You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mr...@apache.org on 2011/10/07 17:52:50 UTC
svn commit: r1180083 - in
/xml/commons/trunk/java/src/org/apache/xml/resolver: Catalog.java
CatalogManager.java Resolver.java SecuritySupport.java apps/resolver.java
Author: mrglavas
Date: Fri Oct 7 15:52:50 2011
New Revision: 1180083
URL: http://svn.apache.org/viewvc?rev=1180083&view=rev
Log:
The resolver should access system properties through AccessController.doPrivileged().
Added:
xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java (with props)
Modified:
xml/commons/trunk/java/src/org/apache/xml/resolver/Catalog.java
xml/commons/trunk/java/src/org/apache/xml/resolver/CatalogManager.java
xml/commons/trunk/java/src/org/apache/xml/resolver/Resolver.java
xml/commons/trunk/java/src/org/apache/xml/resolver/apps/resolver.java
Modified: xml/commons/trunk/java/src/org/apache/xml/resolver/Catalog.java
URL: http://svn.apache.org/viewvc/xml/commons/trunk/java/src/org/apache/xml/resolver/Catalog.java?rev=1180083&r1=1180082&r2=1180083&view=diff
==============================================================================
--- xml/commons/trunk/java/src/org/apache/xml/resolver/Catalog.java (original)
+++ xml/commons/trunk/java/src/org/apache/xml/resolver/Catalog.java Fri Oct 7 15:52:50 2011
@@ -814,7 +814,7 @@ public class Catalog {
// tack on a basename because URLs point to files not dirs
catalogCwd = FileURL.makeURL("basename");
} catch (MalformedURLException e) {
- String userdir = System.getProperty("user.dir");
+ String userdir = SecuritySupport.getSystemProperty("user.dir");
userdir = userdir.replace('\\', '/');
catalogManager.debug.message(1, "Malformed URL on cwd", userdir);
catalogCwd = null;
@@ -1710,7 +1710,7 @@ public class Catalog {
protected String resolveLocalSystem(String systemId)
throws MalformedURLException, IOException {
- String osname = System.getProperty("os.name");
+ String osname = SecuritySupport.getSystemProperty("os.name");
boolean windows = (osname.indexOf("Windows") >= 0);
Enumeration en = catalogEntries.elements();
while (en.hasMoreElements()) {
Modified: xml/commons/trunk/java/src/org/apache/xml/resolver/CatalogManager.java
URL: http://svn.apache.org/viewvc/xml/commons/trunk/java/src/org/apache/xml/resolver/CatalogManager.java?rev=1180083&r1=1180082&r2=1180083&view=diff
==============================================================================
--- xml/commons/trunk/java/src/org/apache/xml/resolver/CatalogManager.java (original)
+++ xml/commons/trunk/java/src/org/apache/xml/resolver/CatalogManager.java Fri Oct 7 15:52:50 2011
@@ -135,8 +135,8 @@ public class CatalogManager {
/** Flag to ignore missing property files and/or properties */
private boolean ignoreMissingProperties
- = (System.getProperty(pIgnoreMissing) != null
- || System.getProperty(pFiles) != null);
+ = (SecuritySupport.getSystemProperty(pIgnoreMissing) != null
+ || SecuritySupport.getSystemProperty(pFiles) != null);
/** Holds the resources after they are loaded from the file. */
private ResourceBundle resources;
@@ -229,7 +229,7 @@ public class CatalogManager {
/** Query system property for verbosity level. */
private void queryVerbosityFromSysProp() {
- String verbStr = System.getProperty(pVerbosity);
+ String verbStr = SecuritySupport.getSystemProperty(pVerbosity);
if (verbStr != null) {
try {
int verb = Integer.parseInt(verbStr.trim());
@@ -335,7 +335,7 @@ public class CatalogManager {
private int queryVerbosity () {
String defaultVerbStr = Integer.toString(defaultVerbosity);
- String verbStr = System.getProperty(pVerbosity);
+ String verbStr = SecuritySupport.getSystemProperty(pVerbosity);
if (verbStr == null) {
if (resources==null) readProperties();
@@ -470,7 +470,7 @@ public class CatalogManager {
* @return A semicolon delimited list of catlog file URIs
*/
private String queryCatalogFiles () {
- String catalogList = System.getProperty(pFiles);
+ String catalogList = SecuritySupport.getSystemProperty(pFiles);
fromPropertiesFile = false;
if (catalogList == null) {
@@ -555,7 +555,7 @@ public class CatalogManager {
* defaultPreferSetting.
*/
private boolean queryPreferPublic () {
- String prefer = System.getProperty(pPrefer);
+ String prefer = SecuritySupport.getSystemProperty(pPrefer);
if (prefer == null) {
if (resources==null) readProperties();
@@ -614,7 +614,7 @@ public class CatalogManager {
* defaultUseStaticCatalog.
*/
private boolean queryUseStaticCatalog () {
- String staticCatalog = System.getProperty(pStatic);
+ String staticCatalog = SecuritySupport.getSystemProperty(pStatic);
if (staticCatalog == null) {
if (resources==null) readProperties();
@@ -745,7 +745,7 @@ public class CatalogManager {
* defaultOasisXMLCatalogPI.
*/
public boolean queryAllowOasisXMLCatalogPI () {
- String allow = System.getProperty(pAllowPI);
+ String allow = SecuritySupport.getSystemProperty(pAllowPI);
if (allow == null) {
if (resources==null) readProperties();
@@ -798,7 +798,7 @@ public class CatalogManager {
*
*/
public String queryCatalogClassName () {
- String className = System.getProperty(pClassname);
+ String className = SecuritySupport.getSystemProperty(pClassname);
if (className == null) {
if (resources==null) readProperties();
Modified: xml/commons/trunk/java/src/org/apache/xml/resolver/Resolver.java
URL: http://svn.apache.org/viewvc/xml/commons/trunk/java/src/org/apache/xml/resolver/Resolver.java?rev=1180083&r1=1180082&r2=1180083&view=diff
==============================================================================
--- xml/commons/trunk/java/src/org/apache/xml/resolver/Resolver.java (original)
+++ xml/commons/trunk/java/src/org/apache/xml/resolver/Resolver.java Fri Oct 7 15:52:50 2011
@@ -520,7 +520,7 @@ public class Resolver extends Catalog {
*/
private Vector resolveAllLocalSystem(String systemId) {
Vector map = new Vector();
- String osname = System.getProperty("os.name");
+ String osname = SecuritySupport.getSystemProperty("os.name");
boolean windows = (osname.indexOf("Windows") >= 0);
Enumeration en = catalogEntries.elements();
while (en.hasMoreElements()) {
@@ -548,7 +548,7 @@ public class Resolver extends Catalog {
*/
private Vector resolveLocalSystemReverse(String systemId) {
Vector map = new Vector();
- String osname = System.getProperty("os.name");
+ String osname = SecuritySupport.getSystemProperty("os.name");
boolean windows = (osname.indexOf("Windows") >= 0);
Enumeration en = catalogEntries.elements();
while (en.hasMoreElements()) {
Added: xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java
URL: http://svn.apache.org/viewvc/xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java?rev=1180083&view=auto
==============================================================================
--- xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java (added)
+++ xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java Fri Oct 7 15:52:50 2011
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// $Id$
+
+package org.apache.xml.resolver;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security related methods. Kept as package private so that
+ * they are not exposed to arbitrary code.
+ */
+final class SecuritySupport {
+
+ private SecuritySupport() {}
+
+ static String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+}
Propchange: xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: xml/commons/trunk/java/src/org/apache/xml/resolver/SecuritySupport.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Modified: xml/commons/trunk/java/src/org/apache/xml/resolver/apps/resolver.java
URL: http://svn.apache.org/viewvc/xml/commons/trunk/java/src/org/apache/xml/resolver/apps/resolver.java?rev=1180083&r1=1180082&r2=1180083&view=diff
==============================================================================
--- xml/commons/trunk/java/src/org/apache/xml/resolver/apps/resolver.java (original)
+++ xml/commons/trunk/java/src/org/apache/xml/resolver/apps/resolver.java Fri Oct 7 15:52:50 2011
@@ -23,6 +23,8 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Vector;
import org.apache.xml.resolver.Catalog;
@@ -197,7 +199,10 @@ public class resolver {
// tack on a basename because URLs point to files not dirs
base = FileURL.makeURL("basename");
} catch (MalformedURLException e) {
- String userdir = System.getProperty("user.dir");
+ String userdir = (String) AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty("user.dir");
+ }});
userdir = userdir.replace('\\', '/');
debug.message(1, "Malformed URL on cwd", userdir);
base = null;
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org