Package com.prowidesoftware.swift.utils

Class SafeXmlUtils

  • public class SafeXmlUtils
extends java.lang.Object
    Reusable safe XML document builder to prevent XXE https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html
    Since:
    8.0.5

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.xml.parsers.DocumentBuilder documentBuilder()
      Safe DOM parsing, with default parameters
      static javax.xml.parsers.DocumentBuilder documentBuilder​(boolean namespaceAware)
      Safe DOM parsing
      static javax.xml.stream.XMLInputFactory inputFactory()
      Safe StAX parser
      static org.xml.sax.XMLReader reader()
      Safe SAX parser, with default parameters
      static org.xml.sax.XMLReader reader​(boolean namespaceAware, javax.xml.validation.Schema schema)
      Safe SAX parser
      static javax.xml.validation.SchemaFactory schemaFactory()
      Safe schema factory
      static javax.xml.transform.Transformer transformer()
      Safe transformer
      static javax.xml.validation.Validator validator​(javax.xml.validation.Schema schema)
      Safe schema validator

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • documentBuilder

        public static javax.xml.parsers.DocumentBuilder documentBuilder()
        Safe DOM parsing, with default parameters
        Throws:
        ProwideException - if the parser cannot be configured
        See Also:
        documentBuilder(boolean)

      • documentBuilder

        public static javax.xml.parsers.DocumentBuilder documentBuilder​(boolean namespaceAware)
        Safe DOM parsing
        Parameters:
        namespaceAware - factory awareness
        Throws:
        ProwideException - if the parser cannot be configured

      • reader

        public static org.xml.sax.XMLReader reader​(boolean namespaceAware,
                                           javax.xml.validation.Schema schema)
                                    throws ProwideException
        Safe SAX parser
        Parameters:
        namespaceAware - SAX factory awareness
        schema - optional schema if the reader will be used for validaiton, null to ignore
        Throws:
        ProwideException - if the parser cannot be configured

      • inputFactory

        public static javax.xml.stream.XMLInputFactory inputFactory()
        Safe StAX parser
        Throws:
        ProwideException - if the parser cannot be configured

      • transformer

        public static javax.xml.transform.Transformer transformer()
        Safe transformer

      • schemaFactory

        public static javax.xml.validation.SchemaFactory schemaFactory()
        Safe schema factory

      • validator

        public static javax.xml.validation.Validator validator​(javax.xml.validation.Schema schema)
        Safe schema validator