OSDN Git Service
(root)
/
mikutoga
/
Pmd2XML.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
80e3438
)
Upgrade ToaGem to 3.122.2
author
Olyutorskii
<olyutorskii@users.osdn.me>
Tue, 2 Jul 2019 12:07:22 +0000
(21:07 +0900)
committer
Olyutorskii
<olyutorskii@users.osdn.me>
Tue, 2 Jul 2019 12:07:22 +0000
(21:07 +0900)
CHANGELOG.txt
patch
|
blob
|
history
pom.xml
patch
|
blob
|
history
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java
patch
|
blob
|
history
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java
patch
|
blob
|
history
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java
patch
|
blob
|
history
src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java
patch
|
blob
|
history
diff --git
a/CHANGELOG.txt
b/CHANGELOG.txt
index
93fcf80
..
c09bcd0
100644
(file)
--- a/
CHANGELOG.txt
+++ b/
CHANGELOG.txt
@@
-5,7
+5,8
@@
Pmd2XML 変更履歴
X.XXX.X ()
X.XXX.X ()
- * JRE version-checking modified.
+ * Prevent XXE vulnerabilities with XML-schema(XSD).
+ * Upgrade ToaGem to 3.122.2
1.202.2 (2019-06-06)
・必須環境をJavaSE8に引き上げ。
1.202.2 (2019-06-06)
・必須環境をJavaSE8に引き上げ。
diff --git
a/pom.xml
b/pom.xml
index
2f602ba
..
082daf1
100644
(file)
--- a/
pom.xml
+++ b/
pom.xml
@@
-129,7
+129,7
@@
<dependency>
<groupId>jp.sourceforge.mikutoga</groupId>
<artifactId>togagem</artifactId>
<dependency>
<groupId>jp.sourceforge.mikutoga</groupId>
<artifactId>togagem</artifactId>
- <version>3.12
1
.2</version>
+ <version>3.12
2
.2</version>
<scope>compile</scope>
</dependency>
<scope>compile</scope>
</dependency>
diff --git
a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java
b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java
index
01f5a8a
..
74ac1d3
100644
(file)
--- a/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java
+++ b/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java
@@
-11,7
+11,7
@@
import java.io.IOException;
import jp.sfjp.mikutoga.corelib.I18nText;
import jp.sfjp.mikutoga.pmd.model.PmdModel;
import jp.sfjp.mikutoga.xml.BasicXmlExporter;
import jp.sfjp.mikutoga.corelib.I18nText;
import jp.sfjp.mikutoga.pmd.model.PmdModel;
import jp.sfjp.mikutoga.xml.BasicXmlExporter;
-import jp.sfjp.mikutoga.xml.
XmlResourceResolver
;
+import jp.sfjp.mikutoga.xml.
SchemaUtil
;
/**
* PMDモーションデータをXMLへエクスポートする。
/**
* PMDモーションデータをXMLへエクスポートする。
@@
-225,7
+225,7
@@
public class PmdXmlExporter extends BasicXmlExporter{
}
ind().putAttr("xmlns", namespace).ln();
}
ind().putAttr("xmlns", namespace).ln();
- ind().putAttr("xmlns:" + XSINS,
XmlResourceResolver
.NS_XSD).ln();
+ ind().putAttr("xmlns:" + XSINS,
SchemaUtil
.NS_XSD).ln();
ind().putRawText(XSINS).putRawText(":schemaLocation=")
.putRawCh('"');
ind().putRawText(XSINS).putRawText(":schemaLocation=")
.putRawCh('"');
diff --git
a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java
b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java
index
aabf53e
..
e1a8acf
100644
(file)
--- a/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java
+++ b/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java
@@
-9,15
+9,11
@@
package jp.sfjp.mikutoga.pmd.model.xml;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 101009形式XML各種リソースの定義。
*/
/**
* 101009形式XML各種リソースの定義。
*/
-public final class Schema101009 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema101009 SINGLETON;
+public final class Schema101009{
/** 名前空間。 */
public static final String NS_PMDXML =
/** 名前空間。 */
public static final String NS_PMDXML =
@@
-32,8
+28,8
@@
public final class Schema101009 implements LocalXmlResource{
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-101009.xsd";
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-101009.xsd";
- p
rivate
static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- p
rivate
static final URI RES_SCHEMA_PMDXML;
+ p
ublic
static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ p
ublic
static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema101009.class;
private static final Class<?> THISCLASS = Schema101009.class;
@@
-44,8
+40,6
@@
public final class Schema101009 implements LocalXmlResource{
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema101009();
}
}
@@
-53,30
+47,7
@@
public final class Schema101009 implements LocalXmlResource{
* コンストラクタ。
*/
private Schema101009(){
* コンストラクタ。
*/
private Schema101009(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * @return {@inheritDoc}
- * ※101009版。
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※101009版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
}
}
diff --git
a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java
b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java
index
546215f
..
caada11
100644
(file)
--- a/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java
+++ b/
src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java
@@
-9,15
+9,11
@@
package jp.sfjp.mikutoga.pmd.model.xml;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 130128形式XML各種リソースの定義。
*/
/**
* 130128形式XML各種リソースの定義。
*/
-public final class Schema130128 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema130128 SINGLETON;
+public final class Schema130128{
/** 名前空間。 */
public static final String NS_PMDXML =
/** 名前空間。 */
public static final String NS_PMDXML =
@@
-32,8
+28,8
@@
public final class Schema130128 implements LocalXmlResource{
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-130128.xsd";
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-130128.xsd";
- p
rivate
static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- p
rivate
static final URI RES_SCHEMA_PMDXML;
+ p
ublic
static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ p
ublic
static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema130128.class;
private static final Class<?> THISCLASS = Schema130128.class;
@@
-44,8
+40,6
@@
public final class Schema130128 implements LocalXmlResource{
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema130128();
}
}
@@
-53,30
+47,7
@@
public final class Schema130128 implements LocalXmlResource{
* コンストラクタ。
*/
private Schema130128(){
* コンストラクタ。
*/
private Schema130128(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
}
}
diff --git
a/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java
b/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java
index
f413cf1
..
e1a87b8
100644
(file)
--- a/
src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java
+++ b/
src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java
@@
-21,9
+21,8
@@
import javax.xml.validation.Schema;
import jp.sfjp.mikutoga.pmd.model.xml.Schema101009;
import jp.sfjp.mikutoga.pmd.model.xml.Schema130128;
import jp.sfjp.mikutoga.xml.BotherHandler;
import jp.sfjp.mikutoga.pmd.model.xml.Schema101009;
import jp.sfjp.mikutoga.pmd.model.xml.Schema130128;
import jp.sfjp.mikutoga.xml.BotherHandler;
-import jp.sfjp.mikutoga.xml.
LocalXmlResource
;
+import jp.sfjp.mikutoga.xml.
NoopEntityResolver
;
import jp.sfjp.mikutoga.xml.SchemaUtil;
import jp.sfjp.mikutoga.xml.SchemaUtil;
-import jp.sfjp.mikutoga.xml.XmlResourceResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
@@
-130,10
+129,7
@@
final class XmlInputUtil {
SAXParser parser;
try{
parser = factory.newSAXParser();
SAXParser parser;
try{
parser = factory.newSAXParser();
- }catch(ParserConfigurationException e){
- assert false;
- throw new AssertionError(e);
- }catch(SAXException e){
+ }catch(ParserConfigurationException | SAXException e){
assert false;
throw new AssertionError(e);
}
assert false;
throw new AssertionError(e);
}
@@
-149,31
+145,36
@@
final class XmlInputUtil {
* @param xmlInType 入力XML種別
* @return スキーマ
*/
* @param xmlInType 入力XML種別
* @return スキーマ
*/
- private static Schema builsSchema(XmlResourceResolver resolver,
- ModelFileType xmlInType ){
- LocalXmlResource[] schemaArray;
+ private static Schema buildSchema(ModelFileType xmlInType ){
+ URI[] schemaUris;
switch(xmlInType){
case XML_101009:
switch(xmlInType){
case XML_101009:
- schema
Array = new LocalXmlResource
[]{
- Schema101009.
SINGLETON
,
+ schema
Uris = new URI
[]{
+ Schema101009.
RES_SCHEMA_PMDXML
,
};
break;
case XML_130128:
};
break;
case XML_130128:
- schema
Array = new LocalXmlResource
[]{
- Schema130128.
SINGLETON
,
+ schema
Uris = new URI
[]{
+ Schema130128.
RES_SCHEMA_PMDXML
,
};
break;
case XML_AUTO:
};
break;
case XML_AUTO:
- schema
Array = new LocalXmlResource
[]{
- Schema101009.
SINGLETON
,
- Schema130128.
SINGLETON
,
+ schema
Uris = new URI
[]{
+ Schema101009.
RES_SCHEMA_PMDXML
,
+ Schema130128.
RES_SCHEMA_PMDXML
,
};
break;
default:
throw new IllegalStateException();
}
};
break;
default:
throw new IllegalStateException();
}
- Schema schema = SchemaUtil.newSchema(resolver, schemaArray);
+ Schema schema;
+ try{
+ schema = SchemaUtil.newSchema(schemaUris);
+ }catch(IOException | SAXException e){
+ assert false;
+ throw new AssertionError(e);
+ }
return schema;
}
return schema;
}
@@
-185,9
+186,7
@@
final class XmlInputUtil {
* @return XMLリーダ
*/
static XMLReader buildReader(ModelFileType xmlInType){
* @return XMLリーダ
*/
static XMLReader buildReader(ModelFileType xmlInType){
- XmlResourceResolver resolver = new XmlResourceResolver();
-
- Schema schema = builsSchema(resolver, xmlInType);
+ Schema schema = buildSchema(xmlInType);
SAXParser parser = buildParser(schema);
SAXParser parser = buildParser(schema);
@@
-199,7
+198,7
@@
final class XmlInputUtil {
throw new AssertionError(e);
}
throw new AssertionError(e);
}
- reader.setEntityResolver(
resolver
);
+ reader.setEntityResolver(
NoopEntityResolver.NOOP_RESOLVER
);
reader.setErrorHandler(BotherHandler.HANDLER);
return reader;
reader.setErrorHandler(BotherHandler.HANDLER);
return reader;