You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by mk...@apache.org on 2005/06/08 15:10:08 UTC
cvs commit: xml-xalan/java/src/org/apache/xalan/xsltc/trax TemplatesHandlerImpl.java TemplatesImpl.java TrAXFilter.java TransformerFactoryImpl.java TransformerImpl.java Util.java
mkwan 2005/06/08 06:10:08
Modified: java/src/org/apache/xalan/xsltc/compiler FunctionCall.java
Parser.java TransletOutput.java XSLTC.java
java/src/org/apache/xalan/xsltc/runtime BasisLibrary.java
ErrorMessages.java
java/src/org/apache/xalan/xsltc/trax
TemplatesHandlerImpl.java TemplatesImpl.java
TrAXFilter.java TransformerFactoryImpl.java
TransformerImpl.java Util.java
Log:
Patch for XALANJ-2136
Implement the secure processing feature for XSLTC. Extension functions
and extension elements are disabled when this feature is set to true.
Revision Changes Path
1.40 +20 -1 xml-xalan/java/src/org/apache/xalan/xsltc/compiler/FunctionCall.java
Index: FunctionCall.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/compiler/FunctionCall.java,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- FunctionCall.java 16 Mar 2004 22:46:03 -0000 1.39
+++ FunctionCall.java 8 Jun 2005 13:10:08 -0000 1.40
@@ -699,6 +699,7 @@
final int n = argumentCount();
final ConstantPoolGen cpg = classGen.getConstantPool();
final InstructionList il = methodGen.getInstructionList();
+ final boolean isSecureProcessing = classGen.getParser().getXSLTC().isSecureProcessing();
int index;
// Translate calls to methods in the BasisLibrary
@@ -742,6 +743,9 @@
il.append(new INVOKESTATIC(index));
}
else if (_isExtConstructor) {
+ if (isSecureProcessing)
+ translateUnallowedExtension(cpg, il);
+
final String clazz =
_chosenConstructor.getDeclaringClass().getName();
Class[] paramTypes = _chosenConstructor.getParameterTypes();
@@ -777,6 +781,9 @@
}
// Invoke function calls that are handled in separate classes
else {
+ if (isSecureProcessing)
+ translateUnallowedExtension(cpg, il);
+
final String clazz = _chosenMethod.getDeclaringClass().getName();
Class[] paramTypes = _chosenMethod.getParameterTypes();
@@ -1045,4 +1052,16 @@
return buff.toString();
}
+ /**
+ * Translate code to call the BasisLibrary.unallowed_extensionF(String)
+ * method.
+ */
+ private void translateUnallowedExtension(ConstantPoolGen cpg,
+ InstructionList il) {
+ int index = cpg.addMethodref(BASIS_LIBRARY_CLASS,
+ "unallowed_extension_functionF",
+ "(Ljava/lang/String;)V");
+ il.append(new PUSH(cpg, _fname.toString()));
+ il.append(new INVOKESTATIC(index));
+ }
}
1.69 +10 -1 xml-xalan/java/src/org/apache/xalan/xsltc/compiler/Parser.java
Index: Parser.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/compiler/Parser.java,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- Parser.java 3 Jun 2005 15:52:45 -0000 1.68
+++ Parser.java 8 Jun 2005 13:10:08 -0000 1.69
@@ -31,6 +31,7 @@
import java.util.Vector;
import java_cup.runtime.Symbol;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -445,6 +446,14 @@
try {
// Create a SAX parser and get the XMLReader object it uses
final SAXParserFactory factory = SAXParserFactory.newInstance();
+
+ if (_xsltc.isSecureProcessing()) {
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ }
+ catch (SAXException e) {}
+ }
+
try {
factory.setFeature(Constants.NAMESPACE_FEATURE,true);
}
1.13 +13 -1 xml-xalan/java/src/org/apache/xalan/xsltc/compiler/TransletOutput.java
Index: TransletOutput.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/compiler/TransletOutput.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- TransletOutput.java 16 Feb 2004 22:25:10 -0000 1.12
+++ TransletOutput.java 8 Jun 2005 13:10:08 -0000 1.13
@@ -20,6 +20,7 @@
package org.apache.xalan.xsltc.compiler;
import org.apache.bcel.generic.ConstantPoolGen;
+import org.apache.bcel.generic.INVOKESTATIC;
import org.apache.bcel.generic.INVOKEVIRTUAL;
import org.apache.bcel.generic.InstructionList;
import org.apache.bcel.generic.PUSH;
@@ -96,6 +97,17 @@
public void translate(ClassGenerator classGen, MethodGenerator methodGen) {
final ConstantPoolGen cpg = classGen.getConstantPool();
final InstructionList il = methodGen.getInstructionList();
+ final boolean isSecureProcessing = classGen.getParser().getXSLTC()
+ .isSecureProcessing();
+
+ if (isSecureProcessing) {
+ int index = cpg.addMethodref(BASIS_LIBRARY_CLASS,
+ "unallowed_extension_elementF",
+ "(Ljava/lang/String;)V");
+ il.append(new PUSH(cpg, "redirect"));
+ il.append(new INVOKESTATIC(index));
+ return;
+ }
// Save the current output handler on the stack
il.append(methodGen.loadHandler());
1.59 +20 -1 xml-xalan/java/src/org/apache/xalan/xsltc/compiler/XSLTC.java
Index: XSLTC.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/compiler/XSLTC.java,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- XSLTC.java 24 Jan 2005 04:04:40 -0000 1.58
+++ XSLTC.java 8 Jun 2005 13:10:08 -0000 1.59
@@ -123,11 +123,30 @@
private boolean _templateInlining = false;
/**
+ * State of the secure processing feature.
+ */
+ private boolean _isSecureProcessing = false;
+
+ /**
* XSLTC compiler constructor
*/
public XSLTC() {
_parser = new Parser(this);
}
+
+ /**
+ * Set the state of the secure processing feature.
+ */
+ public void setSecureProcessing(boolean flag) {
+ _isSecureProcessing = flag;
+ }
+
+ /**
+ * Return the state of the secure processing feature.
+ */
+ public boolean isSecureProcessing() {
+ return _isSecureProcessing;
+ }
/**
* Only for user by the internal TrAX implementation.
1.82 +19 -1 xml-xalan/java/src/org/apache/xalan/xsltc/runtime/BasisLibrary.java
Index: BasisLibrary.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/runtime/BasisLibrary.java,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- BasisLibrary.java 23 Mar 2005 17:54:05 -0000 1.81
+++ BasisLibrary.java 8 Jun 2005 13:10:08 -0000 1.82
@@ -400,6 +400,22 @@
}
/**
+ * Utility function to throw a runtime error on the use of an extension
+ * function when the secure processing feature is set to true.
+ */
+ public static void unallowed_extension_functionF(String name) {
+ runTimeError(UNALLOWED_EXTENSION_FUNCTION_ERR, name);
+ }
+
+ /**
+ * Utility function to throw a runtime error on the use of an extension
+ * element when the secure processing feature is set to true.
+ */
+ public static void unallowed_extension_elementF(String name) {
+ runTimeError(UNALLOWED_EXTENSION_ELEMENT_ERR, name);
+ }
+
+ /**
* Utility function to throw a runtime error for an unsupported element.
*
* This is only used in forward-compatibility mode, when the control flow
@@ -1441,6 +1457,8 @@
"UNKNOWN_TRANSLET_VERSION_ERR";
public static final String INVALID_QNAME_ERR = "INVALID_QNAME_ERR";
public static final String INVALID_NCNAME_ERR = "INVALID_NCNAME_ERR";
+ public static final String UNALLOWED_EXTENSION_FUNCTION_ERR = "UNALLOWED_EXTENSION_FUNCTION_ERR";
+ public static final String UNALLOWED_EXTENSION_ELEMENT_ERR = "UNALLOWED_EXTENSION_ELEMENT_ERR";
// All error messages are localized and are stored in resource bundles.
private static ResourceBundle m_bundle;
1.12 +7 -1 xml-xalan/java/src/org/apache/xalan/xsltc/runtime/ErrorMessages.java
Index: ErrorMessages.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/runtime/ErrorMessages.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ErrorMessages.java 15 Dec 2004 17:35:45 -0000 1.11
+++ ErrorMessages.java 8 Jun 2005 13:10:08 -0000 1.12
@@ -271,6 +271,12 @@
*/
{BasisLibrary.INVALID_NCNAME_ERR,
"An attribute whose value must be an NCName had the value ''{0}''"},
+
+ {BasisLibrary.UNALLOWED_EXTENSION_FUNCTION_ERR,
+ "Use of the extension function ''{0}'' is not allowed when the secure processing feature is set to true."},
+
+ {BasisLibrary.UNALLOWED_EXTENSION_ELEMENT_ERR,
+ "Use of the extension element ''{0}'' is not allowed when the secure processing feature is set to true."},
};
}
1.26 +7 -2 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesHandlerImpl.java
Index: TemplatesHandlerImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesHandlerImpl.java,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- TemplatesHandlerImpl.java 16 Feb 2004 22:57:21 -0000 1.25
+++ TemplatesHandlerImpl.java 8 Jun 2005 13:10:08 -0000 1.26
@@ -19,6 +19,7 @@
package org.apache.xalan.xsltc.trax;
+import javax.xml.XMLConstants;
import javax.xml.transform.Source;
import javax.xml.transform.Templates;
import javax.xml.transform.TransformerException;
@@ -90,7 +91,11 @@
_tfactory = tfactory;
// Instantiate XSLTC and get reference to parser object
- _parser = new XSLTC().getParser();
+ XSLTC xsltc = new XSLTC();
+ if (tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING))
+ xsltc.setSecureProcessing(true);
+
+ _parser = xsltc.getParser();
}
/**
1.36 +6 -1 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesImpl.java
Index: TemplatesImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TemplatesImpl.java,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- TemplatesImpl.java 17 Aug 2004 18:48:36 -0000 1.35
+++ TemplatesImpl.java 8 Jun 2005 13:10:08 -0000 1.36
@@ -27,6 +27,7 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import javax.xml.XMLConstants;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
@@ -369,6 +370,10 @@
if (_uriResolver != null) {
transformer.setURIResolver(_uriResolver);
}
+
+ if (_tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
+ transformer.setSecureProcessing(true);
+ }
return transformer;
}
1.9 +10 -1 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TrAXFilter.java
Index: TrAXFilter.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TrAXFilter.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- TrAXFilter.java 16 Feb 2004 22:57:21 -0000 1.8
+++ TrAXFilter.java 8 Jun 2005 13:10:08 -0000 1.9
@@ -22,6 +22,7 @@
import java.io.IOException;
+import javax.xml.XMLConstants;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
@@ -68,6 +69,14 @@
try {
SAXParserFactory pfactory = SAXParserFactory.newInstance();
pfactory.setNamespaceAware(true);
+
+ if (_transformer.isSecureProcessing()) {
+ try {
+ pfactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ }
+ catch (SAXException e) {}
+ }
+
SAXParser saxparser = pfactory.newSAXParser();
parent = saxparser.getXMLReader();
}
1.79 +20 -12 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java
Index: TransformerFactoryImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerFactoryImpl.java,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- TransformerFactoryImpl.java 3 Jun 2005 15:52:46 -0000 1.78
+++ TransformerFactoryImpl.java 8 Jun 2005 13:10:08 -0000 1.79
@@ -79,11 +79,6 @@
public class TransformerFactoryImpl
extends SAXTransformerFactory implements SourceLoader, ErrorListener
{
- /**
- * <p>Name of class as a constant to use for debugging.</p>
- */
- private static final String CLASS_NAME = "TransformerFactoryImpl";
-
// Public constants for attributes supported by the XSLTC TransformerFactory.
public final static String TRANSLET_NAME = "translet-name";
public final static String DESTINATION_DIRECTORY = "destination-directory";
@@ -203,10 +198,10 @@
*/
private Class m_DTMManagerClass;
- /**
- * <p>State of secure processing feature.</p>
- */
- private boolean featureSecureProcessing = false;
+ /**
+ * <p>State of secure processing feature.</p>
+ */
+ private boolean _isSecureProcessing = false;
/**
* javax.xml.transform.sax.TransformerFactory implementation.
@@ -404,7 +399,7 @@
}
// secure processing?
else if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
- featureSecureProcessing = value;
+ _isSecureProcessing = value;
// all done processing feature
return;
}
@@ -451,7 +446,7 @@
}
// secure processing?
if (name.equals(XMLConstants.FEATURE_SECURE_PROCESSING)) {
- return featureSecureProcessing;
+ return _isSecureProcessing;
}
// Feature not supported
@@ -531,6 +526,14 @@
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(true);
+
+ if (_isSecureProcessing) {
+ try {
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ }
+ catch (org.xml.sax.SAXException e) {}
+ }
+
SAXParser jaxpParser = factory.newSAXParser();
reader = jaxpParser.getXMLReader();
@@ -587,6 +590,10 @@
if (_uriResolver != null) {
result.setURIResolver(_uriResolver);
}
+
+ if (_isSecureProcessing) {
+ result.setSecureProcessing(true);
+ }
return result;
}
@@ -730,6 +737,7 @@
final XSLTC xsltc = new XSLTC();
if (_debug) xsltc.setDebug(true);
if (_enableInlining) xsltc.setTemplateInlining(true);
+ if (_isSecureProcessing) xsltc.setSecureProcessing(true);
xsltc.init();
// Set a document loader (for xsl:include/import) if defined
1.86 +20 -1 xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerImpl.java
Index: TransformerImpl.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/TransformerImpl.java,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- TransformerImpl.java 20 May 2005 15:30:23 -0000 1.85
+++ TransformerImpl.java 8 Jun 2005 13:10:08 -0000 1.86
@@ -180,6 +180,11 @@
private boolean _isIdentity = false;
/**
+ * State of the secure processing feature.
+ */
+ private boolean _isSecureProcessing = false;
+
+ /**
* A hashtable to store parameters for the identity transform. These
* are not needed during the transformation, but we must keep track of
* them to be fully complaint with the JAXP API.
@@ -234,6 +239,20 @@
}
/**
+ * Return the state of the secure processing feature.
+ */
+ public boolean isSecureProcessing() {
+ return _isSecureProcessing;
+ }
+
+ /**
+ * Set the state of the secure processing feature.
+ */
+ public void setSecureProcessing(boolean flag) {
+ _isSecureProcessing = flag;
+ }
+
+ /**
* Returns the translet wrapped inside this Transformer or
* null if this is the identity transform.
*/
1.12 +11 -1 xml-xalan/java/src/org/apache/xalan/xsltc/trax/Util.java
Index: Util.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/xsltc/trax/Util.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- Util.java 8 Apr 2005 11:40:59 -0000 1.11
+++ Util.java 8 Jun 2005 13:10:08 -0000 1.12
@@ -22,6 +22,7 @@
import java.io.InputStream;
import java.io.Reader;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@ -102,6 +103,15 @@
SAXParserFactory parserFactory =
SAXParserFactory.newInstance();
parserFactory.setNamespaceAware(true);
+
+ if (xsltc.isSecureProcessing()) {
+ try {
+ parserFactory.setFeature(
+ XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ }
+ catch (org.xml.sax.SAXException se) {}
+ }
+
reader = parserFactory.newSAXParser()
.getXMLReader();
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-cvs-help@xml.apache.org