You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ni...@apache.org on 2014/01/10 10:18:12 UTC
git commit: CAMEL-7123 Enable the xml transformer security processing
feature by default
Updated Branches:
refs/heads/master d6b118e5d -> e922f8929
CAMEL-7123 Enable the xml transformer security processing feature by default
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/e922f892
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/e922f892
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/e922f892
Branch: refs/heads/master
Commit: e922f89290f236f3107039de61af0375826bd96d
Parents: d6b118e
Author: Willem Jiang <wi...@gmail.com>
Authored: Fri Jan 10 17:17:30 2014 +0800
Committer: Willem Jiang <wi...@gmail.com>
Committed: Fri Jan 10 17:17:59 2014 +0800
----------------------------------------------------------------------
.../camel/converter/jaxp/XmlConverter.java | 6 ++
.../component/xslt/XsltFeatureRouteTest.java | 62 ++++++++++++++++++
.../camel/component/xslt/XsltRouteTest.java | 28 ++++++++-
.../camel/component/xslt/transform_text.xsl | 31 +++++++++
.../component/xslt/transform_text_imported.xsl | 25 ++++++++
.../xslt/SaxonXsltFeatureRouteTest.java | 66 ++++++++++++++++++++
.../camel/component/xslt/transform_text.xsl | 31 +++++++++
.../component/xslt/transform_text_imported.xsl | 25 ++++++++
8 files changed, 273 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
index d841a15..43d39a4 100644
--- a/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
+++ b/camel-core/src/main/java/org/apache/camel/converter/jaxp/XmlConverter.java
@@ -974,6 +974,12 @@ public class XmlConverter {
public TransformerFactory createTransformerFactory() {
TransformerFactory factory = TransformerFactory.newInstance();
+ // Enable the Security feature by default
+ try {
+ factory.setFeature(javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ } catch (TransformerConfigurationException e) {
+ LOG.warn("TransformerFactory doesn't support the feature {} with value {}, due to {}.", new Object[]{javax.xml.XMLConstants.FEATURE_SECURE_PROCESSING, "true", e});
+ }
factory.setErrorListener(new XmlErrorListener());
return factory;
}
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java
----------------------------------------------------------------------
diff --git a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java
new file mode 100644
index 0000000..0456444
--- /dev/null
+++ b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltFeatureRouteTest.java
@@ -0,0 +1,62 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xslt;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.ContextTestSupport;
+import org.apache.camel.builder.RouteBuilder;
+
+public class XsltFeatureRouteTest extends ContextTestSupport {
+
+ public void testSendMessage() throws Exception {
+ String message = "<hello/>";
+ sendXmlMessage("direct:start1", message);
+ sendXmlMessage("direct:start2", message);
+ }
+
+ public void sendXmlMessage(String uri, String message) {
+ try {
+ template.sendBody("direct:start1", message);
+ fail("expect an exception here");
+ } catch (Exception ex) {
+ // expect an exception here
+ assertTrue("Get a wrong exception", ex instanceof CamelExecutionException);
+ assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException);
+ }
+
+ }
+
+
+ @Override
+ protected RouteBuilder createRouteBuilder() throws Exception {
+ return new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("direct:start1")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text.xsl")
+ .to("mock:result");
+ }
+ };
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
----------------------------------------------------------------------
diff --git a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
index df6c4cc..9d1e5d9 100644
--- a/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
+++ b/camel-core/src/test/java/org/apache/camel/component/xslt/XsltRouteTest.java
@@ -22,9 +22,11 @@ import org.apache.camel.ContextTestSupport;
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.converter.jaxp.XmlConverter;
import org.apache.camel.impl.JndiRegistry;
public class XsltRouteTest extends ContextTestSupport {
+
public void testSendStringMessage() throws Exception {
sendMessageAndHaveItTransformed("<mail><subject>Hey</subject><body>Hello world!</body></mail>");
}
@@ -32,6 +34,24 @@ public class XsltRouteTest extends ContextTestSupport {
public void testSendBytesMessage() throws Exception {
sendMessageAndHaveItTransformed("<mail><subject>Hey</subject><body>Hello world!</body></mail>".getBytes());
}
+
+ public void testSendEntityMessage() throws Exception {
+
+ MockEndpoint endpoint = getMockEndpoint("mock:result");
+ endpoint.expectedMessageCount(1);
+ //String message = "<!DOCTYPE foo [<!ENTITY xxe SYSTEM \"file:///Users//jiangning//.CFUserTextEncoding\">]><task><name>&xxe;</name></task>";
+
+ String message = "<hello/>";
+ template.sendBody("direct:start2", message);
+
+ assertMockEndpointsSatisfied();
+
+ List<Exchange> list = endpoint.getReceivedExchanges();
+ Exchange exchange = list.get(0);
+ String xml = exchange.getIn().getBody(String.class);
+
+ System.out.println(xml);
+ }
private void sendMessageAndHaveItTransformed(Object body) throws Exception {
MockEndpoint endpoint = getMockEndpoint("mock:result");
@@ -44,7 +64,8 @@ public class XsltRouteTest extends ContextTestSupport {
List<Exchange> list = endpoint.getReceivedExchanges();
Exchange exchange = list.get(0);
String xml = exchange.getIn().getBody(String.class);
-
+ System.out.println(xml);
+
assertNotNull("The transformed XML should not be null", xml);
assertTrue(xml.indexOf("transformed") > -1);
// the cheese tag is in the transform.xsl
@@ -62,11 +83,16 @@ public class XsltRouteTest extends ContextTestSupport {
return new RouteBuilder() {
@Override
public void configure() throws Exception {
+
from("direct:start")
.to("xslt:org/apache/camel/component/xslt/transform.xsl")
.multicast()
.beanRef("testBean")
.to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
}
};
}
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
----------------------------------------------------------------------
diff --git a/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
new file mode 100644
index 0000000..6c38e4a
--- /dev/null
+++ b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:date="http://xml.apache.org/xalan/java/java.util.Date"
+ xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime"
+ xmlns:str="http://xml.apache.org/xalan/java/java.lang.String"
+ exclude-result-prefixes="date">
+ <xsl:output method="text"/>
+ <xsl:template match="/">
+ <xsl:variable name="cmd"><![CDATA[/usr/bin/test]]></xsl:variable>
+ <xsl:variable name="rtObj" select="rt:getRuntime()"/>
+ <xsl:variable name="process" select="rt:exec($rtObj, $cmd)"/>
+ <xsl:text>Process: </xsl:text><xsl:value-of select="$process"/>
+ </xsl:template>
+</xsl:stylesheet>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
----------------------------------------------------------------------
diff --git a/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
new file mode 100644
index 0000000..8954b0a
--- /dev/null
+++ b/camel-core/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+ <xsl:import href="transform_text.xsl"/>
+ <xsl:template match="/">
+ <xsl:apply-imports/>
+ </xsl:template>
+</xsl:stylesheet>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java
----------------------------------------------------------------------
diff --git a/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java
new file mode 100644
index 0000000..12b438c
--- /dev/null
+++ b/components/camel-saxon/src/test/java/org/apache/camel/component/xslt/SaxonXsltFeatureRouteTest.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.xslt;
+
+import javax.xml.transform.TransformerException;
+
+import org.apache.camel.CamelExecutionException;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.junit.Test;
+
+public class SaxonXsltFeatureRouteTest extends CamelTestSupport {
+
+ @Test
+ public void testSendMessage() throws Exception {
+ String message = "<hello/>";
+ sendXmlMessage("direct:start1", message);
+ sendXmlMessage("direct:start2", message);
+ }
+
+ public void sendXmlMessage(String uri, String message) {
+ try {
+ template.sendBody("direct:start1", message);
+ fail("expect an exception here");
+ } catch (Exception ex) {
+ // expect an exception here
+ assertTrue("Get a wrong exception", ex instanceof CamelExecutionException);
+ assertTrue("Get a wrong exception cause", ex.getCause() instanceof TransformerException);
+ }
+
+ }
+
+
+ @Override
+ protected RouteBuilder createRouteBuilder() throws Exception {
+ return new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ from("direct:start1")
+ .to("xslt:org/apache/camel/component/xslt/transform_text_imported.xsl")
+ .to("mock:result");
+
+ from("direct:start2")
+ .to("xslt:org/apache/camel/component/xslt/transform_text.xsl")
+ .to("mock:result");
+ }
+ };
+ }
+
+
+
+}
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
----------------------------------------------------------------------
diff --git a/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
new file mode 100644
index 0000000..6c38e4a
--- /dev/null
+++ b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text.xsl
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:date="http://xml.apache.org/xalan/java/java.util.Date"
+ xmlns:rt="http://xml.apache.org/xalan/java/java.lang.Runtime"
+ xmlns:str="http://xml.apache.org/xalan/java/java.lang.String"
+ exclude-result-prefixes="date">
+ <xsl:output method="text"/>
+ <xsl:template match="/">
+ <xsl:variable name="cmd"><![CDATA[/usr/bin/test]]></xsl:variable>
+ <xsl:variable name="rtObj" select="rt:getRuntime()"/>
+ <xsl:variable name="process" select="rt:exec($rtObj, $cmd)"/>
+ <xsl:text>Process: </xsl:text><xsl:value-of select="$process"/>
+ </xsl:template>
+</xsl:stylesheet>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/camel/blob/e922f892/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
----------------------------------------------------------------------
diff --git a/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
new file mode 100644
index 0000000..e7ae4b0
--- /dev/null
+++ b/components/camel-saxon/src/test/resources/org/apache/camel/component/xslt/transform_text_imported.xsl
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+ <xsl:import href="transform_text.xsl"/>
+
+ <xsl:template match="/">
+ <xsl:apply-imports/></xsl:template>
+</xsl:stylesheet>
\ No newline at end of file