Search in sources :

Example 1 with XmlLocationAnnotator

use of org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator in project org.hl7.fhir.core by hapifhir.

the class XmlParser method parse.

public Element parse(InputStream stream) throws FHIRFormatError, DefinitionException, FHIRException, IOException {
    Document doc = null;
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        // xxe protection
        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);
        factory.setNamespaceAware(true);
        if (policy == ValidationPolicy.EVERYTHING) {
            // use a slower parser that keeps location data
            TransformerFactory transformerFactory = TransformerFactory.newInstance();
            Transformer nullTransformer = transformerFactory.newTransformer();
            DocumentBuilder docBuilder = factory.newDocumentBuilder();
            doc = docBuilder.newDocument();
            DOMResult domResult = new DOMResult(doc);
            SAXParserFactory spf = SAXParserFactory.newInstance();
            spf.setNamespaceAware(true);
            spf.setValidating(false);
            // xxe protection
            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
            spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            SAXParser saxParser = spf.newSAXParser();
            XMLReader xmlReader = saxParser.getXMLReader();
            // xxe protection
            xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
            xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            XmlLocationAnnotator locationAnnotator = new XmlLocationAnnotator(xmlReader, doc);
            InputSource inputSource = new InputSource(stream);
            SAXSource saxSource = new SAXSource(locationAnnotator, inputSource);
            nullTransformer.transform(saxSource, domResult);
        } else {
            DocumentBuilder builder = factory.newDocumentBuilder();
            doc = builder.parse(stream);
        }
    } catch (Exception e) {
        logError(0, 0, "(syntax)", IssueType.INVALID, e.getMessage(), IssueSeverity.FATAL);
        doc = null;
    }
    if (doc == null)
        return null;
    else
        return parse(doc);
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) DOMResult(javax.xml.transform.dom.DOMResult) Document(org.w3c.dom.Document) DefinitionException(org.hl7.fhir.exceptions.DefinitionException) IOException(java.io.IOException) FHIRException(org.hl7.fhir.exceptions.FHIRException) SAXSource(javax.xml.transform.sax.SAXSource) DocumentBuilder(javax.xml.parsers.DocumentBuilder) XmlLocationAnnotator(org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator) SAXParser(javax.xml.parsers.SAXParser) XMLReader(org.xml.sax.XMLReader) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Example 2 with XmlLocationAnnotator

use of org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator in project org.hl7.fhir.core by hapifhir.

the class XmlParser method parse.

public Element parse(InputStream stream) throws Exception {
    Document doc = null;
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        // xxe protection
        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);
        factory.setNamespaceAware(true);
        if (policy == ValidationPolicy.EVERYTHING) {
            // use a slower parser that keeps location data
            TransformerFactory transformerFactory = TransformerFactory.newInstance();
            Transformer nullTransformer = transformerFactory.newTransformer();
            DocumentBuilder docBuilder = factory.newDocumentBuilder();
            doc = docBuilder.newDocument();
            DOMResult domResult = new DOMResult(doc);
            SAXParserFactory spf = SAXParserFactory.newInstance();
            spf.setNamespaceAware(true);
            spf.setValidating(false);
            SAXParser saxParser = spf.newSAXParser();
            XMLReader xmlReader = saxParser.getXMLReader();
            // xxe protection
            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
            spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
            xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            XmlLocationAnnotator locationAnnotator = new XmlLocationAnnotator(xmlReader, doc);
            InputSource inputSource = new InputSource(stream);
            SAXSource saxSource = new SAXSource(locationAnnotator, inputSource);
            nullTransformer.transform(saxSource, domResult);
        } else {
            DocumentBuilder builder = factory.newDocumentBuilder();
            doc = builder.parse(stream);
        }
    } catch (Exception e) {
        logError(0, 0, "(syntax)", IssueType.INVALID, e.getMessage(), IssueSeverity.FATAL);
        doc = null;
    }
    if (doc == null)
        return null;
    else
        return parse(doc);
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) DOMResult(javax.xml.transform.dom.DOMResult) Document(org.w3c.dom.Document) IOException(java.io.IOException) FHIRException(org.hl7.fhir.exceptions.FHIRException) SAXSource(javax.xml.transform.sax.SAXSource) DocumentBuilder(javax.xml.parsers.DocumentBuilder) XmlLocationAnnotator(org.hl7.fhir.dstu2016may.utils.XmlLocationAnnotator) SAXParser(javax.xml.parsers.SAXParser) XMLReader(org.xml.sax.XMLReader) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Example 3 with XmlLocationAnnotator

use of org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator in project org.hl7.fhir.core by hapifhir.

the class XmlParser method parse.

public Element parse(InputStream stream) throws FHIRFormatError, DefinitionException, FHIRException, IOException {
    Document doc = null;
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        // xxe protection
        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);
        factory.setNamespaceAware(true);
        if (policy == ValidationPolicy.EVERYTHING) {
            // use a slower parser that keeps location data
            TransformerFactory transformerFactory = TransformerFactory.newInstance();
            Transformer nullTransformer = transformerFactory.newTransformer();
            DocumentBuilder docBuilder = factory.newDocumentBuilder();
            doc = docBuilder.newDocument();
            DOMResult domResult = new DOMResult(doc);
            SAXParserFactory spf = SAXParserFactory.newInstance();
            spf.setNamespaceAware(true);
            spf.setValidating(false);
            // xxe protection
            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
            spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            SAXParser saxParser = spf.newSAXParser();
            XMLReader xmlReader = saxParser.getXMLReader();
            // xxe protection
            xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
            xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            XmlLocationAnnotator locationAnnotator = new XmlLocationAnnotator(xmlReader, doc);
            InputSource inputSource = new InputSource(stream);
            SAXSource saxSource = new SAXSource(locationAnnotator, inputSource);
            nullTransformer.transform(saxSource, domResult);
        } else {
            DocumentBuilder builder = factory.newDocumentBuilder();
            doc = builder.parse(stream);
        }
    } catch (Exception e) {
        logError(0, 0, "(syntax)", IssueType.INVALID, e.getMessage(), IssueSeverity.FATAL);
        doc = null;
    }
    if (doc == null)
        return null;
    else
        return parse(doc);
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) DOMResult(javax.xml.transform.dom.DOMResult) Document(org.w3c.dom.Document) DefinitionException(org.hl7.fhir.exceptions.DefinitionException) IOException(java.io.IOException) FHIRException(org.hl7.fhir.exceptions.FHIRException) SAXSource(javax.xml.transform.sax.SAXSource) DocumentBuilder(javax.xml.parsers.DocumentBuilder) XmlLocationAnnotator(org.hl7.fhir.dstu3.utils.formats.XmlLocationAnnotator) SAXParser(javax.xml.parsers.SAXParser) XMLReader(org.xml.sax.XMLReader) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Example 4 with XmlLocationAnnotator

use of org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator in project org.hl7.fhir.core by hapifhir.

the class XmlParser method parse.

public List<NamedElement> parse(InputStream stream) throws FHIRFormatError, DefinitionException, FHIRException, IOException {
    List<NamedElement> res = new ArrayList<>();
    Document doc = null;
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        // xxe protection
        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);
        factory.setNamespaceAware(true);
        if (policy == ValidationPolicy.EVERYTHING) {
            // if we can, we'll inspect the header/encoding ourselves
            if (stream.markSupported()) {
                stream.mark(1024);
                version = checkHeader(stream);
                stream.reset();
            }
            // use a slower parser that keeps location data
            TransformerFactory transformerFactory = TransformerFactory.newInstance();
            Transformer nullTransformer = transformerFactory.newTransformer();
            DocumentBuilder docBuilder = factory.newDocumentBuilder();
            doc = docBuilder.newDocument();
            DOMResult domResult = new DOMResult(doc);
            SAXParserFactory spf = SAXParserFactory.newInstance();
            spf.setNamespaceAware(true);
            spf.setValidating(false);
            // xxe protection
            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
            spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            SAXParser saxParser = spf.newSAXParser();
            XMLReader xmlReader = saxParser.getXMLReader();
            // xxe protection
            xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
            xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            XmlLocationAnnotator locationAnnotator = new XmlLocationAnnotator(xmlReader, doc);
            InputSource inputSource = new InputSource(stream);
            SAXSource saxSource = new SAXSource(locationAnnotator, inputSource);
            nullTransformer.transform(saxSource, domResult);
        } else {
            DocumentBuilder builder = factory.newDocumentBuilder();
            doc = builder.parse(stream);
        }
    } catch (Exception e) {
        logError(0, 0, "(syntax)", IssueType.INVALID, e.getMessage(), IssueSeverity.FATAL);
        doc = null;
    }
    if (doc != null) {
        Element e = parse(doc);
        if (e != null) {
            res.add(new NamedElement(null, e));
        }
    }
    return res;
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) DOMResult(javax.xml.transform.dom.DOMResult) NamedElement(org.hl7.fhir.r4b.elementmodel.ParserBase.NamedElement) SpecialElement(org.hl7.fhir.r4b.elementmodel.Element.SpecialElement) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) DefinitionException(org.hl7.fhir.exceptions.DefinitionException) IOException(java.io.IOException) FHIRException(org.hl7.fhir.exceptions.FHIRException) SAXSource(javax.xml.transform.sax.SAXSource) DocumentBuilder(javax.xml.parsers.DocumentBuilder) XmlLocationAnnotator(org.hl7.fhir.r4b.utils.formats.XmlLocationAnnotator) SAXParser(javax.xml.parsers.SAXParser) NamedElement(org.hl7.fhir.r4b.elementmodel.ParserBase.NamedElement) XMLReader(org.xml.sax.XMLReader) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Example 5 with XmlLocationAnnotator

use of org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator in project org.hl7.fhir.core by hapifhir.

the class XmlParser method parse.

public List<NamedElement> parse(InputStream stream) throws FHIRFormatError, DefinitionException, FHIRException, IOException {
    List<NamedElement> res = new ArrayList<>();
    Document doc = null;
    try {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        // xxe protection
        factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        factory.setXIncludeAware(false);
        factory.setExpandEntityReferences(false);
        factory.setNamespaceAware(true);
        if (policy == ValidationPolicy.EVERYTHING) {
            // if we can, we'll inspect the header/encoding ourselves
            if (stream.markSupported()) {
                stream.mark(1024);
                version = checkHeader(stream);
                stream.reset();
            }
            // use a slower parser that keeps location data
            TransformerFactory transformerFactory = TransformerFactory.newInstance();
            Transformer nullTransformer = transformerFactory.newTransformer();
            DocumentBuilder docBuilder = factory.newDocumentBuilder();
            doc = docBuilder.newDocument();
            DOMResult domResult = new DOMResult(doc);
            SAXParserFactory spf = SAXParserFactory.newInstance();
            spf.setNamespaceAware(true);
            spf.setValidating(false);
            // xxe protection
            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
            spf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            SAXParser saxParser = spf.newSAXParser();
            XMLReader xmlReader = saxParser.getXMLReader();
            // xxe protection
            xmlReader.setFeature("http://xml.org/sax/features/external-general-entities", false);
            xmlReader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            XmlLocationAnnotator locationAnnotator = new XmlLocationAnnotator(xmlReader, doc);
            InputSource inputSource = new InputSource(stream);
            SAXSource saxSource = new SAXSource(locationAnnotator, inputSource);
            nullTransformer.transform(saxSource, domResult);
        } else {
            DocumentBuilder builder = factory.newDocumentBuilder();
            doc = builder.parse(stream);
        }
    } catch (Exception e) {
        logError(0, 0, "(syntax)", IssueType.INVALID, e.getMessage(), IssueSeverity.FATAL);
        doc = null;
    }
    if (doc != null) {
        Element e = parse(doc);
        if (e != null) {
            res.add(new NamedElement(null, e));
        }
    }
    return res;
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) TransformerFactory(javax.xml.transform.TransformerFactory) Transformer(javax.xml.transform.Transformer) DOMResult(javax.xml.transform.dom.DOMResult) SpecialElement(org.hl7.fhir.r5.elementmodel.Element.SpecialElement) NamedElement(org.hl7.fhir.r5.elementmodel.ParserBase.NamedElement) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) DefinitionException(org.hl7.fhir.exceptions.DefinitionException) IOException(java.io.IOException) FHIRException(org.hl7.fhir.exceptions.FHIRException) SAXSource(javax.xml.transform.sax.SAXSource) DocumentBuilder(javax.xml.parsers.DocumentBuilder) XmlLocationAnnotator(org.hl7.fhir.r5.utils.formats.XmlLocationAnnotator) SAXParser(javax.xml.parsers.SAXParser) NamedElement(org.hl7.fhir.r5.elementmodel.ParserBase.NamedElement) XMLReader(org.xml.sax.XMLReader) SAXParserFactory(javax.xml.parsers.SAXParserFactory)

Aggregations

IOException (java.io.IOException)5 DocumentBuilder (javax.xml.parsers.DocumentBuilder)5 DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)5 SAXParser (javax.xml.parsers.SAXParser)5 SAXParserFactory (javax.xml.parsers.SAXParserFactory)5 Transformer (javax.xml.transform.Transformer)5 TransformerFactory (javax.xml.transform.TransformerFactory)5 DOMResult (javax.xml.transform.dom.DOMResult)5 SAXSource (javax.xml.transform.sax.SAXSource)5 FHIRException (org.hl7.fhir.exceptions.FHIRException)5 Document (org.w3c.dom.Document)5 InputSource (org.xml.sax.InputSource)5 XMLReader (org.xml.sax.XMLReader)5 DefinitionException (org.hl7.fhir.exceptions.DefinitionException)4 ArrayList (java.util.ArrayList)2 XmlLocationAnnotator (org.hl7.fhir.dstu2016may.utils.XmlLocationAnnotator)1 XmlLocationAnnotator (org.hl7.fhir.dstu3.utils.formats.XmlLocationAnnotator)1 XmlLocationAnnotator (org.hl7.fhir.r4.utils.formats.XmlLocationAnnotator)1 SpecialElement (org.hl7.fhir.r4b.elementmodel.Element.SpecialElement)1 NamedElement (org.hl7.fhir.r4b.elementmodel.ParserBase.NamedElement)1