X-Git-Url: http://git.osdn.net/view?p=mikutoga%2FTogaGem.git;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fjp%2Fsfjp%2Fmikutoga%2Fxml%2FNoopEntityResolver.java;fp=src%2Fmain%2Fjava%2Fjp%2Fsfjp%2Fmikutoga%2Fxml%2FNoopEntityResolver.java;h=7048e0e6b75e9b3cd76c0d9ebd83db7161e465b0;hp=0000000000000000000000000000000000000000;hb=60ffbb04ecde2d7bef2ca508f3a6951f198821bf;hpb=c3c1b3569393e6133cb30491740b70f2ad727e6e
diff --git a/src/main/java/jp/sfjp/mikutoga/xml/NoopEntityResolver.java b/src/main/java/jp/sfjp/mikutoga/xml/NoopEntityResolver.java
new file mode 100644
index 0000000..7048e0e
--- /dev/null
+++ b/src/main/java/jp/sfjp/mikutoga/xml/NoopEntityResolver.java
@@ -0,0 +1,58 @@
+/*
+ * No-operation Entity Resolver for XML.
+ *
+ * License : The MIT License
+ * Copyright(c) 2019 olyutorskii
+ */
+
+package jp.sfjp.mikutoga.xml;
+
+import java.io.Reader;
+import java.io.StringReader;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+
+/**
+ * No-operation Entity Resolver implementation for preventing XXE.
+ *
+ * @see
+ * XML external entity attack (Wikipedia)
+ *
+ */
+public final class NoopEntityResolver implements EntityResolver{
+
+ /** Singleton resolver. */
+ public static final EntityResolver NOOP_RESOLVER =
+ new NoopEntityResolver();
+
+
+ /**
+ * Constructor.
+ */
+ private NoopEntityResolver(){
+ super();
+ return;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ *
+ * Prevent any external entity reference XXE.
+ *
+ * @param publicId {@inheritDoc}
+ * @param systemId {@inheritDoc}
+ * @return empty input source
+ */
+ @Override
+ public InputSource resolveEntity(String publicId, String systemId){
+ Reader emptyReader = new StringReader("");
+ InputSource source = new InputSource(emptyReader);
+
+ source.setPublicId(publicId);
+ source.setSystemId(systemId);
+
+ return source;
+ }
+
+}