You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2020/10/19 08:20:43 UTC
[santuario-xml-security-java] branch master updated: Fixing a few
potential NPEs
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/master by this push:
new 3157d53 Fixing a few potential NPEs
3157d53 is described below
commit 3157d5333e02e10608ed36d8b5b1398c28484c20
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Oct 19 09:12:09 2020 +0100
Fixing a few potential NPEs
---
.../java/org/apache/xml/security/encryption/XMLCipherInput.java | 1 +
.../apache/xml/security/stax/impl/XMLSecurityStreamWriter.java | 2 +-
.../xml/security/stax/impl/transformer/TransformIdentity.java | 1 +
src/main/java/org/apache/xml/security/utils/ClassLoaderUtils.java | 8 +++++++-
.../java/org/apache/xml/security/utils/DOMNamespaceContext.java | 2 +-
5 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java b/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
index a398191..327dc14 100644
--- a/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
+++ b/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
@@ -124,6 +124,7 @@ public class XMLCipherInput {
LOG.debug("Managed to resolve URI \"{}\"", cr.getURI());
} else {
LOG.debug("Failed to resolve URI \"{}\"", cr.getURI());
+ throw new XMLEncryptionException();
}
// Lets see if there are any transforms
diff --git a/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java b/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
index bd0fda2..d4b5b44 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/XMLSecurityStreamWriter.java
@@ -462,7 +462,7 @@ public class XMLSecurityStreamWriter implements XMLStreamWriter {
private NSContext getNamespaceContext() {
if (this.namespaceContext == null) {
- if (emptyElement) {
+ if (emptyElement && parentElement != null) {
this.namespaceContext = parentElement.getNamespaceContext();
} else if (parentElement != null) {
this.namespaceContext = new NSContext(parentElement.getNamespaceContext());
diff --git a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
index 3d262da..6f9da31 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
@@ -55,6 +55,7 @@ public class TransformIdentity implements Transformer {
synchronized(TransformIdentity.class) {
if (xmlInputFactory == null) {
xmlInputFactory = XMLInputFactory.newInstance();
+ xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
}
}
return xmlInputFactory;
diff --git a/src/main/java/org/apache/xml/security/utils/ClassLoaderUtils.java b/src/main/java/org/apache/xml/security/utils/ClassLoaderUtils.java
index 47c9b0b..5b10063 100644
--- a/src/main/java/org/apache/xml/security/utils/ClassLoaderUtils.java
+++ b/src/main/java/org/apache/xml/security/utils/ClassLoaderUtils.java
@@ -53,6 +53,9 @@ public final class ClassLoaderUtils {
* @param callingClass The Class object of the calling object
*/
public static URL getResource(String resourceName, Class<?> callingClass) {
+ if (resourceName == null) {
+ throw new NullPointerException();
+ }
URL url = Thread.currentThread().getContextClassLoader().getResource(resourceName);
if (url == null && resourceName.charAt(0) == '/') {
//certain classloaders need it without the leading /
@@ -106,6 +109,9 @@ public final class ClassLoaderUtils {
* @param callingClass The Class object of the calling object
*/
public static List<URL> getResources(String resourceName, Class<?> callingClass) {
+ if (resourceName == null) {
+ throw new NullPointerException();
+ }
List<URL> ret = new ArrayList<>();
Enumeration<URL> urls = new Enumeration<URL>() {
public boolean hasMoreElements() {
@@ -181,7 +187,7 @@ public final class ClassLoaderUtils {
}
- if (ret.isEmpty() && resourceName != null && resourceName.charAt(0) != '/') {
+ if (ret.isEmpty() && resourceName.charAt(0) != '/') {
return getResources('/' + resourceName, callingClass);
}
return ret;
diff --git a/src/main/java/org/apache/xml/security/utils/DOMNamespaceContext.java b/src/main/java/org/apache/xml/security/utils/DOMNamespaceContext.java
index 81f812c..2fb2cae 100644
--- a/src/main/java/org/apache/xml/security/utils/DOMNamespaceContext.java
+++ b/src/main/java/org/apache/xml/security/utils/DOMNamespaceContext.java
@@ -123,7 +123,7 @@ public class DOMNamespaceContext implements NamespaceContext {
return DEFAULT_NS_PREFIX;
}
}
- if (namespaceURI == null) {
+ if (namespaceURI == null && context != null) {
return context.lookupNamespaceURI(null) != null ? null : DEFAULT_NS_PREFIX;
} else if (namespaceURI.equals(XML_NS_URI)) {
return XML_NS_PREFIX;