List of usage examples for javax.xml XMLConstants FEATURE_SECURE_PROCESSING
String FEATURE_SECURE_PROCESSING
To view the source code for javax.xml XMLConstants FEATURE_SECURE_PROCESSING.
Click Source Link
From source file:org.wso2.pc.integration.tests.publisher.processes.AssociateURLTestCase.java
@Test(groups = {
"org.wso2.pc" }, description = "Check associated GDOC document existence", dependsOnMethods = "associateGDoc")
public void checkGDoc() throws Exception {
RegistryProviderUtil registryProviderUtil = new RegistryProviderUtil();
WSRegistryServiceClient wsRegistryServiceClient = registryProviderUtil.getWSRegistry(automationContext);
String xml = new String(
wsRegistryServiceClient.getContent("/_system/governance/processes/TestProcess1/1.0"));
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder();
Document document = builder.parse(new InputSource(new StringReader(xml)));
Element root = document.getDocumentElement();
Assert.assertNotNull(root.getElementsByTagName("document").item(0), "No document found");
String expectedGDocURL = ((Element) root.getElementsByTagName("document").item(0))
.getElementsByTagName("url").item(0).getTextContent();
Assert.assertTrue(expectedGDocURL.equals(GDOC_URL), "Expected GDoc URL not found");
}
From source file:org.wso2.pc.integration.tests.publisher.processes.ImportProcessTestCase.java
private Element getAssociateProcess(String processType) throws Exception { Element associateProcessElement = null; WSRegistryServiceClient wsRegistryServiceClient = registryProviderUtil.getWSRegistry(automationContext); String xml = new String(wsRegistryServiceClient.getContent("/_system/governance/bpmn/Process1/1.0")); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder builder = documentBuilderFactory.newDocumentBuilder(); Document document = builder.parse(new InputSource(new StringReader(xml))); Element root = document.getDocumentElement(); if (root.getElementsByTagName(processType) != null) associateProcessElement = (Element) root.getElementsByTagName(processType).item(0); return associateProcessElement; }
From source file:pt.webdetails.cpf.utils.XmlParserFactoryProducer.java
/** * Creates an instance of {@link SAXReader} class * with features that prevent from some XXE attacks (e.g. XML bomb) * See PPP-3506 for more details./*w ww . j a v a2s.c om*/ * See also https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet * * @param resolver Is {@link EntityResolver} or null * @return {@link SAXReader} */ public static SAXReader getSAXReader(final EntityResolver resolver) { SAXReader reader = new SAXReader(); if (resolver != null) { reader.setEntityResolver(resolver); } try { reader.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); reader.setFeature("http://xml.org/sax/features/external-general-entities", false); reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false); reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); } catch (SAXException e) { logger.error("Some parser properties are not supported."); } reader.setIncludeExternalDTDDeclarations(false); reader.setIncludeInternalDTDDeclarations(false); return reader; }