s434730/RandomSec
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disable DTDs in XML importer. Closes #1907.

Browse Source
This commit is contained in:
Antonin Delpeuch 2018-12-31 16:02:34 +01:00
parent ddd9bf9aa8
commit 6a0d7d56e4
2 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
main/src/com/google/refine/importers/XmlImporter.java
View File

@ -321,6 +321,7 @@ public class XmlImporter extends TreeImportingParserBase {
XMLInputFactory factory = XMLInputFactory.newInstance(); XMLInputFactory factory = XMLInputFactory.newInstance();
factory.setProperty(XMLInputFactory.IS_COALESCING, true); factory.setProperty(XMLInputFactory.IS_COALESCING, true);
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true); factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
return factory.createXMLStreamReader(wrapPrefixRemovingInputStream(inputStream)); return factory.createXMLStreamReader(wrapPrefixRemovingInputStream(inputStream));
} }

26
main/tests/server/src/com/google/refine/tests/importers/XmlImporterTests.java
View File

@ -131,6 +131,17 @@ public class XmlImporterTests extends ImporterTest {
Assert.assertEquals(row.getCell(1).value, "Author 1, The"); Assert.assertEquals(row.getCell(1).value, "Author 1, The");
} }
@Test
public void ignoresDtds() {
RunTest(getSampleWithDtd());
assertProjectCreated(project, 4, 6);
Row row = project.rows.get(0);
Assert.assertNotNull(row);
Assert.assertNotNull(row.getCell(1));
Assert.assertEquals(row.getCell(1).value, "Author 1, The");
}
@Test @Test
public void canParseSampleWithDuplicateNestedElements(){ public void canParseSampleWithDuplicateNestedElements(){
RunTest(getSampleWithDuplicateNestedElements()); RunTest(getSampleWithDuplicateNestedElements());
@ -224,6 +235,21 @@ public class XmlImporterTests extends ImporterTest {
return sb.toString(); return sb.toString();
} }
public static String getSampleWithDtd(){
StringBuilder sb = new StringBuilder();
sb.append("<?xml version=\"1.0\"?>");
sb.append("<!DOCTYPE library [\n" +
"<!ENTITY % asd SYSTEM \"http://domain.does.not.exist:4444/ext.dtd\">\n" +
"%asd;\n" +
"%c;\n" +
"]><library>");
for(int i = 1; i < 7; i++){
sb.append(getTypicalElement(i));
}
sb.append("</library>");
return sb.toString();
}
public static ObjectNode getOptions(ImportingJob job, TreeImportingParserBase parser) { public static ObjectNode getOptions(ImportingJob job, TreeImportingParserBase parser) {
ObjectNode options = parser.createParserUIInitializationData( ObjectNode options = parser.createParserUIInitializationData(
job, new LinkedList<>(), "text/json"); job, new LinkedList<>(), "text/json");