Skip to content

Commit

Permalink
Merge #5343 from 4.0 into 4.1
Browse files Browse the repository at this point in the history
  • Loading branch information
BalusC committed Oct 28, 2023
2 parents 8bf0260 + 3456fc8 commit 242879a
Show file tree
Hide file tree
Showing 5 changed files with 50 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import static com.sun.faces.RIConstants.DOCUMENT_NAMESPACE;
import static com.sun.faces.RIConstants.DOCUMENT_VERSION;
import static com.sun.faces.util.Util.createLocalDocumentBuilderFactory;
import static com.sun.faces.util.Util.isEmpty;
import static java.util.Arrays.asList;
import static java.util.logging.Level.INFO;
Expand Down Expand Up @@ -231,7 +232,7 @@ public static DocumentInfo[] sortDocuments(DocumentInfo[] facesDocuments, FacesC
}

private static DOMImplementation createDOMImplementation() throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilderFactory documentBuilderFactory = createLocalDocumentBuilderFactory();
documentBuilderFactory.setNamespaceAware(true);

return documentBuilderFactory.newDocumentBuilder().getDOMImplementation();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package com.sun.faces.config.processor;

import static com.sun.faces.util.Util.createLocalDocumentBuilderFactory;
import static com.sun.faces.util.Util.notNull;

import java.net.MalformedURLException;
Expand Down Expand Up @@ -127,7 +128,7 @@ public static Document synthesizeEmptyFlowDefinition(URI uri) throws ParserConfi
}
String flowName = segments[segments.length - 2];

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilderFactory dbf = createLocalDocumentBuilderFactory();
dbf.setNamespaceAware(true);
DocumentBuilder builder = dbf.newDocumentBuilder();
DOMImplementation domImpl = builder.getDOMImplementation();
Expand Down
39 changes: 38 additions & 1 deletion impl/src/main/java/com/sun/faces/util/Util.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import static com.sun.faces.RIConstants.FACES_SERVLET_MAPPINGS;
import static com.sun.faces.RIConstants.FACES_SERVLET_REGISTRATION;
import static com.sun.faces.RIConstants.NO_VALUE;
import static com.sun.faces.util.MessageUtils.ILLEGAL_ATTEMPT_SETTING_APPLICATION_ARTIFACT_ID;
import static com.sun.faces.util.MessageUtils.NAMED_OBJECT_NOT_FOUND_ERROR_MESSAGE_ID;
import static com.sun.faces.util.MessageUtils.NULL_PARAMETERS_ERROR_MESSAGE_ID;
Expand Down Expand Up @@ -63,6 +64,7 @@

import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.xml.XMLConstants;
import javax.xml.namespace.NamespaceContext;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
Expand Down Expand Up @@ -270,12 +272,35 @@ public static boolean isUnitTestModeEnabled() {
return unitTestModeEnabled;
}

public static interface ThrowingBiConsumer<T, U> {
void accept(T t, U u) throws Exception;
}

private static <F> void setFeature(ThrowingBiConsumer<F, Boolean> setter, F feature, Boolean flag) {
try {
setter.accept(feature, flag);
} catch (Exception e) {
throw new IllegalArgumentException("The feature '" + feature + "' is not supported by your XML processor.", e);
}
}

private static <F> void setPossiblyUnsupportedFeature(ThrowingBiConsumer<F, Boolean> setter, F feature, Boolean flag) {
try {
setFeature(setter, feature, flag);
} catch (IllegalArgumentException e) {
LOGGER.log(Level.FINE, e.getMessage(), e);
}
}

public static TransformerFactory createTransformerFactory() {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
TransformerFactory factory;
try {
Thread.currentThread().setContextClassLoader(Util.class.getClassLoader());
factory = TransformerFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, NO_VALUE);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, NO_VALUE);
setFeature(factory::setFeature, XMLConstants.FEATURE_SECURE_PROCESSING, true);
} finally {
Thread.currentThread().setContextClassLoader(cl);
}
Expand All @@ -299,13 +324,25 @@ public static DocumentBuilderFactory createDocumentBuilderFactory() {
DocumentBuilderFactory factory;
try {
Thread.currentThread().setContextClassLoader(Util.class.getClassLoader());
factory = DocumentBuilderFactory.newInstance();
factory = createLocalDocumentBuilderFactory();
} finally {
Thread.currentThread().setContextClassLoader(cl);
}
return factory;
}

public static DocumentBuilderFactory createLocalDocumentBuilderFactory() {
DocumentBuilderFactory factory;
factory = DocumentBuilderFactory.newInstance();
factory.setXIncludeAware(false);
factory.setExpandEntityReferences(false);
setFeature(factory::setFeature, XMLConstants.FEATURE_SECURE_PROCESSING, true);
setPossiblyUnsupportedFeature(factory::setFeature, "http://xml.org/sax/features/external-general-entities", false);
setPossiblyUnsupportedFeature(factory::setFeature, "http://xml.org/sax/features/external-parameter-entities", false);
setPossiblyUnsupportedFeature(factory::setFeature, "http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
return factory;
}

public static SchemaFactory createSchemaFactory(String uri) {
ClassLoader cl = Thread.currentThread().getContextClassLoader();
SchemaFactory factory;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package com.sun.faces.config.processor;

import static com.sun.faces.util.Util.createLocalDocumentBuilderFactory;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;

Expand Down Expand Up @@ -79,7 +80,7 @@ public void testJakartaEENSWithParameter() throws ParserConfigurationException,

private Document createFacesConfig(String flowName, String namespace, String version)
throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilderFactory documentBuilderFactory = createLocalDocumentBuilderFactory();
documentBuilderFactory.setNamespaceAware(true);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
Document docFlowConfig = documentBuilder.newDocument();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

package jakarta.faces;

import static com.sun.faces.util.Util.createLocalDocumentBuilderFactory;

import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
Expand All @@ -25,17 +27,16 @@
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;

import org.w3c.dom.Document;
import org.w3c.dom.Element;

import com.sun.faces.config.manager.documents.DocumentInfo;
import com.sun.faces.config.manager.documents.DocumentOrderingWrapper;

import jakarta.faces.context.FacesContext;
import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;

public class FacesConfigOrderingTestCase extends TestCase {

Expand Down Expand Up @@ -391,7 +392,7 @@ private void populateIds(String elementName, List<String> ids, String ns,

private Document newDocument() throws ParserConfigurationException {

DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilderFactory factory = createLocalDocumentBuilderFactory();
factory.setValidating(false);
factory.setNamespaceAware(true);
return factory.newDocumentBuilder().newDocument();
Expand Down

0 comments on commit 242879a

Please sign in to comment.