From: Olyutorskii Date: Sun, 23 Jun 2019 15:06:06 +0000 (+0900) Subject: Move out xml-xsd info from resolver. X-Git-Tag: release-3.122.2^2~2^2~8 X-Git-Url: http://git.osdn.net/view?p=mikutoga%2FTogaGem.git;a=commitdiff_plain;h=4a44b5f608e5d55be6704728c4455b8013615483 Move out xml-xsd info from resolver. --- diff --git a/CHANGELOG.txt b/CHANGELOG.txt index c8f960d..0850023 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -7,6 +7,7 @@ TogaGem 変更履歴 X.XXX.X (XXXX-XX-XX) * Split entity resolver from resource resolver to prevent XXE vulnerability. * Make Schema-factory safe to prevent XXE vulnerability. + * Move out xml-xsd info from resolver. 3.121.2 (2019-06-06) ・DatatypeIo is public now, for replacing JAXB. diff --git a/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java b/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java index 2b824ff..c2de190 100644 --- a/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java +++ b/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java @@ -30,8 +30,36 @@ import org.xml.sax.SAXNotSupportedException; */ public final class SchemaUtil { + + /** XML Schema. */ + public static final String SCHEMA_XML = + "http://www.w3.org/2001/xml.xsd"; + + /** XSD namespace. */ + public static final String NS_XSD = + "http://www.w3.org/2001/XMLSchema-instance"; + + private static final String LOCAL_SCHEMA_XML = + "resources/xmlspace.xsd"; + + private static final URI URI_XSD_ORIG; + private static final URI URI_XSD_LOCAL; + private static final String ALLOWED_USCHEMA = "http"; + private static final Class THISCLASS = SchemaUtil.class; + + + static{ + URL redirectRes = THISCLASS.getResource(LOCAL_SCHEMA_XML); + String redirectResName = redirectRes.toString(); + + URI_XSD_ORIG = URI.create(SCHEMA_XML); + URI_XSD_LOCAL = URI.create(redirectResName); + + assert ALLOWED_USCHEMA.equalsIgnoreCase(URI_XSD_ORIG.getScheme()); + } + /** * 隠しコンストラクタ。 @@ -43,6 +71,17 @@ public final class SchemaUtil { /** + * build xml.xsd redirection info. + * + * @return resolver + */ + public static XmlResourceResolver buildXmlXsdResolver(){ + XmlResourceResolver result = new XmlResourceResolver(); + result.putRedirected(URI_XSD_ORIG, URI_XSD_LOCAL); + return result; + } + + /** * Build SchemaFactory for XML Schema but safety. * *

Includes some considerations for XXE vulnerabilities. diff --git a/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java b/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java index e3c5a53..8e91ca0 100644 --- a/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java +++ b/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java @@ -27,21 +27,8 @@ import org.w3c.dom.ls.LSResourceResolver; public class XmlResourceResolver implements LSResourceResolver{ - /** XML Schema. */ - public static final String SCHEMA_XML = - "http://www.w3.org/2001/xml.xsd"; - - /** XSD名前空間。 */ - public static final String NS_XSD = - "http://www.w3.org/2001/XMLSchema-instance"; - - private static final String LOCAL_SCHEMA_XML = - "resources/xmlspace.xsd"; - private static final URI EMPTY_URI = URI.create(""); - private static final Class THISCLASS = XmlResourceResolver.class; - private final Map uriMap; @@ -52,21 +39,11 @@ public class XmlResourceResolver public XmlResourceResolver(){ super(); - assert this.getClass().equals(THISCLASS); - Map map; map = new HashMap<>(); map = Collections.synchronizedMap(map); this.uriMap = map; - URL redirectRes = THISCLASS.getResource(LOCAL_SCHEMA_XML); - String redirectResName = redirectRes.toString(); - - URI originalURI = URI.create(SCHEMA_XML); - URI redirectURI = URI.create(redirectResName); - - putRedirectedImpl(originalURI, redirectURI); - return; }