107 lines
4.3 KiB
Java
107 lines
4.3 KiB
Java
/* ====================================================================
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
==================================================================== */
|
|
|
|
package org.apache.poi.util;
|
|
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.io.StringReader;
|
|
import java.lang.reflect.Method;
|
|
|
|
import javax.xml.XMLConstants;
|
|
import javax.xml.parsers.DocumentBuilder;
|
|
import javax.xml.parsers.DocumentBuilderFactory;
|
|
import javax.xml.parsers.ParserConfigurationException;
|
|
|
|
import org.w3c.dom.Document;
|
|
import org.xml.sax.EntityResolver;
|
|
import org.xml.sax.InputSource;
|
|
import org.xml.sax.SAXException;
|
|
|
|
|
|
/**
|
|
* Provides handy methods for working with SAX parsers and readers
|
|
*/
|
|
public final class SAXHelper {
|
|
private static POILogger logger = POILogFactory.getLogger(SAXHelper.class);
|
|
|
|
private static final EntityResolver IGNORING_ENTITY_RESOLVER = new EntityResolver() {
|
|
@Override
|
|
public InputSource resolveEntity(String publicId, String systemId)
|
|
throws SAXException, IOException {
|
|
return new InputSource(new StringReader(""));
|
|
}
|
|
};
|
|
|
|
private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
|
|
static {
|
|
documentBuilderFactory.setNamespaceAware(true);
|
|
documentBuilderFactory.setValidating(false);
|
|
trySetSAXFeature(documentBuilderFactory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
|
trySetXercesSecurityManager(documentBuilderFactory);
|
|
}
|
|
|
|
/**
|
|
* Creates a new document builder, with sensible defaults
|
|
*/
|
|
public static synchronized DocumentBuilder getDocumentBuilder() {
|
|
try {
|
|
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
|
|
documentBuilder.setEntityResolver(IGNORING_ENTITY_RESOLVER);
|
|
return documentBuilder;
|
|
} catch (ParserConfigurationException e) {
|
|
throw new IllegalStateException("cannot create a DocumentBuilder", e);
|
|
}
|
|
}
|
|
|
|
private static void trySetSAXFeature(DocumentBuilderFactory documentBuilderFactory, String feature, boolean enabled) {
|
|
try {
|
|
documentBuilderFactory.setFeature(feature, enabled);
|
|
} catch (Exception e) {
|
|
logger.log(POILogger.INFO, "SAX Feature unsupported", feature, e);
|
|
}
|
|
}
|
|
private static void trySetXercesSecurityManager(DocumentBuilderFactory documentBuilderFactory) {
|
|
// Try built-in JVM one first, standalone if not
|
|
for (String securityManagerClassName : new String[] {
|
|
"com.sun.org.apache.xerces.internal.util.SecurityManager",
|
|
"org.apache.xerces.util.SecurityManager"
|
|
}) {
|
|
try {
|
|
Object mgr = Class.forName(securityManagerClassName).newInstance();
|
|
Method setLimit = mgr.getClass().getMethod("setEntityExpansionLimit", Integer.TYPE);
|
|
setLimit.invoke(mgr, 4096);
|
|
documentBuilderFactory.setAttribute("http://apache.org/xml/properties/security-manager", mgr);
|
|
// Stop once one can be setup without error
|
|
return;
|
|
} catch (Exception e) {
|
|
logger.log(POILogger.INFO, "SAX Security Manager could not be setup", e);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Parses the given stream via the default (sensible)
|
|
* SAX Reader
|
|
* @param inp Stream to read the XML data from
|
|
* @return the SAX processed Document
|
|
*/
|
|
public static Document readSAXDocument(InputStream inp) throws IOException, SAXException {
|
|
return getDocumentBuilder().parse(inp);
|
|
}
|
|
}
|