com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit Java Examples

The following examples show how to use com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XMLEntityScanner.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Checks whether the value of the specified Limit exceeds its limit
 *
 * @param limit The Limit to be checked
 * @param entity The current entity
 * @param offset The index of the first byte
 * @param length The length of the entity scanned
 */
protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) {
    fLimitAnalyzer.addValue(limit, entity.name, length);
    if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        Object[] e = (limit == Limit.ENTITY_REPLACEMENT_LIMIT) ?
                new Object[]{fLimitAnalyzer.getValue(limit),
                    fSecurityManager.getLimit(limit), fSecurityManager.getStateLiteral(limit)} :
                new Object[]{entity.name, fLimitAnalyzer.getValue(limit),
                    fSecurityManager.getLimit(limit), fSecurityManager.getStateLiteral(limit)};
        fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(),
                e, XMLErrorReporter.SEVERITY_FATAL_ERROR);
    }
    if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
            fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
            fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)},
                XMLErrorReporter.SEVERITY_FATAL_ERROR);
    }
}
 
Example #2
Source File: XMLDocumentFragmentScannerImpl.java    From jdk8u60 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Add the count of the content buffer and check if the accumulated
 * value exceeds the limit
 * @param buffer content buffer
 */
protected void checkLimit(XMLStringBuffer buffer) {
    if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
        fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
        if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
                fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
        }
        if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
        }
    }
}
 
Example #3
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Add the count of the content buffer and check if the accumulated
 * value exceeds the limit
 * @param buffer content buffer
 */
protected void checkLimit(XMLStringBuffer buffer) {
    if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
        fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
        if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
                fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
        }
        if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
        }
    }
}
 
Example #4
Source File: XMLDocumentFragmentScannerImpl.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #5
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #6
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #7
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-8 with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
    } else {
        fElementAttributeLimit = 0;
    }
    fLimitAnalyzer = new XMLLimitAnalyzer();
    fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
 
Example #8
Source File: XMLDocumentFragmentScannerImpl.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example #9
Source File: XMLDocumentFragmentScannerImpl.java    From openjdk-8-source with GNU General Public License v2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
    } else {
        fElementAttributeLimit = 0;
    }
    fLimitAnalyzer = new XMLLimitAnalyzer();
    fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
 
Example #10
Source File: XMLDocumentFragmentScannerImpl.java    From TencentKona-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example #11
Source File: XMLLimitAnalyzer.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Resets the current value of the specified limit.
 * @param limit The limit to be reset.
 */
public void reset(Limit limit) {
    if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[limit.ordinal()] = 0;
    } else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
        names[limit.ordinal()] = null;
        values[limit.ordinal()] = 0;
        caches[limit.ordinal()] = null;
        totalValue[limit.ordinal()] = 0;
    }
}
 
Example #12
Source File: XMLLimitAnalyzer.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Resets the current value of the specified limit.
 * @param limit The limit to be reset.
 */
public void reset(Limit limit) {
    if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[limit.ordinal()] = 0;
    } else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
        names[limit.ordinal()] = null;
        values[limit.ordinal()] = 0;
        caches[limit.ordinal()] = null;
        totalValue[limit.ordinal()] = 0;
    }
}
 
Example #13
Source File: XMLLimitAnalyzer.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example #14
Source File: XMLEntityScanner.java    From jdk1.8-source-analysis with Apache License 2.0 5 votes vote down vote up
/**
 * If the current entity is an Entity reference, check the accumulated size
 * against the limit.
 *
 * @param nt type of name (element, attribute or entity)
 * @param entity The current entity
 * @param offset The index of the first byte
 * @param length The length of the entity scanned
 */
protected void checkEntityLimit(NameType nt, ScannedEntity entity, int offset, int length) {
    if (entity == null || !entity.isGE) {
        return;
    }

    if (nt != NameType.REFERENCE) {
        checkLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, entity, offset, length);
    }
    if (nt == NameType.ELEMENTSTART || nt == NameType.ATTRIBUTENAME) {
        checkNodeCount(entity);
    }
}
 
Example #15
Source File: XMLLimitAnalyzer.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Add the value to the current count by the index of the property
 * @param index the index of the property
 * @param entityName the name of the entity
 * @param value the value of the entity
 */
public void addValue(int index, String entityName, int value) {
    if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
            index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
            index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
        totalValue[index] += value;
        return;
    }
    if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
        totalValue[index] = value;
        return;
    }

    Map<String, Integer> cache;
    if (caches[index] == null) {
        cache = new HashMap<String, Integer>(10);
        caches[index] = cache;
    } else {
        cache = caches[index];
    }

    int accumulatedValue = value;
    if (cache.containsKey(entityName)) {
        accumulatedValue += cache.get(entityName).intValue();
        cache.put(entityName, Integer.valueOf(accumulatedValue));
    } else {
        cache.put(entityName, Integer.valueOf(value));
    }

    if (accumulatedValue > values[index]) {
        values[index] = accumulatedValue;
        names[index] = entityName;
    }


    if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
            index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
    }
}
 
Example #16
Source File: XMLLimitAnalyzer.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example #17
Source File: XMLDocumentFragmentScannerImpl.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example #18
Source File: XMLLimitAnalyzer.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example #19
Source File: XMLLimitAnalyzer.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example #20
Source File: XMLLimitAnalyzer.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example #21
Source File: XMLLimitAnalyzer.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example #22
Source File: XMLLimitAnalyzer.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Resets the current value of the specified limit.
 * @param limit The limit to be reset.
 */
public void reset(Limit limit) {
    if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[limit.ordinal()] = 0;
    } else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
        names[limit.ordinal()] = null;
        values[limit.ordinal()] = 0;
        caches[limit.ordinal()] = null;
        totalValue[limit.ordinal()] = 0;
    }
}
 
Example #23
Source File: XMLLimitAnalyzer.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Add the value to the current count by the index of the property
 * @param index the index of the property
 * @param entityName the name of the entity
 * @param value the value of the entity
 */
public void addValue(int index, String entityName, int value) {
    if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
            index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
            index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
        totalValue[index] += value;
        return;
    }

    Map<String, Integer> cache;
    if (caches[index] == null) {
        cache = new HashMap<String, Integer>(10);
        caches[index] = cache;
    } else {
        cache = caches[index];
    }

    int accumulatedValue = value;
    if (cache.containsKey(entityName)) {
        accumulatedValue += cache.get(entityName).intValue();
        cache.put(entityName, Integer.valueOf(accumulatedValue));
    } else {
        cache.put(entityName, Integer.valueOf(value));
    }

    if (accumulatedValue > values[index]) {
        values[index] = accumulatedValue;
        names[index] = entityName;
    }


    if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
            index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
    }
}
 
Example #24
Source File: XMLEntityScanner.java    From JDKSourceCode1.8 with MIT License 5 votes vote down vote up
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}
 
Example #25
Source File: XMLLimitAnalyzer.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example #26
Source File: XMLDocumentFragmentScannerImpl.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example #27
Source File: XMLLimitAnalyzer.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Add the value to the current count by the index of the property
 * @param index the index of the property
 * @param entityName the name of the entity
 * @param value the value of the entity
 */
public void addValue(int index, String entityName, int value) {
    if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
            index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
            index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
        totalValue[index] += value;
        return;
    }

    Map<String, Integer> cache;
    if (caches[index] == null) {
        cache = new HashMap<String, Integer>(10);
        caches[index] = cache;
    } else {
        cache = caches[index];
    }

    int accumulatedValue = value;
    if (cache.containsKey(entityName)) {
        accumulatedValue += cache.get(entityName).intValue();
        cache.put(entityName, Integer.valueOf(accumulatedValue));
    } else {
        cache.put(entityName, Integer.valueOf(value));
    }

    if (accumulatedValue > values[index]) {
        values[index] = accumulatedValue;
        names[index] = entityName;
    }


    if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
            index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
    }
}
 
Example #28
Source File: XMLEntityScanner.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * If the current entity is an Entity reference, check the accumulated size
 * against the limit.
 *
 * @param nt type of name (element, attribute or entity)
 * @param entity The current entity
 * @param offset The index of the first byte
 * @param length The length of the entity scanned
 */
protected void checkEntityLimit(NameType nt, ScannedEntity entity, int offset, int length) {
    if (entity == null || !entity.isGE) {
        return;
    }

    if (nt != NameType.REFERENCE) {
        checkLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, entity, offset, length);
    }
    if (nt == NameType.ELEMENTSTART || nt == NameType.ATTRIBUTENAME) {
        checkNodeCount(entity);
    }
}
 
Example #29
Source File: XMLLimitAnalyzer.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example #30
Source File: XMLEntityScanner.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}