Example 6 with XMLInputFactory
use of javax.xml.stream.XMLInputFactory in project sonarqube by SonarSource.
the class QProfileBackuper method initStax.
private static SMInputFactory initStax() {
XMLInputFactory xmlFactory = XMLInputFactory.newInstance();
xmlFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
xmlFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.FALSE);
// just so it won't try to load DTD in if there's DOCTYPE
xmlFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
xmlFactory.setProperty(XMLInputFactory.IS_VALIDATING, Boolean.FALSE);
return new SMInputFactory(xmlFactory);
}
Also used :
SMInputFactory(org.codehaus.staxmate.SMInputFactory)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Example 7 with XMLInputFactory
use of javax.xml.stream.XMLInputFactory in project sonarqube by SonarSource.
the class RulesDefinitionXmlLoader method load.
/**
* Loads rules by reading the XML input stream. The reader is not closed by the method, so it
* should be handled by the caller.
* @since 4.3
*/
public void load(RulesDefinition.NewRepository repo, Reader reader) {
XMLInputFactory xmlFactory = XMLInputFactory.newInstance();
xmlFactory.setProperty(XMLInputFactory.IS_COALESCING, Boolean.TRUE);
xmlFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.FALSE);
// just so it won't try to load DTD in if there's DOCTYPE
xmlFactory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
xmlFactory.setProperty(XMLInputFactory.IS_VALIDATING, Boolean.FALSE);
SMInputFactory inputFactory = new SMInputFactory(xmlFactory);
try {
SMHierarchicCursor rootC = inputFactory.rootElementCursor(reader);
// <rules>
rootC.advance();
SMInputCursor rulesC = rootC.childElementCursor("rule");
while (rulesC.getNext() != null) {
// <rule>
processRule(repo, rulesC);
}
} catch (XMLStreamException e) {
throw new IllegalStateException("XML is not valid", e);
}
}
Also used :
SMInputCursor(org.codehaus.staxmate.in.SMInputCursor)
SMHierarchicCursor(org.codehaus.staxmate.in.SMHierarchicCursor)
XMLStreamException(javax.xml.stream.XMLStreamException)
SMInputFactory(org.codehaus.staxmate.SMInputFactory)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Example 8 with XMLInputFactory
use of javax.xml.stream.XMLInputFactory in project malmo by Microsoft.
the class SchemaHelper method deserialiseObject.
/** Attempt to construct the specified object from this XML string
* @param xml the XML string to parse
* @param xsdFile the name of the XSD schema that defines the object
* @param objclass the class of the object requested
* @return if successful, an instance of class objclass that captures the data in the XML string
*/
public static Object deserialiseObject(String xml, String xsdFile, Class<?> objclass) throws JAXBException, SAXException, XMLStreamException {
Object obj = null;
JAXBContext jaxbContext = getJAXBContext(objclass);
SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
final String schemaResourceFilename = new String(xsdFile);
URL schemaURL = MalmoMod.class.getClassLoader().getResource(schemaResourceFilename);
Schema schema = schemaFactory.newSchema(schemaURL);
Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
jaxbUnmarshaller.setSchema(schema);
StringReader stringReader = new StringReader(xml);
XMLInputFactory xif = XMLInputFactory.newFactory();
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader XMLreader = xif.createXMLStreamReader(stringReader);
obj = jaxbUnmarshaller.unmarshal(XMLreader);
return obj;
}
Also used :
SchemaFactory(javax.xml.validation.SchemaFactory)
XMLStreamReader(javax.xml.stream.XMLStreamReader)
Schema(javax.xml.validation.Schema)
StringReader(java.io.StringReader)
JAXBContext(javax.xml.bind.JAXBContext)
Unmarshaller(javax.xml.bind.Unmarshaller)
MalmoMod(com.microsoft.Malmo.MalmoMod)
URL(java.net.URL)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Example 9 with XMLInputFactory
use of javax.xml.stream.XMLInputFactory in project Mycat-Server by MyCATApache.
the class XmlProcessBase method baseParseXmlToBean.
/**
* 默认转换将指定的xml转化为
* 方法描述
* @param inputStream
* @param fileName
* @return
* @throws JAXBException
* @throws XMLStreamException
* @创建日期 2016年9月16日
*/
public Object baseParseXmlToBean(String fileName) throws JAXBException, XMLStreamException {
// 搜索当前转化的文件
InputStream inputStream = XmlProcessBase.class.getResourceAsStream(fileName);
// 如果能够搜索到文件
if (inputStream != null) {
// 进行文件反序列化信息
XMLInputFactory xif = XMLInputFactory.newFactory();
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader xmlRead = xif.createXMLStreamReader(new StreamSource(inputStream));
return unmarshaller.unmarshal(xmlRead);
}
return null;
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
InputStream(java.io.InputStream)
StreamSource(javax.xml.transform.stream.StreamSource)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Example 10 with XMLInputFactory
use of javax.xml.stream.XMLInputFactory in project OpenAttestation by OpenAttestation.
the class JAXB method read.
/**
* Does not allow XML External Entity (XXE) injection CWE-611
* http://cwe.mitre.org/data/definitions/611.html
*
* @param <T>
* @param document
* @param valueType
* @return
* @throws IOException
* @throws JAXBException
*/
public <T> T read(String document, Class<T> valueType) throws IOException, JAXBException, XMLStreamException {
JAXBContext jc = getContextForType(valueType);
// CWE-611 restrict XML external entity references
XMLInputFactory xif = XMLInputFactory.newFactory();
// if true allows sender to include external files via entity declaration in the DTD, which is a security vulnerability
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
// if true allows sender to declare a DTD, and the DTD spec has security vulnerabilities so a reference implementation cannot be secure
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
// if true allows sender to encode > < " & and ' but not custom-defined entity references because we disable dtd support ; http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML
xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
XMLStreamReader xsr = xif.createXMLStreamReader(new StreamSource(new StringReader(document)));
Unmarshaller u = jc.createUnmarshaller();
JAXBElement<T> doc = u.unmarshal(xsr, valueType);
return doc.getValue();
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
StreamSource(javax.xml.transform.stream.StreamSource)
StringReader(java.io.StringReader)
JAXBContext(javax.xml.bind.JAXBContext)
Unmarshaller(javax.xml.bind.Unmarshaller)
XMLInputFactory(javax.xml.stream.XMLInputFactory)
Aggregations
XMLInputFactory (javax.xml.stream.XMLInputFactory)154
XMLStreamReader (javax.xml.stream.XMLStreamReader)98
XMLStreamException (javax.xml.stream.XMLStreamException)63
StringReader (java.io.StringReader)43
InputStream (java.io.InputStream)41
IOException (java.io.IOException)33
XMLEventReader (javax.xml.stream.XMLEventReader)30
Test (org.junit.Test)22
ByteArrayInputStream (java.io.ByteArrayInputStream)19
InputStreamReader (java.io.InputStreamReader)14
JAXBException (javax.xml.bind.JAXBException)14
StAXSource (javax.xml.transform.stax.StAXSource)14
StreamSource (javax.xml.transform.stream.StreamSource)14
Unmarshaller (javax.xml.bind.Unmarshaller)13
ArrayList (java.util.ArrayList)12
XMLEvent (javax.xml.stream.events.XMLEvent)12
DOMSource (javax.xml.transform.dom.DOMSource)11
DeploymentUnitProcessingException (org.jboss.as.server.deployment.DeploymentUnitProcessingException)10
JAXBContext (javax.xml.bind.JAXBContext)9
HashMap (java.util.HashMap)8
