Changeset 8287 in josm for trunk/src/org/openstreetmap/josm/tools/Utils.java

Timestamp:

2015-04-28T01:11:18+02:00 (9 years ago)

Author:

Don-vip

Message:

fix findsecbugs:XXE_SAXPARSER - "Security - XML Parsing Vulnerable to XXE (SAXParser)"

File:

• trunk/src/org/openstreetmap/josm/tools/Utils.java (modified) (2 diffs)

trunk/src/org/openstreetmap/josm/tools/Utils.java

@@ -50 +50 @@
 import java.util.zip.ZipInputStream;
 
+import javax.xml.XMLConstants;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParser;
+import javax.xml.parsers.SAXParserFactory;
+
 import org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream;
 import org.openstreetmap.josm.Main;
 import org.openstreetmap.josm.data.Version;
+import org.xml.sax.SAXException;
 
 /**
@@ -1164 +1170 @@
         return null;
     }
+
+    /**
+     * Returns a new secure SAX parser, supporting XML namespaces.
+     * @return a new secure SAX parser, supporting XML namespaces
+     * @throws ParserConfigurationException if a parser cannot be created which satisfies the requested configuration.
+     * @throws SAXException for SAX errors.
+     * @since 8287
+     */
+    public static SAXParser newSafeSAXParser() throws ParserConfigurationException, SAXException {
+        SAXParserFactory parserFactory = SAXParserFactory.newInstance();
+        parserFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        parserFactory.setNamespaceAware(true);
+        return parserFactory.newSAXParser();
+    }
 }