From: Olyutorskii Date: Tue, 2 Jul 2019 12:07:22 +0000 (+0900) Subject: Upgrade ToaGem to 3.122.2 X-Git-Tag: release-1.203.2^2~6^2~1 X-Git-Url: http://git.osdn.net/view?p=mikutoga%2FPmd2XML.git;a=commitdiff_plain;h=97572b6c3488cf5148b070072e0397a8aec52dfb;ds=sidebyside Upgrade ToaGem to 3.122.2 --- diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 93fcf80..c09bcd0 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -5,7 +5,8 @@ Pmd2XML 変更履歴 X.XXX.X () - * JRE version-checking modified. + * Prevent XXE vulnerabilities with XML-schema(XSD). + * Upgrade ToaGem to 3.122.2 1.202.2 (2019-06-06) ・必須環境をJavaSE8に引き上げ。 diff --git a/pom.xml b/pom.xml index 2f602ba..082daf1 100644 --- a/pom.xml +++ b/pom.xml @@ -129,7 +129,7 @@ jp.sourceforge.mikutoga togagem - 3.121.2 + 3.122.2 compile diff --git a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java index 01f5a8a..74ac1d3 100644 --- a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java +++ b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/PmdXmlExporter.java @@ -11,7 +11,7 @@ import java.io.IOException; import jp.sfjp.mikutoga.corelib.I18nText; import jp.sfjp.mikutoga.pmd.model.PmdModel; import jp.sfjp.mikutoga.xml.BasicXmlExporter; -import jp.sfjp.mikutoga.xml.XmlResourceResolver; +import jp.sfjp.mikutoga.xml.SchemaUtil; /** * PMDモーションデータをXMLへエクスポートする。 @@ -225,7 +225,7 @@ public class PmdXmlExporter extends BasicXmlExporter{ } ind().putAttr("xmlns", namespace).ln(); - ind().putAttr("xmlns:" + XSINS, XmlResourceResolver.NS_XSD).ln(); + ind().putAttr("xmlns:" + XSINS, SchemaUtil.NS_XSD).ln(); ind().putRawText(XSINS).putRawText(":schemaLocation=") .putRawCh('"'); diff --git a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java index aabf53e..e1a8acf 100644 --- a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java +++ b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema101009.java @@ -9,15 +9,11 @@ package jp.sfjp.mikutoga.pmd.model.xml; import java.net.URI; import java.net.URISyntaxException; -import jp.sfjp.mikutoga.xml.LocalXmlResource; /** * 101009形式XML各種リソースの定義。 */ -public final class Schema101009 implements LocalXmlResource{ - - /** 唯一のシングルトン。 */ - public static final Schema101009 SINGLETON; +public final class Schema101009{ /** 名前空間。 */ public static final String NS_PMDXML = @@ -32,8 +28,8 @@ public final class Schema101009 implements LocalXmlResource{ public static final String LOCAL_SCHEMA_PMDXML = "resources/pmdxml-101009.xsd"; - private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML); - private static final URI RES_SCHEMA_PMDXML; + public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML); + public static final URI RES_SCHEMA_PMDXML; private static final Class THISCLASS = Schema101009.class; @@ -44,8 +40,6 @@ public final class Schema101009 implements LocalXmlResource{ }catch(URISyntaxException e){ throw new ExceptionInInitializerError(e); } - - SINGLETON = new Schema101009(); } @@ -53,30 +47,7 @@ public final class Schema101009 implements LocalXmlResource{ * コンストラクタ。 */ private Schema101009(){ - super(); - assert this.getClass() == THISCLASS; - return; - } - - - /** - * {@inheritDoc} - * @return {@inheritDoc} - * ※101009版。 - */ - @Override - public URI getOriginalResource(){ - return URI_SCHEMA_PMDXML; - } - - /** - * {@inheritDoc} - * ※101009版。 - * @return {@inheritDoc} - */ - @Override - public URI getLocalResource(){ - return RES_SCHEMA_PMDXML; + assert false; } } diff --git a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java index 546215f..caada11 100644 --- a/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java +++ b/src/main/java/jp/sfjp/mikutoga/pmd/model/xml/Schema130128.java @@ -9,15 +9,11 @@ package jp.sfjp.mikutoga.pmd.model.xml; import java.net.URI; import java.net.URISyntaxException; -import jp.sfjp.mikutoga.xml.LocalXmlResource; /** * 130128形式XML各種リソースの定義。 */ -public final class Schema130128 implements LocalXmlResource{ - - /** 唯一のシングルトン。 */ - public static final Schema130128 SINGLETON; +public final class Schema130128{ /** 名前空間。 */ public static final String NS_PMDXML = @@ -32,8 +28,8 @@ public final class Schema130128 implements LocalXmlResource{ public static final String LOCAL_SCHEMA_PMDXML = "resources/pmdxml-130128.xsd"; - private static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML); - private static final URI RES_SCHEMA_PMDXML; + public static final URI URI_SCHEMA_PMDXML = URI.create(SCHEMA_PMDXML); + public static final URI RES_SCHEMA_PMDXML; private static final Class THISCLASS = Schema130128.class; @@ -44,8 +40,6 @@ public final class Schema130128 implements LocalXmlResource{ }catch(URISyntaxException e){ throw new ExceptionInInitializerError(e); } - - SINGLETON = new Schema130128(); } @@ -53,30 +47,7 @@ public final class Schema130128 implements LocalXmlResource{ * コンストラクタ。 */ private Schema130128(){ - super(); - assert this.getClass() == THISCLASS; - return; - } - - - /** - * {@inheritDoc} - * ※130128版。 - * @return {@inheritDoc} - */ - @Override - public URI getOriginalResource(){ - return URI_SCHEMA_PMDXML; - } - - /** - * {@inheritDoc} - * ※130128版。 - * @return {@inheritDoc} - */ - @Override - public URI getLocalResource(){ - return RES_SCHEMA_PMDXML; + assert false; } } diff --git a/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java b/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java index f413cf1..e1a87b8 100644 --- a/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java +++ b/src/main/java/jp/sfjp/mikutoga/pmd2xml/XmlInputUtil.java @@ -21,9 +21,8 @@ import javax.xml.validation.Schema; import jp.sfjp.mikutoga.pmd.model.xml.Schema101009; import jp.sfjp.mikutoga.pmd.model.xml.Schema130128; import jp.sfjp.mikutoga.xml.BotherHandler; -import jp.sfjp.mikutoga.xml.LocalXmlResource; +import jp.sfjp.mikutoga.xml.NoopEntityResolver; import jp.sfjp.mikutoga.xml.SchemaUtil; -import jp.sfjp.mikutoga.xml.XmlResourceResolver; import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.XMLReader; @@ -130,10 +129,7 @@ final class XmlInputUtil { SAXParser parser; try{ parser = factory.newSAXParser(); - }catch(ParserConfigurationException e){ - assert false; - throw new AssertionError(e); - }catch(SAXException e){ + }catch(ParserConfigurationException | SAXException e){ assert false; throw new AssertionError(e); } @@ -149,31 +145,36 @@ final class XmlInputUtil { * @param xmlInType 入力XML種別 * @return スキーマ */ - private static Schema builsSchema(XmlResourceResolver resolver, - ModelFileType xmlInType ){ - LocalXmlResource[] schemaArray; + private static Schema buildSchema(ModelFileType xmlInType ){ + URI[] schemaUris; switch(xmlInType){ case XML_101009: - schemaArray = new LocalXmlResource[]{ - Schema101009.SINGLETON, + schemaUris = new URI[]{ + Schema101009.RES_SCHEMA_PMDXML, }; break; case XML_130128: - schemaArray = new LocalXmlResource[]{ - Schema130128.SINGLETON, + schemaUris = new URI[]{ + Schema130128.RES_SCHEMA_PMDXML, }; break; case XML_AUTO: - schemaArray = new LocalXmlResource[]{ - Schema101009.SINGLETON, - Schema130128.SINGLETON, + schemaUris = new URI[]{ + Schema101009.RES_SCHEMA_PMDXML, + Schema130128.RES_SCHEMA_PMDXML, }; break; default: throw new IllegalStateException(); } - Schema schema = SchemaUtil.newSchema(resolver, schemaArray); + Schema schema; + try{ + schema = SchemaUtil.newSchema(schemaUris); + }catch(IOException | SAXException e){ + assert false; + throw new AssertionError(e); + } return schema; } @@ -185,9 +186,7 @@ final class XmlInputUtil { * @return XMLリーダ */ static XMLReader buildReader(ModelFileType xmlInType){ - XmlResourceResolver resolver = new XmlResourceResolver(); - - Schema schema = builsSchema(resolver, xmlInType); + Schema schema = buildSchema(xmlInType); SAXParser parser = buildParser(schema); @@ -199,7 +198,7 @@ final class XmlInputUtil { throw new AssertionError(e); } - reader.setEntityResolver(resolver); + reader.setEntityResolver(NoopEntityResolver.NOOP_RESOLVER); reader.setErrorHandler(BotherHandler.HANDLER); return reader;