25,7 +25,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Task;
@@ -34,6 +33,7 @@
import org.eclipse.pde.api.tools.internal.IApiXmlConstants;
import org.eclipse.pde.api.tools.internal.provisional.comparator.IDelta;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -303,10 +303,9 @@
System.out.println("xmlFileLocation : " + this.xmlFileLocation); //$NON-NLS-1$
System.out.println("htmlFileLocation : " + this.htmlFileLocation); //$NON-NLS-1$
}
- SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser parser = null;
try {
- parser = factory.newSAXParser();
+ parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
} catch (ParserConfigurationException | SAXException e) {
e.printStackTrace();
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/APIFreezeReportConversionTask.java 2024-03-19 10:01:54.269759533 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools/src_ant/org/eclipse/pde/api/tools/internal/tasks/APIFreezeReportConversionTask.java 2024-03-20 08:58:08.415935315 +0100
@@ -25,7 +25,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.apache.tools.ant.BuildException;
import org.apache.tools.ant.Task;
@@ -34,6 +33,7 @@
import org.eclipse.pde.api.tools.internal.IApiXmlConstants;
import org.eclipse.pde.api.tools.internal.provisional.comparator.IDelta;
import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
@@ -481,10 +481,9 @@
}
}
}
- SAXParserFactory factory = SAXParserFactory.newInstance();
SAXParser parser = null;
try {
- parser = factory.newSAXParser();
+ parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
} catch (ParserConfigurationException | SAXException e) {
e.printStackTrace();
}
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiFreezeAntTaskTests.java 2024-03-19 10:01:54.363093068 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiFreezeAntTaskTests.java 2024-03-20 10:27:19.504655851 +0100
@@ -22,12 +22,12 @@
import java.util.Properties;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.resources.IFile;
import org.eclipse.core.resources.IFolder;
import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -62,7 +62,7 @@
IFile reportFile = buildFolder.getFile("report.xml"); //$NON-NLS-1$
assertTrue("report.xml must exist", reportFile.exists()); //$NON-NLS-1$
InputSource is = new InputSource(reportFile.getContents());
- DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder db = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document doc = db.parse(is);
NodeList elems = doc.getElementsByTagName("delta"); //$NON-NLS-1$
boolean found = false;
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiuseAntTaskTests.java 2024-03-19 10:01:54.363093068 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiuseAntTaskTests.java 2024-03-20 10:29:56.584979643 +0100
@@ -22,12 +22,12 @@
import java.util.Properties;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.resources.IFolder;
import org.eclipse.core.resources.IResource;
import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
@@ -65,7 +65,7 @@
public void test1() throws Exception {
IFolder reportFolder = runTaskAndVerify("test1"); //$NON-NLS-1$
InputSource is = new InputSource(reportFolder.getFile("not_searched.xml").getContents()); //$NON-NLS-1$
- DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder db = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document doc = db.parse(is);
NodeList elems = doc.getElementsByTagName("component"); //$NON-NLS-1$
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingCompareAntTaskTests.java 2024-03-19 10:01:54.363093068 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingCompareAntTaskTests.java 2024-03-20 10:31:29.578504669 +0100
@@ -20,11 +20,11 @@
import java.util.Properties;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.resources.IFolder;
import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
@@ -59,7 +59,7 @@
assertTrue("report folder must exist", folder.exists()); //$NON-NLS-1$
assertTrue("report xml must exist", folder.getFile("compare.xml").exists()); //$NON-NLS-1$ //$NON-NLS-2$
InputSource is = new InputSource(folder.getFile("compare.xml").getContents()); //$NON-NLS-1$
- DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder db = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document doc = db.parse(is);
NodeList elems = doc.getElementsByTagName("delta"); //$NON-NLS-1$
boolean found = false;
--- a/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.ui/src/org/eclipse/pde/api/tools/ui/internal/actions/ExportSessionAction.java 2024-03-19 10:01:54.286426235 +0100
+++ b/eclipse.pde.ui/apitools/org.eclipse.pde.api.tools.ui/src/org/eclipse/pde/api/tools/ui/internal/actions/ExportSessionAction.java 2024-03-20 10:35:34.392341472 +0100
@@ -45,6 +45,7 @@
import org.eclipse.pde.api.tools.ui.internal.ApiUIPlugin;
import org.eclipse.pde.api.tools.ui.internal.IApiToolsConstants;
import org.eclipse.pde.api.tools.ui.internal.views.APIToolingView;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
/**
* Drop-down action to select the active session.
@@ -155,8 +156,8 @@
writer = new BufferedWriter(new FileWriter(reportFile));
Result result = new StreamResult(writer);
// create an instance of TransformerFactory
- TransformerFactory transFact = TransformerFactory.newInstance();
- Transformer trans = transFact.newTransformer(xsltSource);
+ TransformerFactory f = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
+ Transformer trans = f.newTransformer(xsltSource);
trans.transform(xmlSource, result);
} catch (TransformerException | IOException e) {
ApiUIPlugin.log(e);
--- a/eclipse.pde.ui/ds/org.eclipse.pde.ds.core/src/org/eclipse/pde/internal/ds/core/builders/XMLErrorReporter.java 2024-03-19 10:01:54.256426171 +0100
+++ b/eclipse.pde.ui/ds/org.eclipse.pde.ds.core/src/org/eclipse/pde/internal/ds/core/builders/XMLErrorReporter.java 2024-03-20 10:25:38.027780020 +0100
@@ -18,7 +18,6 @@
import java.util.HashMap;
import java.util.Stack;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.filebuffers.FileBuffers;
@@ -36,6 +35,7 @@
import org.eclipse.jface.text.IRegion;
import org.eclipse.jface.text.Position;
import org.eclipse.pde.internal.core.builders.CompilerFlags;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import org.xml.sax.Attributes;
@@ -168,10 +168,9 @@
@Override
public void startDocument() throws SAXException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
// TODO we should be using a dom level 2 impl
- fXMLDocument = factory.newDocumentBuilder().newDocument();
+ PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
} catch (ParserConfigurationException e) {
}
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/AbstractModel.java 2024-03-19 10:01:54.553093477 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/AbstractModel.java 2024-03-20 08:58:08.415935315 +0100
@@ -21,7 +21,6 @@
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.filebuffers.FileBuffers;
import org.eclipse.core.filebuffers.ITextFileBuffer;
import org.eclipse.core.filebuffers.ITextFileBufferManager;
@@ -38,6 +37,7 @@
import org.eclipse.pde.core.IModelChangedEvent;
import org.eclipse.pde.core.IModelChangedListener;
import org.eclipse.pde.core.ModelChangedEvent;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.xml.sax.SAXException;
public abstract class AbstractModel extends PlatformObject implements IModel, IModelChangeProviderExtension, Serializable {
@@ -195,7 +195,7 @@
}
protected SAXParser getSaxParser() throws ParserConfigurationException, SAXException, FactoryConfigurationError {
- return SAXParserFactory.newInstance().newSAXParser();
+ return PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
}
@Override
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/BuildErrorReporter.java 2024-03-19 10:01:54.549760137 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/BuildErrorReporter.java 2024-03-20 09:19:54.608431509 +0100
@@ -28,7 +28,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
@@ -70,6 +69,7 @@
import org.eclipse.pde.internal.core.text.build.BuildModel;
import org.eclipse.pde.internal.core.util.CoreUtility;
import org.eclipse.pde.internal.core.util.PatternConstructor;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -668,7 +668,7 @@
// if we're defining fragments, make sure they have entries in plugin.xml
private void validateFragmentContributions(IBuildEntry binIncludes) {
try {
- DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder newDocumentBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
newDocumentBuilder.setErrorHandler(new PDEErrorHandler());
Document doc = newDocumentBuilder.parse(PDEProject.getPluginXml(fProject).getContents());
XPath xpath = XPathFactory.newInstance().newXPath();
@@ -684,7 +684,7 @@
// if we're defining an application, make sure it has entries in plugin.xml
private void validateApplicationContributions(IBuildEntry binIncludes) {
try {
- DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder newDocumentBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
newDocumentBuilder.setErrorHandler(new PDEErrorHandler());
Document doc = newDocumentBuilder.parse(PDEProject.getPluginXml(fProject).getContents());
XPath xpath = XPathFactory.newInstance().newXPath();
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/XMLErrorReporter.java 2024-03-19 10:01:54.549760137 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/XMLErrorReporter.java 2024-03-20 09:21:51.335321249 +0100
@@ -18,7 +18,6 @@
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Stack;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.filebuffers.FileBuffers;
import org.eclipse.core.filebuffers.ITextFileBufferManager;
@@ -37,6 +36,7 @@
import org.eclipse.pde.internal.core.PDECoreMessages;
import org.eclipse.pde.internal.core.TargetPlatformHelper;
import org.eclipse.pde.internal.core.builders.IncrementalErrorReporter.VirtualMarker;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -196,9 +196,8 @@
@Override
public void startDocument() throws SAXException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
- fXMLDocument = factory.newDocumentBuilder().newDocument();
+ fXMLDocument = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
} catch (ParserConfigurationException e) {
}
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/exports/FeatureExportOperation.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/exports/FeatureExportOperation.java 2024-03-20 11:01:51.585498405 +0100
@@ -37,7 +37,6 @@
import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.ant.core.AntCorePlugin;
@@ -96,6 +95,7 @@
import org.eclipse.pde.internal.core.project.PDEProject;
import org.eclipse.pde.internal.core.target.TargetMetadataCollector;
import org.eclipse.pde.internal.core.util.CoreUtility;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.InvalidSyntaxException;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
@@ -205,8 +205,7 @@
try {
scriptFile = createScriptFile("append.xml"); //$NON-NLS-1$
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement("project"); //$NON-NLS-1$
root.setAttribute("name", "temp"); //$NON-NLS-1$ //$NON-NLS-2$
@@ -870,8 +869,7 @@
File scriptFile = null;
try {
scriptFile = createScriptFile("zip.xml"); //$NON-NLS-1$
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement("project"); //$NON-NLS-1$
root.setAttribute("name", "temp"); //$NON-NLS-1$ //$NON-NLS-2$
@@ -942,8 +940,7 @@
private void createFeature(String featureID, String featureLocation, Object[] featuresExported, Document doc, Element root, Properties prop) throws IOException {
try {
if (doc == null) {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- doc = factory.newDocumentBuilder().newDocument();
+ doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
root = doc.createElement("feature"); //$NON-NLS-1$
root.setAttribute("id", featureID); //$NON-NLS-1$
root.setAttribute("version", "1.0"); //$NON-NLS-1$ //$NON-NLS-2$
@@ -1048,8 +1045,7 @@
}
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement("feature"); //$NON-NLS-1$
root.setAttribute("id", featureID); //$NON-NLS-1$
root.setAttribute("version", "1.0"); //$NON-NLS-1$ //$NON-NLS-2$
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/PDEAuxiliaryState.java 2024-03-19 10:01:54.543093455 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/PDEAuxiliaryState.java 2024-03-20 10:58:55.251809821 +0100
@@ -20,7 +20,6 @@
import java.util.Iterator;
import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.osgi.service.resolver.BundleDescription;
@@ -31,6 +30,7 @@
import org.eclipse.pde.core.plugin.IPluginModelBase;
import org.eclipse.pde.internal.core.ibundle.IBundleModel;
import org.eclipse.pde.internal.core.ibundle.IBundlePluginModelBase;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.BundleException;
import org.osgi.framework.Constants;
import org.w3c.dom.Document;
@@ -194,8 +194,7 @@
*/
protected void savePluginInfo(File dir) {
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement(ELEMENT_ROOT);
Iterator<String> iter = fPluginInfos.keySet().iterator();
@@ -254,8 +253,7 @@
File file = new File(dir, CACHE_EXTENSION);
if (file.exists() && file.isFile()) {
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder documentBuilder = factory.newDocumentBuilder();
+ DocumentBuilder documentBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
documentBuilder.setErrorHandler(new DefaultHandler());
Document doc = documentBuilder.parse(file);
Element root = doc.getDocumentElement();
@@ -294,7 +292,7 @@
*/
public static void writePluginInfo(IPluginModelBase[] models, File destination) {
try {
- DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder builder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document doc = builder.newDocument();
Element root = doc.createElement(ELEMENT_ROOT);
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/AbstractExtensions.java 2024-03-19 10:01:54.549760137 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/AbstractExtensions.java 2024-03-20 08:58:08.419268655 +0100
@@ -22,7 +22,6 @@
import java.util.Collections;
import java.util.List;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.resources.IFile;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.pde.core.IModelChangedEvent;
@@ -34,6 +33,7 @@
import org.eclipse.pde.core.plugin.ISharedPluginModel;
import org.eclipse.pde.internal.core.PDECore;
import org.eclipse.pde.internal.core.PDECoreMessages;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
@@ -197,7 +197,7 @@
try {
InputStream stream = new BufferedInputStream(((IFile) res).getContents(true));
PluginHandler handler = new PluginHandler(true);
- SAXParserFactory.newInstance().newSAXParser().parse(stream, handler);
+ PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE().parse(stream, handler);
return handler.getSchemaVersion();
} catch (CoreException | SAXException | IOException | ParserConfigurationException e) {
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/PluginBase.java 2024-03-19 10:01:54.549760137 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/PluginBase.java 2024-03-20 08:58:08.419268655 +0100
@@ -19,7 +19,6 @@
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.osgi.service.resolver.BundleDescription;
import org.eclipse.osgi.service.resolver.BundleSpecification;
@@ -34,6 +33,7 @@
import org.eclipse.pde.internal.core.PDECoreMessages;
import org.eclipse.pde.internal.core.PDEState;
import org.eclipse.pde.internal.core.bundle.BundlePluginBase;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.osgi.framework.Version;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -400,7 +400,8 @@
}
protected SAXParser getSaxParser() throws ParserConfigurationException, SAXException, FactoryConfigurationError {
- return SAXParserFactory.newInstance().newSAXParser();
+ return PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
+
}
public static int getMatchRule(VersionRange versionRange) {
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/PluginHandler.java 2024-03-19 10:01:54.549760137 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/PluginHandler.java 2024-03-20 11:03:25.495687610 +0100
@@ -17,10 +17,10 @@
import java.util.Stack;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.pde.internal.core.TargetPlatformHelper;
import org.eclipse.pde.internal.core.util.IdUtil;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -97,9 +97,8 @@
@Override
public void startDocument() throws SAXException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
- fDocument = factory.newDocumentBuilder().newDocument();
+ fDocument = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
} catch (ParserConfigurationException e) {
}
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/IUBundleContainer.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/IUBundleContainer.java 2024-03-20 10:44:30.320077119 +0100
@@ -66,6 +66,7 @@
import org.eclipse.pde.core.target.TargetBundle;
import org.eclipse.pde.core.target.TargetFeature;
import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -696,7 +697,7 @@
Element containerElement;
Document document;
try {
- DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder docBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
document = docBuilder.newDocument();
} catch (Exception e) {
PDECore.log(e);
@@ -729,7 +730,8 @@
try {
document.appendChild(containerElement);
StreamResult result = new StreamResult(new StringWriter());
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory f = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
+ Transformer transformer = f.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); //$NON-NLS-1$
transformer.transform(new DOMSource(document), result);
return result.getWriter().toString();
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/IULocationFactory.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/IULocationFactory.java 2024-03-20 09:23:38.478859337 +0100
@@ -27,6 +27,7 @@
import org.eclipse.pde.core.target.ITargetLocation;
import org.eclipse.pde.core.target.ITargetLocationFactory;
import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -45,7 +46,7 @@
Element location;
try {
- DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder docBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document document = docBuilder
.parse(new ByteArrayInputStream(serializedXML.getBytes(StandardCharsets.UTF_8)));
location = document.getDocumentElement();
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetDefinition.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetDefinition.java 2024-03-20 10:48:11.437184806 +0100
@@ -32,7 +32,6 @@
import java.util.Map.Entry;
import java.util.Set;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.eclipse.core.runtime.CoreException;
@@ -60,6 +59,7 @@
import org.eclipse.pde.internal.core.ICoreConstants;
import org.eclipse.pde.internal.core.PDECore;
import org.eclipse.pde.internal.core.TargetPlatformHelper;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -133,8 +133,7 @@
private static Document createNewDocument() {
try {
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- DocumentBuilder docBuilder = dfactory.newDocumentBuilder();
+ DocumentBuilder docBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
Document doc = docBuilder.newDocument();
ProcessingInstruction instruction = doc.createProcessingInstruction(
TargetDefinitionPersistenceHelper.PDE_INSTRUCTION,
@@ -1238,8 +1237,7 @@
List<Element> oldIUContainers = new ArrayList<>();
List<Element> oldGenericContainers = new ArrayList<>();
- DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
- DocumentBuilder docBuilder = dfactory.newDocumentBuilder();
+ DocumentBuilder docBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
for (ITargetLocation targetLocation : targetLocations) {
String type = targetLocation.getType();
if (targetLocation instanceof DirectoryBundleContainer) {
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetDefinitionPersistenceHelper.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetDefinitionPersistenceHelper.java 2024-03-20 10:38:02.182636244 +0100
@@ -22,7 +22,6 @@
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
@@ -37,6 +36,7 @@
import org.eclipse.pde.core.target.ITargetPlatformService;
import org.eclipse.pde.internal.core.ICoreConstants;
import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -122,7 +122,7 @@
return;
}
StreamResult outputTarget = new StreamResult(output);
- TransformerFactory factory = TransformerFactory.newInstance();
+ TransformerFactory factory = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
Transformer transformer = factory.newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.INDENT, "yes"); //$NON-NLS-1$
@@ -151,7 +151,7 @@
*/
public static void initFromXML(ITargetDefinition definition, InputStream input)
throws CoreException, ParserConfigurationException, SAXException, IOException {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
Document doc = parser.parse(new InputSource(input));
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetPersistence38Helper.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/TargetPersistence38Helper.java 2024-03-20 10:40:10.876226264 +0100
@@ -35,6 +35,7 @@
import org.eclipse.pde.core.target.ITargetLocationFactory;
import org.eclipse.pde.core.target.NameVersionDescriptor;
import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
@@ -246,7 +247,8 @@
throw new CoreException(new Status(IStatus.ERROR, PDECore.PLUGIN_ID, NLS.bind(Messages.TargetPersistence38Helper_NoTargetLocationExtension, type)));
}
StreamResult result = new StreamResult(new StringWriter());
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ TransformerFactory factory = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
+ Transformer transformer = factory.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); //$NON-NLS-1$
transformer.transform(new DOMSource(location), result);
container = locFactory.getTargetLocation(type, result.getWriter().toString());
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/PDEXMLHelper.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/PDEXMLHelper.java 2024-03-20 10:55:12.231360549 +0100
@@ -13,14 +13,7 @@
*******************************************************************************/
package org.eclipse.pde.internal.core.util;
-import java.lang.ref.SoftReference;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
-import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import org.xml.sax.SAXException;
@@ -31,56 +24,16 @@
*/
public class PDEXMLHelper {
- protected static SAXParserFactory fSAXFactory;
protected static PDEXMLHelper fPinstance;
- protected static DocumentBuilderFactory fDOMFactory;
- protected static List<SoftReference<SAXParser>> fSAXParserQueue;
- protected static List<SoftReference<DocumentBuilder>> fDOMParserQueue;
protected static int fSAXPoolLimit;
protected static int fDOMPoolLimit;
protected static final int FMAXPOOLLIMIT = 1;
protected PDEXMLHelper() throws FactoryConfigurationError {
- fSAXFactory = SAXParserFactory.newInstance();
- fDOMFactory = DocumentBuilderFactory.newInstance();
- fSAXParserQueue = Collections.synchronizedList(new LinkedList<SoftReference<SAXParser>>());
- fDOMParserQueue = Collections.synchronizedList(new LinkedList<SoftReference<DocumentBuilder>>());
fSAXPoolLimit = FMAXPOOLLIMIT;
fDOMPoolLimit = FMAXPOOLLIMIT;
}
- public synchronized SAXParser getDefaultSAXParser() throws ParserConfigurationException, SAXException {
-
- SAXParser parser = null;
- if (fSAXParserQueue.isEmpty()) {
- parser = fSAXFactory.newSAXParser();
- } else {
- SoftReference<?> reference = fSAXParserQueue.remove(0);
- if (reference.get() != null) {
- parser = (SAXParser) reference.get();
- } else {
- parser = fSAXFactory.newSAXParser();
- }
- }
- return parser;
- }
-
- public synchronized DocumentBuilder getDefaultDOMParser() throws ParserConfigurationException {
-
- DocumentBuilder parser = null;
- if (fDOMParserQueue.isEmpty()) {
- parser = fDOMFactory.newDocumentBuilder();
- } else {
- SoftReference<?> reference = fDOMParserQueue.remove(0);
- if (reference.get() != null) {
- parser = (DocumentBuilder) reference.get();
- } else {
- parser = fDOMFactory.newDocumentBuilder();
- }
- }
- return parser;
- }
-
public static PDEXMLHelper Instance() throws FactoryConfigurationError {
if (fPinstance == null) {
fPinstance = new PDEXMLHelper();
@@ -88,20 +41,6 @@
return fPinstance;
}
- public synchronized void recycleSAXParser(SAXParser parser) {
- if (fSAXParserQueue.size() < fSAXPoolLimit) {
- SoftReference<SAXParser> reference = new SoftReference<>(parser);
- fSAXParserQueue.add(reference);
- }
- }
-
- public synchronized void recycleDOMParser(DocumentBuilder parser) {
- if (fDOMParserQueue.size() < fDOMPoolLimit) {
- SoftReference<DocumentBuilder> reference = new SoftReference<>(parser);
- fDOMParserQueue.add(reference);
- }
- }
-
public static String getWritableString(String source) {
if (source == null) {
return ""; //$NON-NLS-1$
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/PDEXmlProcessorFactory.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/PDEXmlProcessorFactory.java 2024-03-20 08:58:08.422601994 +0100
@@ -0,0 +1,197 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.pde.internal.core.util;
+
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.TransformerFactory;
+
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXNotRecognizedException;
+import org.xml.sax.SAXNotSupportedException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+public class PDEXmlProcessorFactory {
+ private PDEXmlProcessorFactory() {
+ // static Utility only
+ }
+
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_IGNORING_DOCTYPE = createDocumentBuilderFactoryIgnoringDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE = createSAXFactoryWithErrorOnDOCTYPE(false);
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE(true);
+ private static final SAXParserFactory SAX_FACTORY_IGNORING_DOCTYPE = createSAXFactoryIgnoringDOCTYPE();
+
+ /**
+ * Creates TransformerFactory which throws TransformerException when
+ * detecting external entities.
+ *
+ * @return javax.xml.transform.TransformerFactory
+ */
+ public static TransformerFactory createTransformerFactoryWithErrorOnDOCTYPE() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ // prohibit the use of all protocols by external entities:
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which ignores external entities. It's
+ * magnitudes faster to call
+ * {@link #createDocumentBuilderIgnoringDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryIgnoringDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ try {
+ // completely disable external entities declarations:
+ factory.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilder which ignores external entities. The builder is
+ * not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderIgnoringDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_IGNORING_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when
+ * detecting external entities.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ f.setNamespaceAware(awareness);
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryIgnoringDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // ignore DOCTYPE:
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return createSAXParserWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @param namespaceAware
+ * parameter for SAXParserFactory
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+ if (namespaceAware) {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+ return SAX_FACTORY_ERROR_ON_DOCTYPE.newSAXParser();
+ }
+
+ /**
+ * Creates SAXParser which does not throw Exception when detecting external
+ * entities but ignores them.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static SAXParser createSAXParserIgnoringDOCTYPE()
+ throws ParserConfigurationException, SAXNotRecognizedException, SAXNotSupportedException, SAXException {
+ SAXParser parser = SAX_FACTORY_IGNORING_DOCTYPE.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+}
\ No newline at end of file
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/SAXParserWrapper.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/util/SAXParserWrapper.java 2024-03-20 12:49:41.184414763 +0100
@@ -30,45 +31,25 @@
*/
public class SAXParserWrapper {
- protected SAXParser fParser;
- protected boolean isdisposed;
-
- /**
- *
- */
- public SAXParserWrapper() throws ParserConfigurationException, SAXException, FactoryConfigurationError {
- fParser = PDEXMLHelper.Instance().getDefaultSAXParser();
- isdisposed = false;
+ public SAXParserWrapper() {
}
- // Explicit disposal
- public void dispose() {
- if (isdisposed == false) {
- PDEXMLHelper.Instance().recycleSAXParser(fParser);
- isdisposed = true;
- }
- }
-
- public void parse(File f, DefaultHandler dh) throws SAXException, IOException {
+ public void parse(File f, DefaultHandler dh)
+ throws SAXException, IOException, ParserConfigurationException, FactoryConfigurationError {
+ SAXParser fParser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
fParser.parse(f, dh);
}
- public void parse(InputStream is, DefaultHandler dh) throws SAXException, IOException {
+ public void parse(InputStream is, DefaultHandler dh)
+ throws SAXException, IOException, ParserConfigurationException, FactoryConfigurationError {
+ SAXParser fParser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
fParser.parse(is, dh);
}
- public void parse(InputSource is, DefaultHandler dh) throws SAXException, IOException {
+ public void parse(InputSource is, DefaultHandler dh)
+ throws SAXException, IOException, ParserConfigurationException, FactoryConfigurationError {
+ SAXParser fParser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
fParser.parse(is, dh);
}
- // NOTE: If other parser method calls are required, the corresponding
- // wrapper method needs to be added here
-
- // Implicit disposal
- @Override
- protected void finalize() throws Throwable {
- super.finalize();
- dispose();
- }
-
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/XMLDefaultHandler.java 2024-03-19 10:01:54.546426796 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/XMLDefaultHandler.java 2024-03-20 11:05:15.339242277 +0100
@@ -15,8 +15,8 @@
import java.io.StringReader;
import java.util.Stack;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
@@ -72,9 +72,8 @@
@Override
public void startDocument() throws SAXException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
- fDocument = factory.newDocumentBuilder().newDocument();
+ fDocument = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
} catch (ParserConfigurationException e) {
}
}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui/src/org/eclipse/pde/internal/ui/wizards/exports/FeatureExportWizard.java 2024-03-19 10:01:54.506426709 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui/src/org/eclipse/pde/internal/ui/wizards/exports/FeatureExportWizard.java 2024-03-20 09:03:57.656602733 +0100
@@ -25,6 +25,7 @@
import org.eclipse.pde.internal.core.exports.FeatureExportInfo;
import org.eclipse.pde.internal.core.exports.FeatureExportOperation;
import org.eclipse.pde.internal.core.ifeature.IFeatureModel;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.eclipse.pde.internal.ui.PDEPluginImages;
import org.eclipse.pde.internal.ui.PDEUIMessages;
import org.eclipse.pde.internal.ui.build.RuntimeInstallJob;
@@ -127,8 +128,7 @@
@Override
protected Document generateAntTask() {
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement("project"); //$NON-NLS-1$
root.setAttribute("name", "build"); //$NON-NLS-1$ //$NON-NLS-2$
root.setAttribute("default", "feature_export"); //$NON-NLS-1$ //$NON-NLS-2$
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui/src/org/eclipse/pde/internal/ui/wizards/exports/PluginExportWizard.java 2024-03-19 10:01:54.506426709 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui/src/org/eclipse/pde/internal/ui/wizards/exports/PluginExportWizard.java 2024-03-20 09:06:09.673521693 +0100
@@ -21,6 +21,7 @@
import org.eclipse.pde.core.plugin.IPluginModelBase;
import org.eclipse.pde.internal.core.exports.FeatureExportInfo;
import org.eclipse.pde.internal.core.exports.PluginExportOperation;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.eclipse.pde.internal.ui.PDEPluginImages;
import org.eclipse.pde.internal.ui.PDEUIMessages;
import org.eclipse.pde.internal.ui.build.RuntimeInstallJob;
@@ -97,8 +98,7 @@
@Override
protected Document generateAntTask() {
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- Document doc = factory.newDocumentBuilder().newDocument();
+ Document doc = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
Element root = doc.createElement("project"); //$NON-NLS-1$
root.setAttribute("name", "build"); //$NON-NLS-1$ //$NON-NLS-2$
root.setAttribute("default", "plugin_export"); //$NON-NLS-1$ //$NON-NLS-2$
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.templates/templates_3.1/extensibleEditor/java/ValidatorDocumentSetupParticipant.java 2024-03-19 10:01:54.563093498 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.templates/templates_3.1/extensibleEditor/java/ValidatorDocumentSetupParticipant.java 2024-03-20 08:58:08.422601994 +0100
@@ -4,6 +4,7 @@
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import org.eclipse.core.filebuffers.IDocumentSetupParticipant;
import org.eclipse.core.filebuffers.IDocumentSetupParticipantExtension;
@@ -40,7 +41,14 @@
this.marker = null;
}
try (StringReader reader = new StringReader(event.getDocument().get());) {
- DocumentBuilder documentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ DocumentBuilder documentBuilder = factory.newDocumentBuilder();
documentBuilder.parse(new InputSource(reader));
} catch (Exception ex) {
try {
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/core/tests/internal/feature/FeatureDataTestCase.java 2024-03-19 10:01:54.469759964 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/core/tests/internal/feature/FeatureDataTestCase.java 2024-03-20 09:09:09.847199348 +0100
@@ -23,6 +23,7 @@
import org.eclipse.pde.internal.core.feature.FeatureData;
import org.eclipse.pde.internal.core.feature.WorkspaceFeatureModel;
import org.eclipse.pde.internal.core.ifeature.IFeatureModel;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.junit.Test;
import org.w3c.dom.*;
import org.xml.sax.InputSource;
@@ -85,8 +86,7 @@
}
public static FeatureData fromXml(String xml) throws Exception {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder builder = factory.newDocumentBuilder();
+ DocumentBuilder builder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
InputSource is = new InputSource(new StringReader(xml));
Document doc = builder.parse(is);
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/core/tests/internal/PDEXmlProcessorFactoryTest.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/core/tests/internal/PDEXmlProcessorFactoryTest.java 2024-03-20 08:58:08.422601994 +0100
@@ -0,0 +1,372 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.pde.core.tests.internal;
+
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.CoreMatchers.startsWith;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.ServerSocket;
+import java.net.Socket;
+import java.net.SocketException;
+import java.net.URI;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.concurrent.ConcurrentLinkedQueue;
+import java.util.function.IntFunction;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.SAXParser;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.stream.StreamSource;
+
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
+import org.xml.sax.helpers.DefaultHandler;
+
+public class PDEXmlProcessorFactoryTest {
+
+ @Rule
+ public TemporaryFolder tempFolder = new TemporaryFolder();
+
+ @Test
+ public void testParseXmlWithExternalEntity() throws Exception {
+ SAXParser parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
+ try {
+ testParseXmlWithExternalEntity(parser, this::createMalciousXml);
+ assertTrue("SAXParseException expected", false);
+ } catch (SAXParseException e) {
+ String message = e.getMessage();
+ assertTrue(message, message.contains("DOCTYPE"));
+ assertTrue(message, message.contains("http://apache.org/xml/features/disallow-doctype-decl"));
+ }
+ }
+
+ @Test
+ public void testParseXmlWithoutExternalEntity() throws Exception {
+ SAXParser parser = PDEXmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE();
+ testParseXmlWithExternalEntity(parser, this::createNormalXml);
+ }
+
+ @Test
+ public void testParseXmlWithIgnoredExternalEntity() throws Exception {
+ SAXParser parser = PDEXmlProcessorFactory.createSAXParserIgnoringDOCTYPE();
+ testParseXmlWithExternalEntity(parser, this::createMalciousXml);
+ }
+
+ @Test
+ public void testParseXmlWithoutIgnoredExternalEntity() throws Exception {
+ SAXParser parser = PDEXmlProcessorFactory.createSAXParserIgnoringDOCTYPE();
+ testParseXmlWithExternalEntity(parser, this::createNormalXml);
+ }
+
+ public void testParseXmlWithExternalEntity(SAXParser parser, IntFunction<InputStream> xmlSupplier)
+ throws Exception {
+ try (Server httpServerThread = new Server()) {
+ List<String> elements = new ArrayList<>();
+ DefaultHandler handler = new DefaultHandler() {
+ @Override
+ public void startElement(String uri, String localName, String qName, org.xml.sax.Attributes attributes)
+ throws org.xml.sax.SAXException {
+ elements.add(qName);
+ }
+
+ @Override
+ public void characters(char ch[], int start, int length) throws SAXException {
+ String content = new String(ch, start, length);
+ assertFalse("Secret was injected into xml: " + content, content.contains("secret")); // var4
+ }
+
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId) throws IOException, SAXException {
+ // implementation that would do any remote call:
+ try {
+ return new InputSource(URI.create(systemId).toURL().openStream());
+ } catch (IOException exception) {
+ throw new SAXException(exception);
+ }
+ // Also the default impl injects files:
+ // return null;
+
+ // Does also prevent access to external files:
+ // return new InputSource(new StringReader(""));
+ }
+
+ };
+ try (InputStream xmlStream = xmlSupplier.apply(httpServerThread.getLocalPort())) {
+ parser.parse(xmlStream, handler);
+ }
+ assertEquals(List.of("Body"), elements);
+ }
+ }
+
+ @Test
+ public void testDocumentBuilderXmlWithExternalEntity() throws Exception {
+ DocumentBuilder documentBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
+ try {
+ testParseXmlWithExternalEntity(documentBuilder, this::createMalciousXml);
+ assertTrue("SAXParseException expected", false);
+ } catch (SAXParseException e) {
+ String message = e.getMessage();
+ assertTrue(message, message.contains("DOCTYPE"));
+ }
+ }
+
+ @Test
+ public void testDocumentBuilderFactoryWithoutExternalEntity() throws Exception {
+ DocumentBuilderFactory documentBuilderFactory = PDEXmlProcessorFactory
+ .createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ testParseXmlWithExternalEntity(documentBuilderFactory.newDocumentBuilder(), this::createNormalXml);
+ }
+
+ @Test
+ public void testDocumentBuilderWithoutExternalEntity() throws Exception {
+ DocumentBuilder documentBuilder = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
+ testParseXmlWithExternalEntity(documentBuilder, this::createNormalXml);
+ }
+
+ @Test
+ public void testDocumentBuilderFactoryIgnoringDoctypeNormal() throws Exception {
+ DocumentBuilderFactory documentBuilderFactory = PDEXmlProcessorFactory
+ .createDocumentBuilderFactoryIgnoringDOCTYPE();
+ testParseXmlWithExternalEntity(documentBuilderFactory.newDocumentBuilder(), this::createNormalXml);
+ }
+
+ @Test
+ public void testDocumentBuilderFactoryIgnoringDoctypeMalcious() throws Exception {
+ DocumentBuilderFactory documentBuilderFactory = PDEXmlProcessorFactory
+ .createDocumentBuilderFactoryIgnoringDOCTYPE();
+ testParseXmlWithExternalEntity(documentBuilderFactory.newDocumentBuilder(), this::createMalciousXml);
+ }
+
+ @Test
+ public void testDocumentBuilderIgnoringDoctypeNormal() throws Exception {
+ testParseXmlWithExternalEntity(PDEXmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE(),
+ this::createNormalXml);
+ }
+
+ @Test
+ public void testDocumentBuilderIgnoringDoctypeMalcious() throws Exception {
+ testParseXmlWithExternalEntity(PDEXmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE(),
+ this::createMalciousXml);
+ }
+
+ public void testParseXmlWithExternalEntity(DocumentBuilder builder, IntFunction<InputStream> xmlSupplier)
+ throws Exception {
+ try (Server httpServerThread = new Server()) {
+ Document document;
+
+ try (InputStream xmlStream = xmlSupplier.apply(httpServerThread.getLocalPort())) {
+ document = builder.parse(xmlStream);
+ }
+ Element root = document.getDocumentElement();
+
+ assertEquals("Body", root.getTagName());
+ if (root.getChildNodes().getLength() > 0) {
+ String value = root.getChildNodes().item(0).getNodeValue();
+ assertFalse("Parser injected secret: " + value, value.contains("secret"));
+ }
+ }
+ }
+
+ @Test
+ public void testTransformXmlWithExternalEntity() throws Exception {
+ TransformerFactory transformerFactory = PDEXmlProcessorFactory
+ .createTransformerFactoryWithErrorOnDOCTYPE();
+ try {
+ testParseXmlWithExternalEntity(transformerFactory, this::createMalciousXml);
+ assertTrue("TransformerException expected", false);
+ } catch (TransformerException e) {
+ String message = e.getMessage();
+ assertTrue(message, message.contains("DTD"));
+ }
+ }
+
+ @Test
+ public void testTransformXmlWithoutExternalEntity() throws Exception {
+ TransformerFactory transformerFactory = PDEXmlProcessorFactory
+ .createTransformerFactoryWithErrorOnDOCTYPE();
+ testParseXmlWithExternalEntity(transformerFactory, this::createNormalXml);
+ }
+
+ public void testParseXmlWithExternalEntity(TransformerFactory transformerFactory,
+ IntFunction<InputStream> xmlSupplier) throws Exception {
+ try (Server httpServerThread = new Server()) {
+ String formatted;
+
+ try (InputStream xmlStream = xmlSupplier.apply(httpServerThread.getLocalPort())) {
+ Transformer xformer = transformerFactory.newTransformer();
+ Source source = new StreamSource(xmlStream);
+ try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
+ Result result = new StreamResult(outputStream);
+ xformer.transform(source, result);
+ formatted = outputStream.toString(StandardCharsets.UTF_8);
+ }
+ }
+ assertTrue(formatted, formatted.contains("<Body>"));
+ assertFalse("Formatter injected secret: " + formatted, formatted.contains("secret"));
+ }
+ }
+
+ private InputStream createMalciousXml(int localPort) {
+ try {
+ Path tempSecret = tempFolder.newFile("test.txt").toPath();
+ Files.writeString(tempSecret, "secret");
+ Path tempDtd = tempFolder.newFile("test.dtd").toPath();
+ URL secretURL = tempSecret.toUri().toURL();
+ String dtdContent = "<!ENTITY % var1 SYSTEM \"" + secretURL + "\">\n" //
+ + "<!ENTITY var4 SYSTEM \"" + secretURL + "\">\n" //
+ + "<!ENTITY % var2 \"<!ENTITY var3 SYSTEM 'http://localhost:" + localPort + "/?%var1;'>\">\n" //
+ + "%var2;\n";
+ Files.writeString(tempDtd, dtdContent);
+ URL dtdURL = tempDtd.toUri().toURL();
+ String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" //
+ + "<!DOCTYPE var1 SYSTEM \"" + dtdURL + "\">\n" //
+ + "<Body>&var3;&var4;</Body>";
+ return new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private InputStream createNormalXml(int localPort) {
+ String xml = """
+ <?xml version="1.0" encoding="UTF-8"?>
+ <Body>hello</Body>""";
+ return new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
+ }
+
+ public static final class Server implements AutoCloseable {
+ private final ServerSocket serverSocket;
+ private final Thread httpServerThread;
+ private final Collection<Throwable> exceptionsInOtherThreads = new ConcurrentLinkedQueue<>();
+
+ private Server() throws IOException {
+ serverSocket = new ServerSocket(0);
+ httpServerThread = new Thread("httpServerThread") {
+ @Override
+ public void run() {
+ try (Socket socket = serverSocket.accept()) {
+ try (BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()))) {
+ String firstLine = in.readLine();
+ System.out.println(socket.getInetAddress() + ": " + firstLine);
+ try (OutputStream outputStream = socket.getOutputStream()) {
+ outputStream.write("HTTP/1.1 200 OK\r\n".getBytes(StandardCharsets.UTF_8));
+ }
+ assertThat(firstLine, startsWith("GET"));
+ assertThat(firstLine, not(containsString("secret")));
+ fail("Server was contacted");
+ }
+ } catch (SocketException closed) {
+ // expected
+ } catch (Throwable e) {
+ exceptionsInOtherThreads.add(e);
+ }
+ }
+ };
+
+ httpServerThread.start();
+ }
+
+ @Override
+ public void close() throws Exception {
+ serverSocket.close(); // -> SocketException in httpServerThread
+ httpServerThread.join(5000);
+ assertFalse(httpServerThread.isAlive());
+ for (Throwable e : exceptionsInOtherThreads) {
+ throw new AssertionError(e.getMessage(), e);
+ }
+ }
+
+ public int getLocalPort() {
+ return serverSocket.getLocalPort();
+ }
+
+ /** Example Server that will log and quit when contacted **/
+ public static void main(String[] args) throws Exception {
+ @SuppressWarnings("resource")
+ Server server = new Server();
+ System.out.println("Server startet on port: " + server.getLocalPort());
+ server.httpServerThread.join();
+ server.close();
+ }
+ }
+
+ static volatile Object sink;
+
+ /**
+ * Simple performance demonstration: It's slow to create Factory but 100
+ * times faster to create a Parser.
+ **/
+ public static void main(String[] args) throws Exception {
+ for (int i = 1; i < 1000; i++) {
+ long n0 = System.nanoTime();
+ sink = PDEXmlProcessorFactory.createSAXParserIgnoringDOCTYPE();
+ long n1 = System.nanoTime();
+ System.out.println("createSAXParserIgnoringDOCTYPE run " + i + ": " + (n1 - n0) + "ns");
+ // ~ run 999: 60000ns =0,06ms
+
+ n0 = System.nanoTime();
+ sink = PDEXmlProcessorFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ n1 = System.nanoTime();
+ System.out.println("createDocumentBuilderFactoryWithErrorOnDOCTYPE run " + i + ": " + (n1 - n0) + "ns");
+ // ~ run 999: 5000000ns =5ms
+
+ n0 = System.nanoTime();
+ sink = PDEXmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE();
+ n1 = System.nanoTime();
+ System.out.println("createDocumentBuilderIgnoringDOCTYPE run " + i + ": " + (n1 - n0) + "ns");
+ // ~ run 999: 40000ns =0,04ms
+
+ n0 = System.nanoTime();
+ sink = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
+ n1 = System.nanoTime();
+ System.out.println("createDocumentBuilderWithErrorOnDOCTYPE run " + i + ": " + (n1 - n0) + "ns");
+ // ~ run 999: 30000ns =0,03ms
+
+ n0 = System.nanoTime();
+ sink = PDEXmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
+ n1 = System.nanoTime();
+ System.out.println("createTransformerFactoryWithErrorOnDOCTYPE run " + i + ": " + (n1 - n0) + "ns");
+ // ~ run 999: 5000000ns =5ms
+ }
+ }
+}
\ No newline at end of file
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/target/IUBundleContainerTests.java 2024-03-19 10:01:54.469759964 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/target/IUBundleContainerTests.java 2024-03-20 09:11:38.940817604 +0100
@@ -36,6 +36,7 @@
import org.eclipse.pde.core.plugin.IPluginModelBase;
import org.eclipse.pde.core.target.*;
import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.PDEXmlProcessorFactory;
import org.eclipse.pde.internal.core.target.*;
import org.eclipse.pde.ui.tests.PDETestsPlugin;
import org.junit.Test;
@@ -540,7 +541,7 @@
ByteArrayOutputStream out = new ByteArrayOutputStream();
TargetDefinitionPersistenceHelper.persistXML(td, out);
String xml = new String(out.toByteArray());
- DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ DocumentBuilder parser = PDEXmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
Document doc = parser.parse(new InputSource(new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8))));
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/util/DOMParserWrapper.java 2024-03-19 10:01:54.469759964 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/util/DOMParserWrapper.java 1970-01-01 01:00:00.000000000 +0100
@@ -1,58 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2009, 2018 IBM Corporation and others.
- *
- * This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License 2.0
- * which accompanies this distribution, and is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- * IBM Corporation - initial API and implementation
- *******************************************************************************/
-
-package org.eclipse.pde.ui.tests.util;
-
-import java.io.File;
-import java.io.IOException;
-import javax.xml.parsers.*;
-import org.eclipse.pde.internal.core.util.PDEXMLHelper;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-public class DOMParserWrapper implements AutoCloseable {
-
- protected DocumentBuilder fParser;
- protected boolean isdisposed;
-
- public DOMParserWrapper() throws ParserConfigurationException, FactoryConfigurationError {
- fParser = PDEXMLHelper.Instance().getDefaultDOMParser();
- isdisposed = false;
- }
-
- // Explicit disposal
- public void dispose() {
- if (isdisposed == false) {
- PDEXMLHelper.Instance().recycleDOMParser(fParser);
- isdisposed = true;
- }
- }
-
- public Document parse(File f) throws SAXException, IOException {
- return fParser.parse(f);
- }
-
- public Document newDocument() {
- return fParser.newDocument();
- }
-
- // NOTE: If other parser method calls are required, the corresponding
- // wrapper method needs to be added here
-
- @Override
- public void close() {
- dispose();
- }
-
-}
--- a/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/util/xml/ParserWrapperTestCase.java 2024-03-19 10:01:54.469759964 +0100
+++ b/eclipse.pde.ui/ui/org.eclipse.pde.ui.tests/src/org/eclipse/pde/ui/tests/util/xml/ParserWrapperTestCase.java 2024-03-20 09:13:14.884334289 +0100
@@ -25,7 +25,6 @@
import org.eclipse.pde.internal.core.XMLDefaultHandler;
import org.eclipse.pde.internal.core.util.SAXParserWrapper;
import org.eclipse.pde.ui.tests.PDETestsPlugin;
-import org.eclipse.pde.ui.tests.util.DOMParserWrapper;
import org.junit.Before;
import org.junit.Test;
import org.osgi.framework.Bundle;
@@ -73,23 +72,6 @@
}
- @Test
- public void testDOMParserWrapperConcurrency() throws Exception {
-
- ParserThread[] threads = new ParserThread[FTHREADCOUNT];
-
- for (int x = 0; x < FTHREADCOUNT; x++) {
- threads[x] = new ParserThread(FDOM, fXMLFile);
- threads[x].start();
- }
-
- for (int x = 0; x < FTHREADCOUNT; x++) {
- threads[x].join();
- assertFalse(threads[x].getError());
- }
-
- }
-
public class ParserThread extends Thread {
protected final int FITERATIONS = 100;
@@ -108,10 +90,7 @@
if (fParserType == ParserWrapperTestCase.FSAX) {
runSAX();
- } else {
- runDOM();
}
-
}
public void runSAX() {
@@ -136,23 +115,6 @@
}
- public void runDOM() {
-
- for (int x = 0; x < FITERATIONS; x++) {
-
- try (DOMParserWrapper parser = new DOMParserWrapper()) {
- parser.parse(fParserXMLFile);
- } catch (ParserConfigurationException | SAXException | FactoryConfigurationError | IOException e) {
- e.printStackTrace();
- fError = true;
- }
- // If an error was encountered abort the thread
- // Any type of exception experienced is bad
- if (fError)
- return;
-
- }
- }
public boolean getError() {
return fError;
--- a/eclipse.platform/update/org.eclipse.update.configurator/META-INF/MANIFEST.MF 2024-03-19 10:01:56.373097399 +0100
+++ b/eclipse.platform/update/org.eclipse.update.configurator/META-INF/MANIFEST.MF 2024-03-20 12:27:53.028756091 +0100
@@ -11,7 +11,8 @@
org.eclipse.update.internal.configurator.branding;x-friends:="org.eclipse.update.core"
Eclipse-LazyStart: true
Require-Bundle: org.eclipse.equinox.common;bundle-version="[3.2.0,4.0.0)",
- org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)"
+ org.eclipse.osgi;bundle-version="[3.2.0,4.0.0)",
+ org.eclipse.core.runtime;bundle-version="[3.11.0,4.0.0)"
Bundle-RequiredExecutionEnvironment: JavaSE-1.8
Import-Package: javax.xml.parsers,
org.w3c.dom,
--- a/eclipse.platform/update/org.eclipse.update.configurator/src/org/eclipse/update/internal/configurator/ConfigurationParser.java 2024-03-19 10:01:56.373097399 +0100
+++ b/eclipse.platform/update/org.eclipse.update.configurator/src/org/eclipse/update/internal/configurator/ConfigurationParser.java 2024-03-20 12:22:25.604833946 +0100
@@ -25,7 +25,6 @@
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.URIUtil;
@@ -43,8 +42,6 @@
private static final String URL_PROPERTY = "org.eclipse.update.resolution_url"; //$NON-NLS-1$
private static final String EMPTY_STRING = ""; //$NON-NLS-1$
- private final static SAXParserFactory parserFactory =
- SAXParserFactory.newInstance();
private SAXParser parser;
private URL currentSiteURL;
@@ -59,8 +56,7 @@
public ConfigurationParser() throws InvocationTargetException {
try {
- parserFactory.setNamespaceAware(true);
- this.parser = parserFactory.newSAXParser();
+ this.parser = org.eclipse.core.internal.runtime.XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE(true);
} catch (ParserConfigurationException e) {
Utils.log(Utils.newStatus("ConfigurationParser", e)); //$NON-NLS-1$
throw new InvocationTargetException(e);
--- a/eclipse.platform/update/org.eclipse.update.configurator/src/org/eclipse/update/internal/configurator/FeatureParser.java 2024-03-19 10:01:56.373097399 +0100
+++ b/eclipse.platform/update/org.eclipse.update.configurator/src/org/eclipse/update/internal/configurator/FeatureParser.java 2024-03-20 12:22:44.744868356 +0100
@@ -35,17 +35,13 @@
private FeatureEntry feature;
private URL url;
- private final static SAXParserFactory parserFactory =
- SAXParserFactory.newInstance();
-
/**
* Constructs a feature parser.
*/
public FeatureParser() {
super();
try {
- parserFactory.setNamespaceAware(true);
- this.parser = parserFactory.newSAXParser();
+ this.parser = org.eclipse.core.internal.runtime.XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE(true);
} catch (ParserConfigurationException e) {
System.out.println(e);
} catch (SAXException e) {
--- a/eclipse.platform.runtime/bundles/org.eclipse.core.runtime/src/org/eclipse/core/internal/runtime/XmlProcessorFactory.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.platform.runtime/bundles/org.eclipse.core.runtime/src/org/eclipse/core/internal/runtime/XmlProcessorFactory.java 2024-03-20 12:07:18.269833676 +0100
@@ -0,0 +1,273 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.core.internal.runtime;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import javax.xml.XMLConstants;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.TransformerFactory;
+import org.w3c.dom.Document;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+public class XmlProcessorFactory {
+ private XmlProcessorFactory() {
+ // static Utility only
+ }
+
+ // using these factories is synchronized with creating & configuring them
+ // potentially concurrently in another thread:
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_IGNORING_DOCTYPE = createDocumentBuilderFactoryIgnoringDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE = createSAXFactoryWithErrorOnDOCTYPE(false);
+ private static final SAXParserFactory SAX_FACTORY_ERROR_ON_DOCTYPE_NS = createSAXFactoryWithErrorOnDOCTYPE(true);
+ private static final SAXParserFactory SAX_FACTORY_IGNORING_DOCTYPE = createSAXFactoryIgnoringDOCTYPE();
+ private static final SAXParserFactory SAX_FACTORY_PURE = createSAXFactory(false);
+ private static final SAXParserFactory SAX_FACTORY_PURE_NS = createSAXFactory(true);
+
+ /**
+ * Creates TransformerFactory which throws TransformerException when detecting
+ * external entities.
+ *
+ * @return javax.xml.transform.TransformerFactory
+ */
+ public static TransformerFactory createTransformerFactoryWithErrorOnDOCTYPE() {
+ TransformerFactory factory = TransformerFactory.newInstance();
+ // prohibit the use of all protocols by external entities:
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); //$NON-NLS-1$
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when detecting
+ * external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which ignores external entities. It's
+ * magnitudes faster to call {@link #createDocumentBuilderIgnoringDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryIgnoringDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ try {
+ // completely disable external entities declarations:
+ factory.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static synchronized DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE()
+ throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilder which ignores external entities. The builder is not
+ * thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static synchronized DocumentBuilder createDocumentBuilderIgnoringDOCTYPE()
+ throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_IGNORING_DOCTYPE.newDocumentBuilder();
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when detecting
+ * external entities.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE() {
+ return createSAXFactoryWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when detecting
+ * external entities.
+ *
+ * @param awareness true if the parser produced by this code will provide
+ * support for XML namespaces; false otherwise.
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized SAXParserFactory createSAXFactoryWithErrorOnDOCTYPE(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ if (awareness) {
+ f.setNamespaceAware(true);
+ }
+ try {
+ // force org.xml.sax.SAXParseException for any DOCTYPE:
+ f.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactoryIgnoringDOCTYPE() {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ try {
+ // ignore DOCTYPE:
+ f.setFeature("http://xml.org/sax/features/external-general-entities", false); //$NON-NLS-1$
+ f.setFeature("http://xml.org/sax/features/external-parameter-entities", false); //$NON-NLS-1$
+ f.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); //$NON-NLS-1$
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ return f;
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+
+ public static SAXParser createSAXParserWithErrorOnDOCTYPE() throws ParserConfigurationException, SAXException {
+ return createSAXParserWithErrorOnDOCTYPE(false);
+ }
+
+ /**
+ * Creates SAXParser which throws SAXParseException when detecting external
+ * entities.
+ *
+ * @param namespaceAware parameter for SAXParserFactory
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static synchronized SAXParser createSAXParserWithErrorOnDOCTYPE(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+ if (namespaceAware) {
+ return SAX_FACTORY_ERROR_ON_DOCTYPE_NS.newSAXParser();
+ }
+ return SAX_FACTORY_ERROR_ON_DOCTYPE.newSAXParser();
+ }
+
+ /**
+ * Creates SAXParser which does not throw Exception when detecting external
+ * entities but ignores them.
+ *
+ * @return javax.xml.parsers.SAXParser
+ */
+ public static synchronized SAXParser createSAXParserIgnoringDOCTYPE()
+ throws ParserConfigurationException, SAXException {
+ SAXParser parser = SAX_FACTORY_IGNORING_DOCTYPE.newSAXParser();
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+
+ private static synchronized SAXParserFactory createSAXFactory(boolean awareness) {
+ SAXParserFactory f = SAXParserFactory.newInstance();
+ if (awareness) {
+ f.setNamespaceAware(true);
+ }
+ return f;
+ }
+
+ public static synchronized SAXParser createSAXParserNoExternal(boolean namespaceAware)
+ throws ParserConfigurationException, SAXException {
+
+ SAXParser parser = namespaceAware ? SAX_FACTORY_PURE_NS.newSAXParser() : SAX_FACTORY_PURE.newSAXParser();
+ // prohibit the use of all protocols by external entities:
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, ""); //$NON-NLS-1$
+ parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); //$NON-NLS-1$
+ return parser;
+ }
+
+ public static synchronized SAXParser createSAXParserNoExternal() throws ParserConfigurationException, SAXException {
+ return createSAXParserNoExternal(false);
+ }
+
+ /**
+ * Parse the content of the given input source as an XML document and return a
+ * new DOM {@link Document} object.
+ *
+ * @see javax.xml.parsers.DocumentBuilder#parse(InputSource)
+ */
+ public static Document parseWithErrorOnDOCTYPE(InputSource is)
+ throws SAXException, IOException, ParserConfigurationException {
+ return createDocumentBuilderWithErrorOnDOCTYPE().parse(is);
+ }
+
+ /**
+ * Parse the content of the given input source as an XML document and return a
+ * new DOM {@link Document} object.
+ *
+ * @see javax.xml.parsers.DocumentBuilder#parse(InputStream)
+ */
+ public static Document parseWithErrorOnDOCTYPE(InputStream is)
+ throws SAXException, IOException, ParserConfigurationException {
+ return createDocumentBuilderWithErrorOnDOCTYPE().parse(is);
+ }
+
+ /**
+ * Parse the content of the given input source as an XML document and return a
+ * new DOM {@link Document} object.
+ *
+ * @see javax.xml.parsers.DocumentBuilder#parse(File)
+ */
+ public static Document parseWithErrorOnDOCTYPE(File file)
+ throws SAXException, IOException, ParserConfigurationException {
+ return createDocumentBuilderWithErrorOnDOCTYPE().parse(file);
+ }
+
+ /**
+ * Obtain a new instance of a DOM {@link Document} object to build a DOM tree
+ * with.
+ *
+ * @return A new instance of a DOM Document object.
+ * @see javax.xml.parsers.DocumentBuilder#newDocument()
+ */
+ public static Document newDocumentWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return createDocumentBuilderWithErrorOnDOCTYPE().newDocument();
+ }
+
+}
\ No newline at end of file
--- "a/eclipse.platform.swt/bundles/org.eclipse.swt.tools/Mac Generation/org/eclipse/swt/tools/internal/MacGenerator.java" 2024-03-19 10:01:56.149763584 +0100
+++ "b/eclipse.platform.swt/bundles/org.eclipse.swt.tools/Mac Generation/org/eclipse/swt/tools/internal/MacGenerator.java" 2024-03-19 14:04:31.634036279 +0100
@@ -17,8 +17,6 @@
import java.util.*;
import java.util.Map.*;
-import javax.xml.parsers.*;
-
import org.w3c.dom.*;
import org.xml.sax.*;
@@ -950,7 +948,11 @@
InputStream is = null;
if (xmlPath.indexOf(File.separatorChar) == -1) is = getClass().getResourceAsStream(xmlPath);
if (is == null) is = new BufferedInputStream(new FileInputStream(xmlPath));
- if (is != null) return DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(is));
+ if (is != null) {
+ @SuppressWarnings("restriction")
+ Document d = org.eclipse.core.internal.runtime.XmlProcessorFactory.parseWithErrorOnDOCTYPE(new InputSource(is));
+ return d;
+ }
} catch (Exception e) {
// e.printStackTrace();
}
--- a/eclipse.platform.text/org.eclipse.text/.settings/org.eclipse.jdt.core.prefs 2024-03-19 10:01:56.493097657 +0100
+++ b/eclipse.platform.text/org.eclipse.text/.settings/org.eclipse.jdt.core.prefs 2024-03-19 11:39:19.100332806 +0100
@@ -1,4 +1,5 @@
eclipse.preferences.version=1
+org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled
org.eclipse.jdt.core.builder.cleanOutputFolder=clean
org.eclipse.jdt.core.builder.duplicateResourceTask=warning
org.eclipse.jdt.core.builder.invalidClasspath=abort
@@ -21,8 +22,11 @@
org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled
org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore
org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull
+org.eclipse.jdt.core.compiler.annotation.nonnull.secondary=
org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault
+org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary=
org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable
+org.eclipse.jdt.core.compiler.annotation.nullable.secondary=
org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
@@ -34,6 +38,8 @@
org.eclipse.jdt.core.compiler.debug.sourceFile=generate
org.eclipse.jdt.core.compiler.doc.comment.support=enabled
org.eclipse.jdt.core.compiler.maxProblemPerUnit=100
+org.eclipse.jdt.core.compiler.problem.APILeak=warning
+org.eclipse.jdt.core.compiler.problem.annotatedTypeArgumentToUnannotated=info
org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
org.eclipse.jdt.core.compiler.problem.autoboxing=info
@@ -42,7 +48,7 @@
org.eclipse.jdt.core.compiler.problem.deprecation=warning
org.eclipse.jdt.core.compiler.problem.deprecationInDeprecatedCode=disabled
org.eclipse.jdt.core.compiler.problem.deprecationWhenOverridingDeprecatedMethod=enabled
-org.eclipse.jdt.core.compiler.problem.discouragedReference=error
+org.eclipse.jdt.core.compiler.problem.discouragedReference=warning
org.eclipse.jdt.core.compiler.problem.emptyStatement=warning
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
org.eclipse.jdt.core.compiler.problem.explicitlyClosedAutoCloseable=warning
@@ -84,12 +90,14 @@
org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=error
org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=warning
org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning
+org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning
org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error
org.eclipse.jdt.core.compiler.problem.nullReference=error
org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error
org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning
org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=error
org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore
+org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning
org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=error
org.eclipse.jdt.core.compiler.problem.potentialNullReference=info
org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=info
@@ -104,17 +112,23 @@
org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=error
org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled
org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled
+org.eclipse.jdt.core.compiler.problem.suppressWarningsNotFullyAnalysed=info
org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled
org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore
+org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning
org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning
org.eclipse.jdt.core.compiler.problem.unavoidableGenericTypeProblems=enabled
org.eclipse.jdt.core.compiler.problem.uncheckedTypeOperation=warning
org.eclipse.jdt.core.compiler.problem.unclosedCloseable=warning
org.eclipse.jdt.core.compiler.problem.undocumentedEmptyBlock=info
org.eclipse.jdt.core.compiler.problem.unhandledWarningToken=warning
+org.eclipse.jdt.core.compiler.problem.unlikelyCollectionMethodArgumentType=warning
+org.eclipse.jdt.core.compiler.problem.unlikelyCollectionMethodArgumentTypeStrict=disabled
+org.eclipse.jdt.core.compiler.problem.unlikelyEqualsArgumentType=info
org.eclipse.jdt.core.compiler.problem.unnecessaryElse=ignore
org.eclipse.jdt.core.compiler.problem.unnecessaryTypeCheck=error
org.eclipse.jdt.core.compiler.problem.unqualifiedFieldAccess=ignore
+org.eclipse.jdt.core.compiler.problem.unstableAutoModuleName=warning
org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownException=warning
org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownExceptionExemptExceptionAndThrowable=enabled
org.eclipse.jdt.core.compiler.problem.unusedDeclaredThrownExceptionIncludeDocCommentReference=enabled
--- a/eclipse.platform.text/org.eclipse.text/src/org/eclipse/text/templates/TemplateReaderWriter.java 2024-03-19 10:01:56.489764316 +0100
+++ b/eclipse.platform.text/org.eclipse.text/src/org/eclipse/text/templates/TemplateReaderWriter.java 2024-03-19 11:39:19.100332806 +0100
@@ -27,12 +27,10 @@
import java.util.Set;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -157,8 +155,8 @@
Collection<TemplatePersistenceData> templates= new ArrayList<>();
Set<String> ids= new HashSet<>();
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
- DocumentBuilder parser= factory.newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser= org.eclipse.core.internal.runtime.XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
parser.setErrorHandler(new DefaultHandler());
Document document= parser.parse(source);
@@ -263,10 +261,8 @@
*/
private void save(TemplatePersistenceData[] templates, StreamResult result) throws IOException {
try {
- DocumentBuilderFactory factory= DocumentBuilderFactory.newInstance();
- DocumentBuilder builder= factory.newDocumentBuilder();
- Document document= builder.newDocument();
-
+ @SuppressWarnings("restriction")
+ Document document= org.eclipse.core.internal.runtime.XmlProcessorFactory.newDocumentWithErrorOnDOCTYPE();
Node root= document.createElement(TEMPLATE_ROOT);
document.appendChild(root);
@@ -322,9 +318,8 @@
node.appendChild(pattern);
}
}
-
-
- Transformer transformer=TransformerFactory.newInstance().newTransformer();
+ @SuppressWarnings("restriction")
+ Transformer transformer= org.eclipse.core.internal.runtime.XmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE().newTransformer();
transformer.setOutputProperty(OutputKeys.METHOD, "xml"); //$NON-NLS-1$
transformer.setOutputProperty(OutputKeys.ENCODING, StandardCharsets.UTF_8.name());
DOMSource source = new DOMSource(document);
--- a/eclipse.platform.ui/bundles/org.eclipse.jface/src/org/eclipse/jface/dialogs/DialogSettings.java 2024-03-19 10:01:54.889760869 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.jface/src/org/eclipse/jface/dialogs/DialogSettings.java 2024-03-19 11:39:19.100332806 +0100
@@ -36,9 +36,9 @@
import java.util.Map.Entry;
import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.eclipse.jface.internal.XmlProcessorFactoryJFace;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -260,8 +260,7 @@
public void load(Reader r) {
Document document = null;
try {
- DocumentBuilder parser = DocumentBuilderFactory.newInstance()
- .newDocumentBuilder();
+ DocumentBuilder parser = XmlProcessorFactoryJFace.createDocumentBuilderWithErrorOnDOCTYPE();
// parser.setProcessNamespace(true);
document = parser.parse(new InputSource(r));
--- a/eclipse.platform.ui/bundles/org.eclipse.jface/src/org/eclipse/jface/internal/XmlProcessorFactoryJFace.java 1970-01-01 01:00:00.000000000 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.jface/src/org/eclipse/jface/internal/XmlProcessorFactoryJFace.java 2024-03-19 11:39:19.100332806 +0100
@@ -0,0 +1,59 @@
+/*******************************************************************************
+ * Copyright (c) 2023 Joerg Kubitz and others.
+ *
+ * This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License 2.0
+ * which accompanies this distribution, and is available at
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *******************************************************************************/
+package org.eclipse.jface.internal;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+/**
+ * XML processing which prohibits external entities.
+ *
+ * @see <a href="https://rules.sonarsource.com/java/RSPEC-2755/">RSPEC-2755</a>
+ */
+/* A copy of org.eclipse.core.internal.runtime.XmlProcessorFactory for jface. */
+public class XmlProcessorFactoryJFace {
+ private XmlProcessorFactoryJFace() {
+ // static Utility only
+ }
+
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE = createDocumentBuilderFactoryWithErrorOnDOCTYPE();
+
+ /**
+ * Creates DocumentBuilderFactory which throws SAXParseException when detecting
+ * external entities. It's magnitudes faster to call
+ * {@link #createDocumentBuilderWithErrorOnDOCTYPE()}.
+ *
+ * @return javax.xml.parsers.DocumentBuilderFactory
+ */
+ public static synchronized DocumentBuilderFactory createDocumentBuilderFactoryWithErrorOnDOCTYPE() {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ // completely disable DOCTYPE declaration:
+ try {
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); //$NON-NLS-1$
+ } catch (ParserConfigurationException e) {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ return factory;
+ }
+
+ /**
+ * Creates DocumentBuilder which throws SAXParseException when detecting
+ * external entities. The builder is not thread safe.
+ *
+ * @return javax.xml.parsers.DocumentBuilder
+ * @throws ParserConfigurationException
+ */
+ public static DocumentBuilder createDocumentBuilderWithErrorOnDOCTYPE() throws ParserConfigurationException {
+ return DOCUMENT_BUILDER_FACTORY_ERROR_ON_DOCTYPE.newDocumentBuilder();
+ }
+
+}
\ No newline at end of file
--- a/eclipse.platform.ui/bundles/org.eclipse.ui.forms/src/org/eclipse/ui/internal/forms/widgets/FormTextModel.java 2024-03-19 10:01:54.983094403 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.ui.forms/src/org/eclipse/ui/internal/forms/widgets/FormTextModel.java 2024-03-19 11:39:19.100332806 +0100
@@ -56,8 +56,9 @@
}
}
- private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory
- .newInstance();
+ @SuppressWarnings("restriction")
+ private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .createDocumentBuilderFactoryWithErrorOnDOCTYPE();
private boolean whitespaceNormalized = true;
@@ -132,13 +133,12 @@
public void parseInputStream(InputStream is, boolean expandURLs) {
- documentBuilderFactory.setNamespaceAware(true);
- documentBuilderFactory.setIgnoringComments(true);
+ DOCUMENT_BUILDER_FACTORY.setNamespaceAware(true);
+ DOCUMENT_BUILDER_FACTORY.setIgnoringComments(true);
reset();
try {
- DocumentBuilder parser = documentBuilderFactory
- .newDocumentBuilder();
+ DocumentBuilder parser = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
parser.setErrorHandler(new ParseErrorHandler());
InputSource source = new InputSource(is);
Document doc = parser.parse(source);
--- a/eclipse.platform.ui/bundles/org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/dialogs/WelcomeEditor.java 2024-03-19 10:01:54.916427593 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/dialogs/WelcomeEditor.java 2024-03-19 11:39:19.100332806 +0100
@@ -19,8 +19,6 @@
import java.net.URL;
import java.util.ArrayList;
-import javax.xml.parsers.ParserConfigurationException;
-
import org.eclipse.core.resources.IMarker;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.core.runtime.IStatus;
@@ -63,7 +61,6 @@
import org.eclipse.ui.internal.ide.IDEWorkbenchPlugin;
import org.eclipse.ui.internal.ide.IIDEHelpContextIds;
import org.eclipse.ui.part.EditorPart;
-import org.xml.sax.SAXException;
/**
* A "fake" editor to show a welcome page
@@ -853,7 +850,7 @@
*
* @see IEditorPart
*/
- public void gotoMarker(IMarker marker) {
+ public void gotoMarker(@SuppressWarnings({ "unused", "javadoc" }) IMarker marker) {
// do nothing
}
@@ -920,7 +917,7 @@
public void read(InputStream is) throws IOException {
try {
parser = new WelcomeParser();
- } catch (ParserConfigurationException | SAXException e) {
+ } catch (Exception e) {
throw (IOException) (new IOException().initCause(e));
}
parser.parse(is);
--- a/eclipse.platform.ui/bundles/org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/dialogs/WelcomeParser.java 2024-03-19 10:01:54.916427593 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.ui.ide/src/org/eclipse/ui/internal/ide/dialogs/WelcomeParser.java 2024-03-19 11:39:19.100332806 +0100
@@ -21,7 +21,6 @@
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
-import javax.xml.parsers.SAXParserFactory;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
@@ -333,14 +332,15 @@
/**
* Creates a new welcome parser.
+ *
+ * @throws ParserConfigurationException
+ * @throws SAXException
+ * @throws FactoryConfigurationError
*/
- public WelcomeParser() throws ParserConfigurationException, SAXException,
- FactoryConfigurationError {
- super();
- SAXParserFactory factory = SAXParserFactory.newInstance();
- factory.setFeature("http://xml.org/sax/features/namespaces", true); //$NON-NLS-1$
- parser = factory.newSAXParser();
-
+ public WelcomeParser() throws ParserConfigurationException, SAXException, FactoryConfigurationError {
+ @SuppressWarnings("restriction")
+ SAXParser p = org.eclipse.core.internal.runtime.XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE(true);
+ parser = p;
parser.getXMLReader().setContentHandler(this);
parser.getXMLReader().setDTDHandler(this);
parser.getXMLReader().setEntityResolver(this);
--- "a/eclipse.platform.ui/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java" 2024-03-19 10:01:54.933094295 +0100
+++ "b/eclipse.platform.ui/bundles/org.eclipse.ui.workbench/Eclipse UI/org/eclipse/ui/XMLMemento.java" 2024-03-19 11:46:51.181307067 +0100
@@ -51,6 +51,8 @@
private Element element;
+ private static String FILE_STRING = "file"; //$NON-NLS-1$
+
/**
* Creates a <code>Document</code> from the <code>Reader</code> and returns a
* memento on the first <code>Element</code> for reading the document.
@@ -84,8 +86,9 @@
Exception exception = null;
try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder parser = factory.newDocumentBuilder();
+ @SuppressWarnings("restriction")
+ DocumentBuilder parser = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .createDocumentBuilderWithErrorOnDOCTYPE();
InputSource source = new InputSource(reader);
if (baseDir != null) {
source.setSystemId(baseDir);
@@ -146,14 +149,13 @@
* type
*/
public static XMLMemento createWriteRoot(String type) throws DOMException {
- Document document;
try {
- document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ @SuppressWarnings("restriction")
+ Document document = org.eclipse.core.internal.runtime.XmlProcessorFactory.newDocumentWithErrorOnDOCTYPE();
Element element = document.createElement(type);
document.appendChild(element);
return new XMLMemento(document, element);
} catch (ParserConfigurationException e) {
-// throw new Error(e);
throw new Error(e.getMessage());
}
}
--- a/eclipse.platform.ui/bundles/org.eclipse.urischeme/src/org/eclipse/urischeme/internal/registration/PlistFileWriter.java 2024-03-19 10:01:54.876427507 +0100
+++ b/eclipse.platform.ui/bundles/org.eclipse.urischeme/src/org/eclipse/urischeme/internal/registration/PlistFileWriter.java 2024-03-20 13:59:52.205700452 +0100
@@ -19,8 +19,6 @@
import java.io.Reader;
import java.io.Writer;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
@@ -206,7 +204,10 @@
private void transformDocument(Writer writer) {
try {
DOMSource source = new DOMSource(this.document);
- TransformerFactory.newInstance().newTransformer().transform(source, new StreamResult(writer));
+ @SuppressWarnings("restriction")
+ TransformerFactory f = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .createTransformerFactoryWithErrorOnDOCTYPE();
+ f.newTransformer().transform(source, new StreamResult(writer));
} catch (TransformerException e) {
throw new IllegalStateException(e);
} finally {
@@ -214,11 +215,11 @@
}
}
+ @SuppressWarnings("restriction")
private Document getDom(Reader reader) {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
try {
- DocumentBuilder builder = factory.newDocumentBuilder();
- return builder.parse(new InputSource(reader));
+ return org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .parseWithErrorOnDOCTYPE(new InputSource(reader));
} catch (ParserConfigurationException | IOException | SAXException e) {
throw new IllegalArgumentException(e);
} finally {
--- a/eclipse.platform.ui/tests/org.eclipse.ui.tests.pluginchecks/src/org/eclipse/ui/tests/pluginchecks/PluginWalkerTest.java 2024-03-19 10:01:55.063094576 +0100
+++ b/eclipse.platform.ui/tests/org.eclipse.ui.tests.pluginchecks/src/org/eclipse/ui/tests/pluginchecks/PluginWalkerTest.java 2024-03-19 11:39:19.103666147 +0100
@@ -32,6 +32,7 @@
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+import org.eclipse.core.internal.runtime.XmlProcessorFactory;
import org.eclipse.core.runtime.IConfigurationElement;
import org.eclipse.core.runtime.IExtension;
import org.eclipse.core.runtime.IExtensionPoint;
@@ -61,6 +62,7 @@
* be accessed
*
*/
+@SuppressWarnings("restriction")
public class PluginWalkerTest {
private BundleContext bundleContext;
@@ -188,7 +190,7 @@
}
private static DocumentBuilder createDocumentBuilder() throws ParserConfigurationException {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ DocumentBuilderFactory factory = XmlProcessorFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
factory.setNamespaceAware(true);
return factory.newDocumentBuilder();
}
--- a/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/component/tabs/DocUtil.java 2024-03-19 10:01:56.529764403 +0100
+++ b/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/component/tabs/DocUtil.java 2024-03-19 11:39:19.103666147 +0100
@@ -14,8 +14,8 @@
package org.eclipse.e4.tools.emf.ui.internal.common.component.tabs;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
+
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -25,6 +25,7 @@
* @author Steven Spungin
*
*/
+@SuppressWarnings("restriction")
public class DocUtil {
public static Element createChild(Element parent, String name) {
@@ -34,7 +35,7 @@
}
public static Document createDocument(String name) throws ParserConfigurationException {
- Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Document doc = org.eclipse.core.internal.runtime.XmlProcessorFactory.newDocumentWithErrorOnDOCTYPE();
doc.appendChild(doc.createElement(name));
return doc;
}
--- a/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/component/tabs/ListTab.java 2024-03-19 10:01:56.529764403 +0100
+++ b/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/component/tabs/ListTab.java 2024-03-19 11:39:19.103666147 +0100
@@ -30,7 +30,6 @@
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
@@ -251,8 +250,9 @@
final String xml = pref.get("list-tab-xml", ""); //$NON-NLS-1$ //$NON-NLS-2$
if (E.notEmpty(xml)) {
try {
- final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
- .parse(new InputSource(new StringReader(xml)));
+ @SuppressWarnings("restriction")
+ final Document doc = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .parseWithErrorOnDOCTYPE(new InputSource(new StringReader(xml)));
final XPath xpath = XPathFactory.newInstance().newXPath();
NodeList list;
if (restoreColumns) {
@@ -324,7 +324,9 @@
// @Refactor
static private String docToString(Document doc) throws TransformerException {
- final TransformerFactory tf = TransformerFactory.newInstance();
+ @SuppressWarnings("restriction")
+ final TransformerFactory tf = org.eclipse.core.internal.runtime.XmlProcessorFactory
+ .createTransformerFactoryWithErrorOnDOCTYPE();
final Transformer transformer = tf.newTransformer();
transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); //$NON-NLS-1$
final StringWriter writer = new StringWriter();
--- a/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/resourcelocator/TargetPlatformContributionCollector.java 2024-03-19 10:01:56.533097743 +0100
+++ b/eclipse.platform.ui.tools/bundles/org.eclipse.e4.tools.emf.ui/src/org/eclipse/e4/tools/emf/ui/internal/common/resourcelocator/TargetPlatformContributionCollector.java 2024-03-19 11:39:19.103666147 +0100
@@ -36,11 +36,11 @@
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
+import org.eclipse.core.internal.runtime.XmlProcessorFactory;
import org.eclipse.core.resources.IProject;
import org.eclipse.core.resources.IWorkspace;
import org.eclipse.core.runtime.IPath;
@@ -86,6 +86,7 @@
* @author Steven Spungin
*
*/
+@SuppressWarnings("restriction")
public abstract class TargetPlatformContributionCollector extends ClassContributionCollector {
CopyOnWriteArrayList<Entry> cacheEntry = new CopyOnWriteArrayList<>();
@@ -594,8 +595,8 @@
ret = new ArrayList<>();
outputDirectories.put(installLocation, ret);
try {
- final Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
- .parse(new File(installLocation + File.separator + ".classpath")); //$NON-NLS-1$
+ File file = new File(installLocation + File.separator + ".classpath"); //$NON-NLS-1$
+ final Document doc = XmlProcessorFactory.parseWithErrorOnDOCTYPE(file);
final XPath xp = XPathFactory.newInstance().newXPath();
final NodeList list = (NodeList) xp.evaluate(
"//classpathentry[@kind='output']/@path", doc, XPathConstants.NODESET); //$NON-NLS-1$