X.XXX.X ()
- * JRE version-checking modified.
+ * Prevent XXE vulnerabilities with XML-schema(XSD).
+ * Upgrade ToaGem to 3.122.2
1.202.2 (2019-06-06)
・必須環境をJavaSE8に引き上げ。
<!--
Checkstyle suppressions
- for Checkstyle 8.20 or later
+ for Checkstyle 8.22 or later
[ https://checkstyle.org/ ]
<suppress files="" checks="ImportControl" />
<!-- Javadoc Comments -->
- <suppress files="" checks="JavadocParagraph" />
- <suppress files="" checks="JavadocTagContinuationIndentation" />
<suppress files="" checks="SummaryJavadocCheck" />
<!-- Miscellaneous -->
<suppress files="" checks="FinalParameters" />
+ <suppress files="" checks="OrderedProperties" />
<suppress files="" checks="TrailingComment" />
<!-- Modifier -->
- <suppress files="" checks="InterfaceMemberImpliedModifier" />
+ <suppress files="" checks="RedundantModifier" />
<!-- Whitespace -->
+ <suppress files="" checks="ParenPad" />
<suppress files="" checks="SingleSpaceSeparator" />
</suppressions>
<!--
Checkstyle modules
- for Checkstyle 8.21 or later
+ for Checkstyle 8.22 or later
[ https://checkstyle.org/ ]
<property name="fileExtensions" value="xml" />
</module>
<module name="RegexpHeader">
+ <!-- /* ... */ -->
<property name="header" value="^/\*$\n^ \*( .*)?$\n^ \*/$\n" />
<property name="multiLines" value="2" />
<property name="fileExtensions" value="java" />
<module name="NewlineAtEndOfFile">
<property name="fileExtensions" value="java, properties, xml, xsd, md, txt" />
</module>
+ <module name="OrderedProperties" />
<module name="Translation" />
<module name="UniqueProperties" />
<module name="RequireThis">
<property name="checkMethods" value="false" />
</module>
- <module name="ReturnCount" />
+ <module name="ReturnCount">
+ <property name="max" value="5" />
+ <property name="maxForVoid" value="5" />
+ </module>
<module name="SimplifyBooleanExpression" />
<module name="SimplifyBooleanReturn" />
<module name="StringLiteralEquality" />
<module name="SuperClone" />
<module name="SuperFinalize" />
<module name="UnnecessaryParentheses" />
+ <module name="UnnecessarySemicolonInEnumeration" />
+ <module name="UnnecessarySemicolonInTryWithResources" />
<module name="VariableDeclarationUsageDistance">
<property name="allowedDistance" value="5"/>
</module>
<property name="scope" value="protected" />
</module>
<module name="MissingJavadocMethod" />
+ <module name="MissingJavadocPackage" />
<module name="MissingJavadocType" />
<module name="NonEmptyAtclauseDescription" />
<module name="SingleLineJavadoc" />
<module name="GenericWhitespace" />
<module name="MethodParamPad" />
<module name="NoLineWrap" />
- <module name="NoWhitespaceAfter" />
- <module name="NoWhitespaceBefore" />
- <module name="OperatorWrap" />
- <module name="ParenPad">
- <property name="option" value="nospace" />
+ <module name="NoWhitespaceAfter">
<property
name="tokens"
- value="CTOR_CALL, METHOD_CALL, SUPER_CTOR_CALL"
+ value="AT, INC, DEC, UNARY_MINUS, UNARY_PLUS, DOT"
/>
</module>
+ <module name="NoWhitespaceBefore">
+ <property name="allowLineBreaks" value="true" />
+ </module>
+ <module name="OperatorWrap" />
+ <module name="ParenPad" />
<module name="SeparatorWrap">
<property name="tokens" value="DOT"/>
<property name="option" value="nl"/>
</module>
- </module>
+</module>
<!-- EOF -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <locale>en</locale>
- <site.locales>${locale}</site.locales>
- <javadoc.locale>${locale}</javadoc.locale>
- <spotbugs.jvmArgs>-Duser.language=${locale}</spotbugs.jvmArgs>
-
- <!-- Walk around: JDK 11 javadoc + Maven -->
- <detectJavaApiLink>false</detectJavaApiLink>
+ <!-- DO NOT USE ${locale} with site-plugin -->
+ <site.locales>en</site.locales>
+ <javadoc.locale>en</javadoc.locale>
+ <spotbugs.jvmArgs>-Duser.language=en</spotbugs.jvmArgs>
<surefire-plugin.version>3.0.0-M3</surefire-plugin.version>
<jacoco-plugin.version>0.8.4</jacoco-plugin.version>
<checkstyle-plugin.version>3.1.0</checkstyle-plugin.version>
- <checkstyleruntime.version>8.21</checkstyleruntime.version>
- <checkstyle.config.location>${project.basedir}/config/checkstyle/checkstyle.xml</checkstyle.config.location>
- <checkstyle.suppressions.location>${project.basedir}/config/checkstyle/checkstyle-suppressions.xml</checkstyle.suppressions.location>
+ <checkstyleruntime.version>8.22</checkstyleruntime.version>
+ <checkstyle.config.location>config/checkstyle/checkstyle.xml</checkstyle.config.location>
+ <checkstyle.suppressions.location>config/checkstyle/checkstyle-suppressions.xml</checkstyle.suppressions.location>
<checkstyle.enable.rss>false</checkstyle.enable.rss>
<pmd-plugin.version>3.12.0</pmd-plugin.version>
- <spotbugs-plugin.version>3.1.11</spotbugs-plugin.version>
+ <spotbugs-plugin.version>3.1.12</spotbugs-plugin.version>
<spotbugs.effort>Max</spotbugs.effort>
<spotbugs.threshold>Low</spotbugs.threshold>
<!-- for Jenkins -->
<dependency>
<groupId>jp.sourceforge.mikutoga</groupId>
<artifactId>togagem</artifactId>
- <version>3.121.2</version>
+ <version>3.122.2</version>
<scope>compile</scope>
</dependency>
<execution>
<phase>package</phase>
<goals>
- <goal>shade</goal>
+ <goal>shade</goal>
</goals>
<configuration>
<createDependencyReducedPom>false</createDependencyReducedPom>
<id>attach-sources</id>
<phase>verify</phase>
<goals>
- <goal>jar-no-fork</goal>
+ <goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.1.0</version>
<configuration>
+ <locale>${javadoc.locale}</locale>
+ <source>${maven.compiler.source}</source>
<author>false</author>
<notimestamp>true</notimestamp>
<quiet>true</quiet>
<show>protected</show>
<header>${project.name} ${project.version} API</header>
<version>true</version>
- <locale>${javadoc.locale}</locale>
<!-- for JDK11 javadoc -->
<additionalJOption>-J-Duser.language=${javadoc.locale}</additionalJOption>
</configuration>
<version>${pmd-plugin.version}</version>
<configuration>
<rulesets>
- <ruleset>${project.basedir}/config/pmd/pmdrules.xml</ruleset>
+ <ruleset>config/pmd/pmdrules.xml</ruleset>
</rulesets>
</configuration>
<reportSets>
import jp.sfjp.mikutoga.corelib.I18nText;
import jp.sfjp.mikutoga.pmd.model.PmdModel;
import jp.sfjp.mikutoga.xml.BasicXmlExporter;
-import jp.sfjp.mikutoga.xml.XmlResourceResolver;
+import jp.sfjp.mikutoga.xml.SchemaUtil;
/**
* PMDモーションデータをXMLへエクスポートする。
}
ind().putAttr("xmlns", namespace).ln();
- ind().putAttr("xmlns:" + XSINS, XmlResourceResolver.NS_XSD).ln();
+ ind().putAttr("xmlns:" + XSINS, SchemaUtil.NS_XSD).ln();
ind().putRawText(XSINS).putRawText(":schemaLocation=")
.putRawCh('"');
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 101009形式XML各種リソースの定義。
*/
-public final class Schema101009 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema101009 SINGLETON;
+public final class Schema101009{
/** 名前空間。 */
public static final String NS_PMDXML =
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-101009.xsd";
- private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- private static final URI RES_SCHEMA_PMDXML;
+ public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ public static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema101009.class;
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema101009();
}
* コンストラクタ。
*/
private Schema101009(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * @return {@inheritDoc}
- * ※101009版。
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※101009版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
import java.net.URI;
import java.net.URISyntaxException;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
/**
* 130128形式XML各種リソースの定義。
*/
-public final class Schema130128 implements LocalXmlResource{
-
- /** 唯一のシングルトン。 */
- public static final Schema130128 SINGLETON;
+public final class Schema130128{
/** 名前空間。 */
public static final String NS_PMDXML =
public static final String LOCAL_SCHEMA_PMDXML =
"resources/pmdxml-130128.xsd";
- private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
- private static final URI RES_SCHEMA_PMDXML;
+ public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML);
+ public static final URI RES_SCHEMA_PMDXML;
private static final Class<?> THISCLASS = Schema130128.class;
}catch(URISyntaxException e){
throw new ExceptionInInitializerError(e);
}
-
- SINGLETON = new Schema130128();
}
* コンストラクタ。
*/
private Schema130128(){
- super();
- assert this.getClass() == THISCLASS;
- return;
- }
-
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getOriginalResource(){
- return URI_SCHEMA_PMDXML;
- }
-
- /**
- * {@inheritDoc}
- * ※130128版。
- * @return {@inheritDoc}
- */
- @Override
- public URI getLocalResource(){
- return RES_SCHEMA_PMDXML;
+ assert false;
}
}
import jp.sfjp.mikutoga.pmd.model.xml.Schema101009;
import jp.sfjp.mikutoga.pmd.model.xml.Schema130128;
import jp.sfjp.mikutoga.xml.BotherHandler;
-import jp.sfjp.mikutoga.xml.LocalXmlResource;
+import jp.sfjp.mikutoga.xml.NoopEntityResolver;
import jp.sfjp.mikutoga.xml.SchemaUtil;
-import jp.sfjp.mikutoga.xml.XmlResourceResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.XMLReader;
SAXParser parser;
try{
parser = factory.newSAXParser();
- }catch(ParserConfigurationException e){
- assert false;
- throw new AssertionError(e);
- }catch(SAXException e){
+ }catch(ParserConfigurationException | SAXException e){
assert false;
throw new AssertionError(e);
}
* @param xmlInType 入力XML種別
* @return スキーマ
*/
- private static Schema builsSchema(XmlResourceResolver resolver,
- ModelFileType xmlInType ){
- LocalXmlResource[] schemaArray;
+ private static Schema buildSchema(ModelFileType xmlInType ){
+ URI[] schemaUris;
switch(xmlInType){
case XML_101009:
- schemaArray = new LocalXmlResource[]{
- Schema101009.SINGLETON,
+ schemaUris = new URI[]{
+ Schema101009.RES_SCHEMA_PMDXML,
};
break;
case XML_130128:
- schemaArray = new LocalXmlResource[]{
- Schema130128.SINGLETON,
+ schemaUris = new URI[]{
+ Schema130128.RES_SCHEMA_PMDXML,
};
break;
case XML_AUTO:
- schemaArray = new LocalXmlResource[]{
- Schema101009.SINGLETON,
- Schema130128.SINGLETON,
+ schemaUris = new URI[]{
+ Schema101009.RES_SCHEMA_PMDXML,
+ Schema130128.RES_SCHEMA_PMDXML,
};
break;
default:
throw new IllegalStateException();
}
- Schema schema = SchemaUtil.newSchema(resolver, schemaArray);
+ Schema schema;
+ try{
+ schema = SchemaUtil.newSchema(schemaUris);
+ }catch(IOException | SAXException e){
+ assert false;
+ throw new AssertionError(e);
+ }
return schema;
}
* @return XMLリーダ
*/
static XMLReader buildReader(ModelFileType xmlInType){
- XmlResourceResolver resolver = new XmlResourceResolver();
-
- Schema schema = builsSchema(resolver, xmlInType);
+ Schema schema = buildSchema(xmlInType);
SAXParser parser = buildParser(schema);
throw new AssertionError(e);
}
- reader.setEntityResolver(resolver);
+ reader.setEntityResolver(NoopEntityResolver.NOOP_RESOLVER);
reader.setErrorHandler(BotherHandler.HANDLER);
return reader;