gnodet commented on code in PR #1205:
URL: https://github.com/apache/maven/pull/1205#discussion_r1308067100
##########
maven-model-builder/src/main/java/org/apache/maven/model/io/DefaultModelReader.java:
##########
@@ -104,16 +113,53 @@ private TransformerContext
getTransformerContext(Map<String, ?> options) {
private Model read(InputStream input, Path pomFile, Map<String, ?>
options) throws IOException {
try {
+ InputSource source = getSource(options);
+ boolean strict = isStrict(options);
XMLInputFactory factory = new com.ctc.wstx.stax.WstxInputFactory();
-
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, false);
- XMLStreamReader parser = factory.createXMLStreamReader(input);
+ XMLOutputFactory outputFactory = new
com.ctc.wstx.stax.WstxOutputFactory();
+
+ XMLStreamReader parser;
+ // We only support xml entities and xinclude when reading a file
in strict mode
+ if (pomFile != null && strict) {
+ XMLResolver resolver = (String publicID, String systemID,
String baseURI, String namespace) -> {
+ if (systemID == null) {
+ throw new XMLStreamException("systemID is null");
+ }
+ if (baseURI == null) {
+ throw new XMLStreamException("baseURI is null");
+ }
+ URI sysUri;
+ try {
+ sysUri = new URI(systemID);
+ } catch (URISyntaxException e) {
+ throw new XMLStreamException("Invalid syntax for
systemID uri: " + systemID, e);
+ }
+ if (sysUri.isAbsolute()) {
+ throw new XMLStreamException("systemID must be a
relative URL: " + systemID);
+ }
+ try {
+ URL url = URI.create(baseURI).resolve(sysUri).toURL();
+ return new StreamSource(url.openStream(),
url.toExternalForm());
+ } catch (IOException e) {
+ throw new XMLStreamException("Unable to create Source
for " + systemID, e);
+ }
+ };
Review Comment:
Fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
