Package com.prowidesoftware.swift.utils
Class SafeXmlUtils
- java.lang.Object
-
- com.prowidesoftware.swift.utils.SafeXmlUtils
-
public class SafeXmlUtils extends java.lang.Object
This class is uses in many places in the library to create XML parsers and transformers, to switch off certain features that may be vulnerable to XXE attacks.The features are implementation dependent, thus they might not be present in certain implementations of the XML apis. We have experience issues with many xerces and xalan versions. So when faced with an error because a feature is not present in your environment, the first choice should be to review the xml related dependencies, and to try to those that do not support the feature.
When the dependencies cannot be changed, you can ignore the error by adding a pw-swift-core.properties file in the application classpath with a safeXmlUtils.ignore=featureName,featureName,featureName property. This will prevent the indicated features to be applied.
- Since:
- 8.0.5
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static javax.xml.parsers.DocumentBuilder
documentBuilder()
Safe DOM parsing, with default parametersstatic javax.xml.parsers.DocumentBuilder
documentBuilder(boolean namespaceAware)
Safe DOM parsingstatic javax.xml.stream.XMLInputFactory
inputFactory()
Safe StAX parserstatic org.xml.sax.XMLReader
reader()
Safe SAX parser, with default parametersstatic org.xml.sax.XMLReader
reader(boolean namespaceAware, javax.xml.validation.Schema schema)
Safe SAX parserstatic javax.xml.validation.SchemaFactory
schemaFactory()
Safe schema factorystatic javax.xml.transform.Transformer
transformer()
Safe transformerstatic javax.xml.validation.Validator
validator(javax.xml.validation.Schema schema)
Safe schema validator
-
-
-
Method Detail
-
documentBuilder
public static javax.xml.parsers.DocumentBuilder documentBuilder()
Safe DOM parsing, with default parameters- Throws:
ProwideException
- if the parser cannot be configured- See Also:
documentBuilder(boolean)
-
documentBuilder
public static javax.xml.parsers.DocumentBuilder documentBuilder(boolean namespaceAware)
Safe DOM parsing- Parameters:
namespaceAware
- factory awareness- Throws:
ProwideException
- if the parser cannot be configured
-
reader
public static org.xml.sax.XMLReader reader() throws ProwideException
Safe SAX parser, with default parameters- Throws:
ProwideException
- if the parser cannot be configured- See Also:
reader(boolean, Schema)
-
reader
public static org.xml.sax.XMLReader reader(boolean namespaceAware, javax.xml.validation.Schema schema) throws ProwideException
Safe SAX parser- Parameters:
namespaceAware
- SAX factory awarenessschema
- optional schema if the reader will be used for validaiton, null to ignore- Throws:
ProwideException
- if the parser cannot be configured
-
inputFactory
public static javax.xml.stream.XMLInputFactory inputFactory()
Safe StAX parser- Throws:
ProwideException
- if the parser cannot be configured
-
transformer
public static javax.xml.transform.Transformer transformer()
Safe transformer
-
schemaFactory
public static javax.xml.validation.SchemaFactory schemaFactory()
Safe schema factory
-
validator
public static javax.xml.validation.Validator validator(javax.xml.validation.Schema schema)
Safe schema validator
-
-