src/main/java/jp/sfjp/mikutoga/xml/NoopEntityResolver.java

   1 /*
   2  * No-operation Entity Resolver for XML.
   3  *
   4  * License : The MIT License
   5  * Copyright(c) 2019 olyutorskii
   6  */
   7
   8 package jp.sfjp.mikutoga.xml;
   9
  10 import java.io.Reader;
  11 import java.io.StringReader;
  12 import org.xml.sax.EntityResolver;
  13 import org.xml.sax.InputSource;
  14
  15 /**
  16  * No-operation Entity Resolver implementation for preventing XXE.
  17  *
  18  * @see <a href="https://en.wikipedia.org/wiki/XML_external_entity_attack">
  19  *     XML external entity attack (Wikipedia)
  20  *     </a>
  21  */
  22 public final class NoopEntityResolver implements EntityResolver{
  23
  24     /** Singleton resolver. */
  25     public static final EntityResolver NOOP_RESOLVER =
  26             new NoopEntityResolver();
  27
  28
  29     /**
  30      * Constructor.
  31      */
  32     private NoopEntityResolver(){
  33         super();
  34         return;
  35     }
  36
  37
  38     /**
  39      * {@inheritDoc}
  40      *
  41      * <p>Prevent any external entity reference XXE.
  42      *
  43      * @param publicId {@inheritDoc}
  44      * @param systemId {@inheritDoc}
  45      * @return empty input source
  46      */
  47     @Override
  48     public InputSource resolveEntity(String publicId, String systemId){
  49         Reader emptyReader = new StringReader("");
  50         InputSource source = new InputSource(emptyReader);
  51
  52         source.setPublicId(publicId);
  53         source.setSystemId(systemId);
  54
  55         return source;
  56     }
  57
  58 }