You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hop.apache.org by ha...@apache.org on 2022/03/30 06:42:57 UTC
[hop] branch master updated: HOP-3202 fixing sonar vulnerability issue
This is an automated email from the ASF dual-hosted git repository.
hansva pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hop.git
The following commit(s) were added to refs/heads/master by this push:
new de1c015 HOP-3202 fixing sonar vulnerability issue
new 7de10af Merge pull request #1431 from gvdutra/HOP-3202
de1c015 is described below
commit de1c01506ab207b40179b38ae100342be66218c2
Author: Gabriel Dutra <gv...@gmail.com>
AuthorDate: Thu Mar 24 21:34:29 2022 -0700
HOP-3202 fixing sonar vulnerability issue
---
.../hop/pipeline/transforms/xml/Dom4JUtil.java | 7 +---
.../transforms/xml/getxmldata/GetXmlData.java | 2 +-
.../getxmldata/LoopNodesImportProgressDialog.java | 2 +-
.../XmlInputFieldsImportProgressDialog.java | 48 +++++++++-------------
4 files changed, 24 insertions(+), 35 deletions(-)
diff --git a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/Dom4JUtil.java b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/Dom4JUtil.java
index cbf9e16..a89824e 100644
--- a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/Dom4JUtil.java
+++ b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/Dom4JUtil.java
@@ -19,7 +19,6 @@ package org.apache.hop.pipeline.transforms.xml;
import org.apache.hop.core.logging.HopLogStore;
import org.apache.hop.core.logging.ILogChannel;
import org.dom4j.io.SAXReader;
-import org.xml.sax.EntityResolver;
import org.xml.sax.SAXException;
import javax.xml.XMLConstants;
@@ -30,12 +29,10 @@ public class Dom4JUtil {
private Dom4JUtil() {
}
- public static SAXReader getSAXReader(final EntityResolver resolver) {
+ public static SAXReader getSAXReader() {
SAXReader reader = new SAXReader();
- if (resolver != null) {
- reader.setEntityResolver(resolver);
- }
try {
+ reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
diff --git a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/GetXmlData.java b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/GetXmlData.java
index d242871..7d60c1d 100644
--- a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/GetXmlData.java
+++ b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/GetXmlData.java
@@ -81,7 +81,7 @@ public class GetXmlData extends BaseTransform<GetXmlDataMeta, GetXmlDataData>
this.prevRow = buildEmptyRow(); // pre-allocate previous row
try {
- SAXReader reader = Dom4JUtil.getSAXReader(null);
+ SAXReader reader = Dom4JUtil.getSAXReader();
data.stopPruning = false;
// Validate XML against specified schema?
if (meta.isValidating()) {
diff --git a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/LoopNodesImportProgressDialog.java b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/LoopNodesImportProgressDialog.java
index 2f431d7..fce42e0 100644
--- a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/LoopNodesImportProgressDialog.java
+++ b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/LoopNodesImportProgressDialog.java
@@ -135,7 +135,7 @@ public class LoopNodesImportProgressDialog {
PKG, "GetXMLDateLoopNodesImportProgressDialog.Task.ScanningFile", filename),
1);
- SAXReader reader = Dom4JUtil.getSAXReader(null);
+ SAXReader reader = Dom4JUtil.getSAXReader();
monitor.worked(1);
if (monitor.isCanceled()) {
return null;
diff --git a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/XmlInputFieldsImportProgressDialog.java b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/XmlInputFieldsImportProgressDialog.java
index d9afe5a..361e0f4 100644
--- a/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/XmlInputFieldsImportProgressDialog.java
+++ b/plugins/transforms/xml/src/main/java/org/apache/hop/pipeline/transforms/xml/getxmldata/XmlInputFieldsImportProgressDialog.java
@@ -50,12 +50,12 @@ import java.util.List;
public class XmlInputFieldsImportProgressDialog {
private static final Class<?> PKG = GetXmlDataMeta.class; // For Translator
- private static String VALUE_NAME = "Name";
- private static String VALUE_PATH = "Path";
- private static String VALUE_ELEMENT = "Element";
- private static String VALUE_RESULT = "result";
- private static String VALUE_TYPE = "Type";
- private static String VALUE_FORMAT = "Format";
+ private static final String VALUE_NAME = "Name";
+ private static final String VALUE_PATH = "Path";
+ private static final String VALUE_ELEMENT = "Element";
+ private static final String VALUE_RESULT = "result";
+ private static final String VALUE_TYPE = "Type";
+ private static final String VALUE_FORMAT = "Format";
private Shell shell;
@@ -127,15 +127,7 @@ public class XmlInputFieldsImportProgressDialog {
try {
ProgressMonitorDialog pmd = new ProgressMonitorDialog(shell);
pmd.run(true, op);
- } catch (InvocationTargetException e) {
- new ErrorDialog(
- shell,
- BaseMessages.getString(
- PKG, "GetXMLDateLoopNodesImportProgressDialog.ErrorScanningFile.Title"),
- BaseMessages.getString(
- PKG, "GetXMLDateLoopNodesImportProgressDialog.ErrorScanningFile.Message"),
- e);
- } catch (InterruptedException e) {
+ } catch (InvocationTargetException | InterruptedException e) {
new ErrorDialog(
shell,
BaseMessages.getString(
@@ -155,7 +147,7 @@ public class XmlInputFieldsImportProgressDialog {
PKG, "GetXMLDateLoopNodesImportProgressDialog.Task.ScanningFile", filename),
1);
- SAXReader reader = Dom4JUtil.getSAXReader(null);
+ SAXReader reader = Dom4JUtil.getSAXReader();
monitor.worked(1);
if (monitor.isCanceled()) {
return null;
@@ -254,8 +246,8 @@ public class XmlInputFieldsImportProgressDialog {
Element e = (Element) node;
// get all attributes
List<Attribute> lista = e.attributes();
- for (int i = 0; i < lista.size(); i++) {
- setAttributeField(lista.get(i), monitor);
+ for (Attribute attribute : lista) {
+ setAttributeField(attribute, monitor);
}
// Get Node Name
@@ -284,13 +276,13 @@ public class XmlInputFieldsImportProgressDialog {
// Try to get the Type
- if (IsDate(valueNode)) {
+ if (isDate(valueNode)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Date");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, "yyyy/MM/dd");
- } else if (IsInteger(valueNode)) {
+ } else if (isInteger(valueNode)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Integer");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, null);
- } else if (IsNumber(valueNode)) {
+ } else if (isNumber(valueNode)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Number");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, null);
} else {
@@ -328,13 +320,13 @@ public class XmlInputFieldsImportProgressDialog {
// Try to get the Type
- if (IsDate(valueAttr)) {
+ if (isDate(valueAttr)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Date");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, "yyyy/MM/dd");
- } else if (IsInteger(valueAttr)) {
+ } else if (isInteger(valueAttr)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Integer");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, null);
- } else if (IsNumber(valueAttr)) {
+ } else if (isNumber(valueAttr)) {
row.addValue(VALUE_TYPE, IValueMeta.TYPE_STRING, "Number");
row.addValue(VALUE_FORMAT, IValueMeta.TYPE_STRING, null);
} else {
@@ -355,7 +347,7 @@ public class XmlInputFieldsImportProgressDialog {
return retval;
}
- private boolean IsDate(String str) {
+ private boolean isDate(String str) {
// TODO: What about other dates? Maybe something for a CRQ
try {
SimpleDateFormat fdate = new SimpleDateFormat("yyyy/MM/dd");
@@ -367,7 +359,7 @@ public class XmlInputFieldsImportProgressDialog {
return true;
}
- private boolean IsInteger(String str) {
+ private boolean isInteger(String str) {
try {
Integer.parseInt(str);
} catch (NumberFormatException e) {
@@ -376,7 +368,7 @@ public class XmlInputFieldsImportProgressDialog {
return true;
}
- private boolean IsNumber(String str) {
+ private boolean isNumber(String str) {
try {
Float.parseFloat(str);
} catch (Exception e) {
@@ -394,7 +386,7 @@ public class XmlInputFieldsImportProgressDialog {
if (!Utils.isEmpty(cnode.getName())) {
Element cce = (Element) cnode;
if (cce.nodeCount() > 1) {
- if (childNode(cnode, monitor) == false) {
+ if (!childNode(cnode, monitor)) {
// We do not have child nodes ...
setNodeField(cnode, monitor);
rc = true;