knox git commit: KNOX-1622 - Enable the secure processing feature on all XPathFactory instances

Fri, 23 Nov 2018 07:31:20 -0800 

Repository: knox
Updated Branches:
  refs/heads/master 7046c2273 -> 1c72a57e2


KNOX-1622 - Enable the secure processing feature on all XPathFactory instances


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/1c72a57e
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/1c72a57e
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/1c72a57e

Branch: refs/heads/master
Commit: 1c72a57e27d29fcd37607935fa34247cf0727bc6
Parents: 7046c22
Author: Colm O hEigeartaigh <cohei...@apache.org>
Authored: Fri Nov 23 15:30:23 2018 +0000
Committer: Colm O hEigeartaigh <cohei...@apache.org>
Committed: Fri Nov 23 15:30:23 2018 +0000

----------------------------------------------------------------------
 .../discovery/ambari/ServiceURLPropertyConfig.java    |  9 ++++++++-
 .../filter/rewrite/impl/xml/XmlFilterReader.java      | 14 +++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/1c72a57e/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java
----------------------------------------------------------------------
diff --git 
a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java
 
b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java
index ab9751e..4d8864f 100644
--- 
a/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java
+++ 
b/gateway-discovery-ambari/src/main/java/org/apache/knox/gateway/topology/discovery/ambari/ServiceURLPropertyConfig.java
@@ -23,6 +23,7 @@ import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
+import javax.xml.XMLConstants;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
@@ -52,7 +53,13 @@ class ServiceURLPropertyConfig {
     private static XPathExpression URL_PATTERN;
     private static XPathExpression PROPERTIES;
     static {
-        XPath xpath = XPathFactory.newInstance().newXPath();
+        XPathFactory xpathFactory = XPathFactory.newInstance();
+        try {
+            xpathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+        } catch (javax.xml.xpath.XPathFactoryConfigurationException ex) {
+            // ignore
+        }
+        XPath xpath = xpathFactory.newXPath();
         try {
             SERVICE_URL_PATTERN_MAPPINGS = 
xpath.compile("/service-discovery-url-mappings/service");
             URL_PATTERN                  = xpath.compile("url-pattern/text()");

http://git-wip-us.apache.org/repos/asf/knox/blob/1c72a57e/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
----------------------------------------------------------------------
diff --git 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
index 34255b0..6c907f8 100644
--- 
a/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
+++ 
b/gateway-provider-rewrite/src/main/java/org/apache/knox/gateway/filter/rewrite/impl/xml/XmlFilterReader.java
@@ -36,6 +36,7 @@ import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
 
+import javax.xml.XMLConstants;
 import javax.xml.namespace.QName;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.XMLEventReader;
@@ -614,7 +615,18 @@ public abstract class XmlFilterReader extends Reader {
   }
 
   private static class XmlPathCompiler implements 
UrlRewriteFilterPathDescriptor.Compiler<XPathExpression> {
-    private static XPath XPATH = XPathFactory.newInstance().newXPath();
+    private static XPath XPATH;
+
+    static {
+        XPathFactory xpathFactory = XPathFactory.newInstance();
+        try {
+            xpathFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+        } catch (javax.xml.xpath.XPathFactoryConfigurationException ex) {
+            // ignore
+        }
+        XPATH = xpathFactory.newXPath();
+    }
+
     @Override
     public XPathExpression compile( String expression, XPathExpression 
compiled ) {
       try {

Reply via email to