下面列出了javax.xml.parsers.SAXParserFactory#setXIncludeAware ( ) 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
@SuppressWarnings("rawtypes")
public void load(String file_input) throws Exception {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setXIncludeAware(true);
factory.setNamespaceAware(false);
factory.setValidating(false);
SAXParser parser = factory.newSAXParser();
SAXReader reader = new SAXReader(parser.getXMLReader());
Document document = reader.read(file_input);
info = new Info();
info.load(document.selectSingleNode("//unittype/info"));
Enums enums = new Enums();
enums.load(document.selectSingleNode("//unittype/parameters/enums"));
parameters = new Parameters();
List parameters_nodes = document.selectNodes("//unittype/parameters");
for (Object parameters_node : parameters_nodes) {
Node parameter_node = (Node) parameters_node;
parameters.load(parameter_node, enums);
}
}
/**
* Test xi:include with a SAXParserFactory.
*
* @throws Exception If any errors occur.
*/
@Test(groups = {"readWriteLocalFiles"})
public void testXIncludeSAXPos() throws Exception {
String resultFile = USER_DIR + "doc_xinclude.out";
String goldFile = GOLDEN_DIR + "doc_xincludeGold.xml";
String xmlFile = XML_DIR + "doc_xinclude.xml";
try(FileOutputStream fos = new FileOutputStream(resultFile)) {
XInclHandler xh = new XInclHandler(fos, null);
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
spf.setXIncludeAware(true);
spf.setFeature(FEATURE_NAME, true);
spf.newSAXParser().parse(new File(xmlFile), xh);
}
assertTrue(compareDocumentWithGold(goldFile, resultFile));
}
/**
* Test the XPointer framework with a SAX object.
*
* @throws Exception If any errors occur.
*/
@Test(groups = {"readWriteLocalFiles"})
public void testXPointerPos() throws Exception {
String resultFile = USER_DIR + "doc_xpointer.out";
String goldFile = GOLDEN_DIR + "doc_xpointerGold.xml";
String xmlFile = XML_DIR + "doc_xpointer.xml";
try (FileOutputStream fos = new FileOutputStream(resultFile)) {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
spf.setXIncludeAware(true);
spf.setFeature(FEATURE_NAME, true);
// parse the file
spf.newSAXParser().parse(new File(xmlFile), new XInclHandler(fos, null));
}
assertTrue(compareDocumentWithGold(goldFile, resultFile));
}
private SAXParser createSAXParser()
throws ParserConfigurationException, SAXException {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setValidating(false);
factory.setXIncludeAware(false);
factory.setFeature(
"http://xml.org/sax/features/external-general-entities", false);
factory.setFeature(
"http://xml.org/sax/features/external-parameter-entities",false);
factory.setFeature(
"http://apache.org/xml/features/nonvalidating/load-external-dtd",
false);
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
SAXParser parser = factory.newSAXParser();
XMLReader xmlReader = parser.getXMLReader();
xmlReader.setEntityResolver(NOOP_RESOLVER);
return parser;
}
/**
* Creates a SAXParser that is configured to resolve XInclude references but
* not perform schema validation.
*
* @param doBaseURIFixup
* A boolean value that specifies whether or not to add xml:base
* attributes when resolving xi:include elements; adding these
* attributes may render an instance document schema-invalid.
* @return An XInclude-aware SAXParser instance.
*
* @see <a href="http://www.w3.org/TR/xinclude/">XML Inclusions (XInclude)
* Version 1.0, Second Edition</a>
*/
public static SAXParser createXIncludeAwareSAXParser(boolean doBaseURIFixup) {
SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setNamespaceAware(true);
factory.setXIncludeAware(true);
SAXParser parser = null;
try {
factory.setFeature(Constants.XERCES_FEATURE_PREFIX
+ Constants.XINCLUDE_FIXUP_BASE_URIS_FEATURE,
doBaseURIFixup);
parser = factory.newSAXParser();
} catch (Exception x) {
throw new RuntimeException(x);
}
return parser;
}
/**
* Returns an instance of SAXParser with a catalog if one is provided.
*
* @param setUseCatalog a flag indicates whether USE_CATALOG shall be set
* through the factory
* @param useCatalog the value of USE_CATALOG
* @param catalog a catalog
* @return an instance of SAXParser
* @throws ParserConfigurationException
* @throws SAXException
*/
SAXParser getSAXParser(boolean setUseCatalog, boolean useCatalog, String catalog)
throws ParserConfigurationException, SAXException {
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setNamespaceAware(true);
spf.setXIncludeAware(true);
if (setUseCatalog) {
spf.setFeature(XMLConstants.USE_CATALOG, useCatalog);
}
SAXParser parser = spf.newSAXParser();
parser.setProperty(CatalogFeatures.Feature.FILES.getPropertyName(), catalog);
return parser;
}
/**
* @param template the content or url of the xsl template
* @param data the content or url of the xml data file
* @throws TransformerException
*/
public static String renderTemplate(String template, String data)
throws TransformerException {
String result = null;
TransformerFactory tfactory = TransformerFactory.newInstance();
if (tfactory.getFeature(SAXSource.FEATURE)) {
// setup for xml data file preprocessing to be able to xinclude
SAXParserFactory pfactory= SAXParserFactory.newInstance();
pfactory.setNamespaceAware(true);
pfactory.setValidating(false);
pfactory.setXIncludeAware(true);
XMLReader reader = null;
try {
reader = pfactory.newSAXParser().getXMLReader();
} catch (Exception e) {
throw new TransformerException("Error creating SAX parser/reader", e);
}
// do the actual preprocessing
SAXSource source = new SAXSource(reader, new InputSource(data));
// compile the xsl template
Transformer transformer = tfactory.newTransformer(new StreamSource(template));
// and apply the xsl template to the source document and save in a result string
StringWriter sw = new StringWriter();
StreamResult sr = new StreamResult(sw);
transformer.transform(source, sr);
result = sw.toString();
} else {
Debug.logError("tfactory does not support SAX features!", module);
}
return result;
}
private Source asSaxSource( InputSource isource )
throws SAXException, ParserConfigurationException
{
SAXParserFactory spf = SAXParserFactory.newInstance();
spf.setValidating( validating );
spf.setNamespaceAware( true );
spf.setXIncludeAware( xincludeAware );
XMLReader xmlReader = spf.newSAXParser().getXMLReader();
xmlReader.setEntityResolver( this );
return new SAXSource( xmlReader, isource );
}
/**
* Hardens the provided factory to protect against an XML External Entity (XXE) attack.
*
* @param factory - The factory to be modified.
* @throws SAXNotRecognizedException
* @throws SAXNotSupportedException
* @throws ParserConfigurationException
*/
public static void harden(final SAXParserFactory factory)
throws SAXNotRecognizedException, SAXNotSupportedException, ParserConfigurationException {
// From: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
// To protect a Java SAXParserFactory from XXE, do this:
// This is the PRIMARY defense. If DTDs (doctypes) are disallowed, almost all XML entity attacks are prevented
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
// If you can't completely disable DTDs, then at least do the following:
// Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-general-entities
// Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-general-entities
// JDK7+ - http://xml.org/sax/features/external-general-entities
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
// Xerces 1 - http://xerces.apache.org/xerces-j/features.html#external-parameter-entities
// Xerces 2 - http://xerces.apache.org/xerces2-j/features.html#external-parameter-entities
// JDK7+ - http://xml.org/sax/features/external-parameter-entities
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
// Disable external DTDs as well
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
// and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" (see reference
// below)
factory.setXIncludeAware(false);
}
private static XMLReader createSaxReader(Schema schema) {
final SAXParserFactory parserFactory = SAXParserFactory.newInstance();
parserFactory.setSchema(schema);
parserFactory.setNamespaceAware(true);
parserFactory.setXIncludeAware(true);
try {
return parserFactory.newSAXParser().getXMLReader();
} catch (ParserConfigurationException | SAXException e) {
throw new MetafactureException(e);
}
}