X.XXX.X ()
- * JRE version-checking modified.
+ * Prevent XXE vulnerabilities with XML-schema(XSD).
+ * Upgrade ToaGem to 3.122.2
1.202.2 (2019-06-06)
・必須環境をJavaSE8に引き上げ。
<dependency>
<groupId>jp.sourceforge.mikutoga</groupId>
<artifactId>togagem</artifactId>
- <version>3.121.2</version>
+ <version>3.122.2</version>
<scope>compile</scope>
</dependency>
import jp.sfjp.mikutoga.corelib.I18nText;
import jp.sfjp.mikutoga.pmd.model.PmdModel;
import jp.sfjp.mikutoga.xml.BasicXmlExporter;
-import jp.sfjp.mikutoga.xml.XmlResourceResolver;
+import jp.sfjp.mikutoga.xml.SchemaUtil;
/**
* PMDモーションデータをXMLへエクスポートする。
}
ind().putAttr("xmlns", namespace).ln();
- ind().putAttr("xmlns:" + XSINS, XmlResourceResolver.NS_XSD).ln();
+ ind().putAttr("xmlns:" + XSINS, SchemaUtil.NS_XSD).ln();
ind().putRawText(XSINS).putRawText(":schemaLocation=")
.putRawCh('"');
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 101009形式XML各種リソースの定義。
*/
-public final class Schema101009 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema101009 SINGLETON;
+public final class Schema101009{
/** 名前空間。 */
public static final String NS_PMDXML =
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-101009.xsd";
- private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- private static final URI RES_SCHEMA_PMDXML;
+ public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ public static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema101009.class;
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema101009();
}
* コンストラクタ。
*/
private Schema101009(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * @return {@inheritDoc}
- * ※101009版。
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※101009版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 130128形式XML各種リソースの定義。
*/
-public final class Schema130128 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema130128 SINGLETON;
+public final class Schema130128{
/** 名前空間。 */
public static final String NS_PMDXML =
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-130128.xsd";
- private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- private static final URI RES_SCHEMA_PMDXML;
+ public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ public static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema130128.class;
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema130128();
}
* コンストラクタ。
*/
private Schema130128(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
import jp.sfjp.mikutoga.pmd.model.xml.Schema101009;
import jp.sfjp.mikutoga.pmd.model.xml.Schema130128;
import jp.sfjp.mikutoga.xml.BotherHandler;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
+import jp.sfjp.mikutoga.xml.NoopEntityResolver;
import jp.sfjp.mikutoga.xml.SchemaUtil;
-import jp.sfjp.mikutoga.xml.XmlResourceResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
SAXParser parser;
try{
parser = factory.newSAXParser();
- }catch(ParserConfigurationException e){
- assert false;
- throw new AssertionError(e);
- }catch(SAXException e){
+ }catch(ParserConfigurationException | SAXException e){
assert false;
throw new AssertionError(e);
}
* @param xmlInType 入力XML種別
* @return スキーマ
*/
- private static Schema builsSchema(XmlResourceResolver resolver,
- ModelFileType xmlInType ){
- LocalXmlResource[] schemaArray;
+ private static Schema buildSchema(ModelFileType xmlInType ){
+ URI[] schemaUris;
switch(xmlInType){
case XML_101009:
- schemaArray = new LocalXmlResource[]{
- Schema101009.SINGLETON,
+ schemaUris = new URI[]{
+ Schema101009.RES_SCHEMA_PMDXML,
};
break;
case XML_130128:
- schemaArray = new LocalXmlResource[]{
- Schema130128.SINGLETON,
+ schemaUris = new URI[]{
+ Schema130128.RES_SCHEMA_PMDXML,
};
break;
case XML_AUTO:
- schemaArray = new LocalXmlResource[]{
- Schema101009.SINGLETON,
- Schema130128.SINGLETON,
+ schemaUris = new URI[]{
+ Schema101009.RES_SCHEMA_PMDXML,
+ Schema130128.RES_SCHEMA_PMDXML,
};
break;
default:
throw new IllegalStateException();
}
- Schema schema = SchemaUtil.newSchema(resolver, schemaArray);
+ Schema schema;
+ try{
+ schema = SchemaUtil.newSchema(schemaUris);
+ }catch(IOException | SAXException e){
+ assert false;
+ throw new AssertionError(e);
+ }
return schema;
}
* @return XMLリーダ
*/
static XMLReader buildReader(ModelFileType xmlInType){
- XmlResourceResolver resolver = new XmlResourceResolver();
-
- Schema schema = builsSchema(resolver, xmlInType);
+ Schema schema = buildSchema(xmlInType);
SAXParser parser = buildParser(schema);
throw new AssertionError(e);
}
- reader.setEntityResolver(resolver);
+ reader.setEntityResolver(NoopEntityResolver.NOOP_RESOLVER);
reader.setErrorHandler(BotherHandler.HANDLER);
return reader;
OSDN Git Service
