xmlReader = saxSource.getXMLReader(); inputSource = saxSource.getInputSource();
XMLReader reader = source.getXMLReader(); if (reader == null) { SAXParserFactory spFactory = SAXParserFactory.newInstance();
? ((SAXSource) inputSource).getXMLReader() : null;
private Object unmarshal( SAXSource source ) throws JAXBException { XMLReader r = source.getXMLReader(); if( r == null ) r = getXMLReader(); return unmarshal( r, source.getInputSource() ); }
? ((SAXSource) inputSource).getXMLReader() : null;
if (saxSource.getXMLReader() == null) { try { saxSource.setXMLReader(createXmlReader()); return unmarshalSaxReader(saxSource.getXMLReader(), saxSource.getInputSource());
? ((SAXSource) inputSource).getXMLReader() : null;
? ((SAXSource) inputSource).getXMLReader() : null;
@Test // SPR-10806 public void unmarshalSaxSourceWithXmlOptions() throws Exception { final javax.xml.bind.Unmarshaller unmarshaller = mock(javax.xml.bind.Unmarshaller.class); Jaxb2Marshaller marshaller = new Jaxb2Marshaller() { @Override protected javax.xml.bind.Unmarshaller createUnmarshaller() { return unmarshaller; } }; // 1. external-general-entities and dtd support disabled (default) marshaller.unmarshal(new SAXSource(new InputSource("1"))); ArgumentCaptor<SAXSource> sourceCaptor = ArgumentCaptor.forClass(SAXSource.class); verify(unmarshaller).unmarshal(sourceCaptor.capture()); SAXSource result = sourceCaptor.getValue(); assertEquals(true, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(false, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); // 2. external-general-entities and dtd support enabled reset(unmarshaller); marshaller.setProcessExternalEntities(true); marshaller.setSupportDtd(true); marshaller.unmarshal(new SAXSource(new InputSource("1"))); verify(unmarshaller).unmarshal(sourceCaptor.capture()); result = sourceCaptor.getValue(); assertEquals(false, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(true, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); }
@Test public void readSAXSourceExternal() throws Exception { MockHttpInputMessage inputMessage = new MockHttpInputMessage(bodyExternal.getBytes("UTF-8")); inputMessage.getHeaders().setContentType(new MediaType("application", "xml")); converter.setSupportDtd(true); SAXSource result = (SAXSource) converter.read(SAXSource.class, inputMessage); InputSource inputSource = result.getInputSource(); XMLReader reader = result.getXMLReader(); reader.setContentHandler(new DefaultHandler() { @Override public void characters(char[] ch, int start, int length) { String s = new String(ch, start, length); assertNotEquals("Invalid result", "Foo Bar", s); } }); reader.parse(inputSource); }
@Test // SPR-10806 public void unmarshalStreamSourceWithXmlOptions() throws Exception { final javax.xml.bind.Unmarshaller unmarshaller = mock(javax.xml.bind.Unmarshaller.class); Jaxb2Marshaller marshaller = new Jaxb2Marshaller() { @Override protected javax.xml.bind.Unmarshaller createUnmarshaller() { return unmarshaller; } }; // 1. external-general-entities and dtd support disabled (default) marshaller.unmarshal(new StreamSource("1")); ArgumentCaptor<SAXSource> sourceCaptor = ArgumentCaptor.forClass(SAXSource.class); verify(unmarshaller).unmarshal(sourceCaptor.capture()); SAXSource result = sourceCaptor.getValue(); assertEquals(true, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(false, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); // 2. external-general-entities and dtd support enabled reset(unmarshaller); marshaller.setProcessExternalEntities(true); marshaller.setSupportDtd(true); marshaller.unmarshal(new StreamSource("1")); verify(unmarshaller).unmarshal(sourceCaptor.capture()); result = sourceCaptor.getValue(); assertEquals(false, result.getXMLReader().getFeature("http://apache.org/xml/features/disallow-doctype-decl")); assertEquals(true, result.getXMLReader().getFeature("http://xml.org/sax/features/external-general-entities")); }
public Object unmarshal0( Source source, JaxBeanInfo expectedType ) throws JAXBException { if (source instanceof SAXSource) { SAXSource ss = (SAXSource) source; XMLReader locReader = ss.getXMLReader(); if (locReader == null) { locReader = getXMLReader(); } return unmarshal0(locReader, ss.getInputSource(), expectedType); } if (source instanceof StreamSource) { return unmarshal0(getXMLReader(), streamSourceToInputSource((StreamSource) source), expectedType); } if (source instanceof DOMSource) { return unmarshal0(((DOMSource) source).getNode(), expectedType); } // we don't handle other types of Source throw new IllegalArgumentException(); }
@Override public <T> JAXBElement<T> unmarshal( Source source, Class<T> expectedType ) throws JAXBException { if (source instanceof SAXSource) { SAXSource ss = (SAXSource) source; XMLReader locReader = ss.getXMLReader(); if (locReader == null) { locReader = getXMLReader(); } return unmarshal(locReader, ss.getInputSource(), expectedType); } if (source instanceof StreamSource) { return unmarshal(getXMLReader(), streamSourceToInputSource((StreamSource) source), expectedType); } if (source instanceof DOMSource) { return unmarshal(((DOMSource) source).getNode(), expectedType); } // we don't handle other types of Source throw new IllegalArgumentException(); }
/** * This class wraps an ErrorListener into a MessageHandler in order to * capture messages reported via xsl:message. */ static class MessageHandler extends org.apache.xalan.xsltc.runtime.MessageHandler { private ErrorListener _errorListener; public MessageHandler(ErrorListener errorListener) { _errorListener = errorListener; } public void displayMessage(String msg) { if(_errorListener == null) { System.err.println(msg); } else { try { _errorListener.warning(new TransformerException(msg)); } catch (TransformerException e) { // ignored } } } }
@Test public void readSAXSourceWithXmlBomb() throws Exception { // https://en.wikipedia.org/wiki/Billion_laughs // https://msdn.microsoft.com/en-us/magazine/ee335713.aspx String content = "<?xml version=\"1.0\"?>\n" + "<!DOCTYPE lolz [\n" + " <!ENTITY lol \"lol\">\n" + " <!ELEMENT lolz (#PCDATA)>\n" + " <!ENTITY lol1 \"&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;\">\n" + " <!ENTITY lol2 \"&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;\">\n" + " <!ENTITY lol3 \"&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;\">\n" + " <!ENTITY lol4 \"&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;\">\n" + " <!ENTITY lol5 \"&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;\">\n" + " <!ENTITY lol6 \"&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;\">\n" + " <!ENTITY lol7 \"&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;\">\n" + " <!ENTITY lol8 \"&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;\">\n" + " <!ENTITY lol9 \"&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;\">\n" + "]>\n" + "<root>&lol9;</root>"; MockHttpInputMessage inputMessage = new MockHttpInputMessage(content.getBytes("UTF-8")); SAXSource result = (SAXSource) this.converter.read(SAXSource.class, inputMessage); this.thrown.expect(SAXException.class); this.thrown.expectMessage("DOCTYPE"); InputSource inputSource = result.getInputSource(); XMLReader reader = result.getXMLReader(); reader.parse(inputSource); }
reader = ((SAXSource) source).getXMLReader();
XMLReader reader = sax.getXMLReader(); final InputSource input = sax.getInputSource(); boolean userReader = true;
reader = ((SAXSource) source).getXMLReader();
XMLReader reader = sax.getXMLReader();
reader = saxSource.getXMLReader(); // may be null