OSDN Git Service

add implicit built-in xml schema.
authorOlyutorskii <olyutorskii@users.osdn.me>
Sun, 23 Jun 2019 15:17:16 +0000 (00:17 +0900)
committerOlyutorskii <olyutorskii@users.osdn.me>
Sun, 23 Jun 2019 15:17:16 +0000 (00:17 +0900)
CHANGELOG.txt
src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java

index 0850023..c5293d0 100644 (file)
@@ -5,6 +5,7 @@ TogaGem 変更履歴
 
 
 X.XXX.X (XXXX-XX-XX)
+    * Prevent XXE vulnerabilities.
     * Split entity resolver from resource resolver to prevent XXE vulnerability.
     * Make Schema-factory safe to prevent XXE vulnerability.
     * Move out xml-xsd info from resolver.
index c2de190..a8dbadf 100644 (file)
@@ -26,7 +26,7 @@ import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXNotSupportedException;
 
 /**
- * XMLスキーマの各種ビルダ。
+ * XML schema (XSD) utilities.
  */
 public final class SchemaUtil {
 
@@ -62,7 +62,7 @@ public final class SchemaUtil {
 
 
     /**
-     * 隠しコンストラクタ。
+     * Hidden constructor.
      */
     private SchemaUtil(){
         assert false;
@@ -184,10 +184,14 @@ public final class SchemaUtil {
      * @param resArray ローカルスキーマ情報並び
      * @return スキーマ
      */
-    public static Schema newSchema(XmlResourceResolver resolver,
-                                    LocalXmlResource... resArray ){
+    public static Schema newSchema(
+            XmlResourceResolver resolver,
+            LocalXmlResource... resArray){
+        XmlResourceResolver totalResolver = buildXmlXsdResolver();
+        totalResolver.putRedirected(resolver);
+
         for(LocalXmlResource resource : resArray){
-            resolver.putRedirected(resource);
+            totalResolver.putRedirected(resource);
         }
 
         Source[] sources;
@@ -198,7 +202,7 @@ public final class SchemaUtil {
             throw new AssertionError(e);
         }
 
-        SchemaFactory schemaFactory = newSchemaFactory(resolver);
+        SchemaFactory schemaFactory = newSchemaFactory(totalResolver);
 
         Schema result;
         try{