Package org.opencastproject.util

Class XmlSafeParser

java.lang.Object

org.opencastproject.util.XmlSafeParser

public final class XmlSafeParser
extends Object

Preconfigured XML parsers, which are safeguarded against XXE and billion laugh attacks.

Method Summary

Modifier and Type	Method	Description
static TransformerFactory	configureTransformerFactory(TransformerFactory f)	Configures a TransformerFactory, to guard it against XXE and billion laugh attacks.
static DocumentBuilderFactory	newDocumentBuilderFactory()	Creates a preconfigured DocumentBuilderFactory, which is guarded against XXE and billion laugh attacks.
static SAXParserFactory	newSAXParserFactory()	Creates a preconfigured SAXParserFactory, which is guarded against XXE and billion laugh attacks.
static TransformerFactory	newTransformerFactory()	Creates a preconfigured default TransformerFactory, which is guarded against XXE and billion laugh attacks.
static Document	parse(InputStream in)	Parse a XML Document with a parser, which is guarded against XXE and billion laugh attacks.
static Document	parse(InputSource s)	Parse a XML Document with a parser, which is guarded against XXE and billion laugh attacks.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

newDocumentBuilderFactory

public static DocumentBuilderFactory newDocumentBuilderFactory()

Creates a preconfigured DocumentBuilderFactory, which is guarded against XXE and billion laugh attacks.

Returns:

the preconfigured DocumentBuilderFactory

newSAXParserFactory

public static SAXParserFactory newSAXParserFactory()

Creates a preconfigured SAXParserFactory, which is guarded against XXE and billion laugh attacks.

Returns:

the preconfigured SAXParserFactory

newTransformerFactory

public static TransformerFactory newTransformerFactory()

Creates a preconfigured default TransformerFactory, which is guarded against XXE and billion laugh attacks.

Returns:

the preconfigured TransformerFactory

configureTransformerFactory

public static TransformerFactory configureTransformerFactory(TransformerFactory f)

Configures a TransformerFactory, to guard it against XXE and billion laugh attacks. Supports the default Transformer and the Saxon Transformer. The returned TransformerFactory is the same as the passed TranformerFactory.

Parameters:

f - the TransformerFactory to configure

Returns:

the configured Factory

parse

public static Document parse(InputStream in)
                      throws IOException,
SAXException

Parse a XML Document with a parser, which is guarded against XXE and billion laugh attacks. The parsing is namespace aware. Designed for checking documents for XXE and billion laugh attacks before further parsing the returned document with the Unmarshaller, which can't be safely configured.

Parameters:

in - the document to parse

Returns:

the parsed document

Throws:

IOException

SAXException

parse

public static Document parse(InputSource s)
                      throws IOException,
SAXException

Parse a XML Document with a parser, which is guarded against XXE and billion laugh attacks. The parsing is namespace aware. Designed for checking documents for XXE and billion laugh attacks before further parsing the returned document with the Unmarshaller, which can't be safely configured.

Parameters:

s - the document to parse

Returns:

the parsed document

Throws:

IOException

SAXException