You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cayenne.apache.org by nt...@apache.org on 2018/07/10 14:21:39 UTC

[1/2] cayenne git commit: Disable XML external entities

Repository: cayenne
Updated Branches:
  refs/heads/STABLE-3.1 1e9c4837d -> bf01e60ec


Disable XML external entities


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/5714108e
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/5714108e
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/5714108e

Branch: refs/heads/STABLE-3.1
Commit: 5714108e8a4dabbc89957f562ad46035064ef731
Parents: 1e9c483
Author: Nikita Timofeev <st...@gmail.com>
Authored: Tue Jul 10 17:21:11 2018 +0300
Committer: Nikita Timofeev <st...@gmail.com>
Committed: Tue Jul 10 17:21:11 2018 +0300

----------------------------------------------------------------------
 .../src/main/java/org/apache/cayenne/util/Util.java      |  3 +++
 .../src/main/java/org/apache/cayenne/xml/XMLUtil.java    | 11 +++++++++++
 .../org/apache/cayenne/project/unit/Project2Case.java    | 11 +++++++++++
 3 files changed, 25 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
index f926430..429258c 100644
--- a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
+++ b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/util/Util.java
@@ -402,6 +402,9 @@ public class Util {
 
         // Create a JAXP SAXParser
         SAXParser saxParser = spf.newSAXParser();
+        spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+        spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
 
         // Get the encapsulated SAX XMLReader
         XMLReader reader = saxParser.getXMLReader();

http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
index 4982d3e..8dcd4b9 100644
--- a/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
+++ b/framework/cayenne-jdk1.5-unpublished/src/main/java/org/apache/cayenne/xml/XMLUtil.java
@@ -59,6 +59,17 @@ class XMLUtil {
     static DocumentBuilder newBuilder() throws CayenneRuntimeException {
         if (sharedFactory == null) {
             sharedFactory = DocumentBuilderFactory.newInstance();
+            sharedFactory.setNamespaceAware(false);
+            sharedFactory.setExpandEntityReferences(false);
+            sharedFactory.setXIncludeAware(false);
+            try {
+                sharedFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+                sharedFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+                sharedFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+                sharedFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+            } catch (ParserConfigurationException ex) {
+                throw new CayenneRuntimeException("Unable to configure DocumentBuilderFactory", ex);
+            }
         }
 
         try {

http://git-wip-us.apache.org/repos/asf/cayenne/blob/5714108e/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
----------------------------------------------------------------------
diff --git a/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java b/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
index 4252b18..07f122d 100644
--- a/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
+++ b/framework/cayenne-project/src/test/java/org/apache/cayenne/project/unit/Project2Case.java
@@ -42,6 +42,17 @@ public class Project2Case extends TestCase {
      */
     protected Document toDOMTree(File file) {
         DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(false);
+        dbf.setExpandEntityReferences(false);
+        dbf.setXIncludeAware(false);
+        try {
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+            dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
+        } catch (ParserConfigurationException ex) {
+            throw new RuntimeException("Unable to configure DocumentBuilderFactory", ex);
+        }
         DocumentBuilder domParser;
         try {
             domParser = dbf.newDocumentBuilder();

[2/2] cayenne git commit: Enable travis

Posted by nt...@apache.org.

Enable travis


Project: http://git-wip-us.apache.org/repos/asf/cayenne/repo
Commit: http://git-wip-us.apache.org/repos/asf/cayenne/commit/bf01e60e
Tree: http://git-wip-us.apache.org/repos/asf/cayenne/tree/bf01e60e
Diff: http://git-wip-us.apache.org/repos/asf/cayenne/diff/bf01e60e

Branch: refs/heads/STABLE-3.1
Commit: bf01e60ec14a7b6123b1c957d2a362b7238d76b6
Parents: 5714108
Author: Nikita Timofeev <st...@gmail.com>
Authored: Tue Jul 10 17:21:24 2018 +0300
Committer: Nikita Timofeev <st...@gmail.com>
Committed: Tue Jul 10 17:21:24 2018 +0300

----------------------------------------------------------------------
 .travis.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cayenne/blob/bf01e60e/.travis.yml
----------------------------------------------------------------------
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 0000000..95d9993
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,32 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+group: deprecated-2017Q2 # needed for jdk 7
+
+language: java
+
+env:
+  - DB_PROFILE=hsql
+  - DB_PROFILE=derby
+
+jdk:
+  - oraclejdk7
+  - oraclejdk8
+
+script:
+  - travis_wait 30 mvn verify -q -DcayenneTestConnection=$DB_PROFILE
+
+# prevent Travis from unneeded "mvn install" run
+install: true