Java Code Examples for com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit

The following examples show how to use com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
    } else {
        fElementAttributeLimit = 0;
    }
    fLimitAnalyzer = new XMLLimitAnalyzer();
    fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
 
Example 2
Source Project: Bytecoder   Source File: XMLDocumentFragmentScannerImpl.java    License: Apache License 2.0 6 votes vote down vote up
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example 3
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example 4
/**
 * Add the count of the content buffer and check if the accumulated
 * value exceeds the limit
 * @param buffer content buffer
 */
protected void checkLimit(XMLStringBuffer buffer) {
    if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
        fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
        if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
                fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
        }
        if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
        }
    }
}
 
Example 5
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
    } else {
        fElementAttributeLimit = 0;
    }
    fLimitAnalyzer = new XMLLimitAnalyzer();
    fEntityManager.setLimitAnalyzer(fLimitAnalyzer);
}
 
Example 6
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example 7
/**
 * Checks whether the value of the specified Limit exceeds its limit
 *
 * @param limit The Limit to be checked
 * @param entity The current entity
 * @param offset The index of the first byte
 * @param length The length of the entity scanned
 */
protected void checkLimit(Limit limit, ScannedEntity entity, int offset, int length) {
    fLimitAnalyzer.addValue(limit, entity.name, length);
    if (fSecurityManager.isOverLimit(limit, fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        Object[] e = (limit == Limit.ENTITY_REPLACEMENT_LIMIT) ?
                new Object[]{fLimitAnalyzer.getValue(limit),
                    fSecurityManager.getLimit(limit), fSecurityManager.getStateLiteral(limit)} :
                new Object[]{entity.name, fLimitAnalyzer.getValue(limit),
                    fSecurityManager.getLimit(limit), fSecurityManager.getStateLiteral(limit)};
        fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, limit.key(),
                e, XMLErrorReporter.SEVERITY_FATAL_ERROR);
    }
    if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, "TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
            fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
            fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)},
                XMLErrorReporter.SEVERITY_FATAL_ERROR);
    }
}
 
Example 8
/**
 * Add the count of the content buffer and check if the accumulated
 * value exceeds the limit
 * @param buffer content buffer
 */
protected void checkLimit(XMLStringBuffer buffer) {
    if (fLimitAnalyzer.isTracking(fCurrentEntityName)) {
        fLimitAnalyzer.addValue(Limit.GENERAL_ENTITY_SIZE_LIMIT, fCurrentEntityName, buffer.length);
        if (fSecurityManager.isOverLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("MaxEntitySizeLimit", new Object[]{fCurrentEntityName,
                fLimitAnalyzer.getValue(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.GENERAL_ENTITY_SIZE_LIMIT)});
        }
        if (fSecurityManager.isOverLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT, fLimitAnalyzer)) {
            fSecurityManager.debugPrint(fLimitAnalyzer);
            reportFatalError("TotalEntitySizeLimit",
                new Object[]{fLimitAnalyzer.getTotalValue(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getLimit(Limit.TOTAL_ENTITY_SIZE_LIMIT),
                fSecurityManager.getStateLiteral(Limit.TOTAL_ENTITY_SIZE_LIMIT)});
        }
    }
}
 
Example 9
void resetCommon() {
    // initialize vars
    fMarkupDepth = 0;
    fCurrentElement = null;
    fElementStack.clear();
    fHasExternalDTD = false;
    fStandaloneSet = false;
    fStandalone = false;
    fInScanContent = false;
    //skipping algorithm
    fShouldSkip = false;
    fAdd = false;
    fSkip = false;

    fEntityStore = fEntityManager.getEntityStore();
    dtdGrammarUtil = null;

    if (fSecurityManager != null) {
        fElementAttributeLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.ELEMENT_ATTRIBUTE_LIMIT);
        fXMLNameLimit = fSecurityManager.getLimit(XMLSecurityManager.Limit.MAX_NAME_LIMIT);
    } else {
        fElementAttributeLimit = 0;
        fXMLNameLimit = XMLSecurityManager.Limit.MAX_NAME_LIMIT.defaultValue();
    }
    fLimitAnalyzer = fEntityManager.fLimitAnalyzer;
}
 
Example 10
Source Project: Bytecoder   Source File: XMLDocumentFragmentScannerImpl.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example 11
Source Project: jdk1.8-source-analysis   Source File: XMLLimitAnalyzer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example 12
Source Project: jdk1.8-source-analysis   Source File: XMLLimitAnalyzer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Resets the current value of the specified limit.
 * @param limit The limit to be reset.
 */
public void reset(Limit limit) {
    if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[limit.ordinal()] = 0;
    } else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
        names[limit.ordinal()] = null;
        values[limit.ordinal()] = 0;
        caches[limit.ordinal()] = null;
        totalValue[limit.ordinal()] = 0;
    }
}
 
Example 13
Source Project: jdk1.8-source-analysis   Source File: XMLEntityScanner.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}
 
Example 14
Source Project: jdk1.8-source-analysis   Source File: XMLEntityScanner.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * If the current entity is an Entity reference, check the accumulated size
 * against the limit.
 *
 * @param nt type of name (element, attribute or entity)
 * @param entity The current entity
 * @param offset The index of the first byte
 * @param length The length of the entity scanned
 */
protected void checkEntityLimit(NameType nt, ScannedEntity entity, int offset, int length) {
    if (entity == null || !entity.isGE) {
        return;
    }

    if (nt != NameType.REFERENCE) {
        checkLimit(Limit.GENERAL_ENTITY_SIZE_LIMIT, entity, offset, length);
    }
    if (nt == NameType.ELEMENTSTART || nt == NameType.ATTRIBUTENAME) {
        checkNodeCount(entity);
    }
}
 
Example 15
/**
 * Resets the current value of the specified limit.
 * @param limit The limit to be reset.
 */
public void reset(Limit limit) {
    if (limit.ordinal() == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[limit.ordinal()] = 0;
    } else if (limit.ordinal() == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal()) {
        names[limit.ordinal()] = null;
        values[limit.ordinal()] = 0;
        caches[limit.ordinal()] = null;
        totalValue[limit.ordinal()] = 0;
    }
}
 
Example 16
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example 17
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example 18
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}
 
Example 19
Source Project: Bytecoder   Source File: XMLEntityScanner.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}
 
Example 20
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example 21
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example 22
Source Project: jdk8u60   Source File: XMLLimitAnalyzer.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example 23
Source Project: jdk8u60   Source File: XMLLimitAnalyzer.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Add the value to the current count by the index of the property
 * @param index the index of the property
 * @param entityName the name of the entity
 * @param value the value of the entity
 */
public void addValue(int index, String entityName, int value) {
    if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
            index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
            index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
        totalValue[index] += value;
        return;
    }
    if (index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal()) {
        totalValue[index] = value;
        return;
    }

    Map<String, Integer> cache;
    if (caches[index] == null) {
        cache = new HashMap<String, Integer>(10);
        caches[index] = cache;
    } else {
        cache = caches[index];
    }

    int accumulatedValue = value;
    if (cache.containsKey(entityName)) {
        accumulatedValue += cache.get(entityName).intValue();
        cache.put(entityName, Integer.valueOf(accumulatedValue));
    } else {
        cache.put(entityName, Integer.valueOf(value));
    }

    if (accumulatedValue > values[index]) {
        values[index] = accumulatedValue;
        names[index] = entityName;
    }


    if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
            index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
    }
}
 
Example 24
Source Project: Bytecoder   Source File: XMLLimitAnalyzer.java    License: Apache License 2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example 25
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}
 
Example 26
Source Project: JDKSourceCode1.8   Source File: XMLLimitAnalyzer.java    License: MIT License 5 votes vote down vote up
/**
 * Default constructor. Establishes default values for known security
 * vulnerabilities.
 */
public XMLLimitAnalyzer() {
    values = new int[Limit.values().length];
    totalValue = new int[Limit.values().length];
    names = new String[Limit.values().length];
    caches = new Map[Limit.values().length];
}
 
Example 27
/**
 * Add the value to the current count by the index of the property
 * @param index the index of the property
 * @param entityName the name of the entity
 * @param value the value of the entity
 */
public void addValue(int index, String entityName, int value) {
    if (index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
            index == Limit.MAX_OCCUR_NODE_LIMIT.ordinal() ||
            index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal()) {
        totalValue[index] += value;
        return;
    }

    Map<String, Integer> cache;
    if (caches[index] == null) {
        cache = new HashMap<String, Integer>(10);
        caches[index] = cache;
    } else {
        cache = caches[index];
    }

    int accumulatedValue = value;
    if (cache.containsKey(entityName)) {
        accumulatedValue += cache.get(entityName).intValue();
        cache.put(entityName, Integer.valueOf(accumulatedValue));
    } else {
        cache.put(entityName, Integer.valueOf(value));
    }

    if (accumulatedValue > values[index]) {
        values[index] = accumulatedValue;
        names[index] = entityName;
    }


    if (index == Limit.GENERAL_ENTITY_SIZE_LIMIT.ordinal() ||
            index == Limit.PARAMETER_ENTITY_SIZE_LIMIT.ordinal()) {
        totalValue[Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal()] += value;
    }
}
 
Example 28
Source Project: JDKSourceCode1.8   Source File: XMLEntityScanner.java    License: MIT License 5 votes vote down vote up
/**
 * Checks whether the end of the entity buffer has been reached. If yes,
 * checks against the limit and buffer size before loading more characters.
 *
 * @param entity the current entity
 * @param offset the offset from which the current read was started
 * @param nameOffset the offset from which the current name starts
 * @return the length of characters scanned before the end of the buffer,
 * zero if there is more to be read in the buffer
 */
protected int checkBeforeLoad(Entity.ScannedEntity entity, int offset,
        int nameOffset) throws IOException {
    int length = 0;
    if (++entity.position == entity.count) {
        length = entity.position - offset;
        int nameLength = length;
        if (nameOffset != -1) {
            nameOffset = nameOffset - offset;
            nameLength = length - nameOffset;
        } else {
            nameOffset = offset;
        }
        //check limit before loading more data
        checkLimit(Limit.MAX_NAME_LIMIT, entity, nameOffset, nameLength);
        invokeListeners(length);
        if (length == entity.ch.length) {
            // bad luck we have to resize our buffer
            char[] tmp = new char[entity.fBufferSize * 2];
            System.arraycopy(entity.ch, offset, tmp, 0, length);
            entity.ch = tmp;
            entity.fBufferSize *= 2;
        }
        else {
            System.arraycopy(entity.ch, offset, entity.ch, 0, length);
        }
    }
    return length;
}
 
Example 29
Source Project: openjdk-8   Source File: XMLLimitAnalyzer.java    License: GNU General Public License v2.0 5 votes vote down vote up
/**
 * Stop tracking the entity
 * @param limit the limit property
 * @param name the name of an entity
 */
public void endEntity(Limit limit, String name) {
    entityStart = "";
    Map<String, Integer> cache = caches[limit.ordinal()];
    if (cache != null) {
        cache.remove(name);
    }
}
 
Example 30
/**
 * Check if the depth exceeds the maxElementDepth limit
 * @param elementName name of the current element
 */
void checkDepth(String elementName) {
    fLimitAnalyzer.addValue(Limit.MAX_ELEMENT_DEPTH_LIMIT, elementName, fElementStack.fDepth);
    if (fSecurityManager.isOverLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT,fLimitAnalyzer)) {
        fSecurityManager.debugPrint(fLimitAnalyzer);
        reportFatalError("MaxElementDepthLimit", new Object[]{elementName,
            fLimitAnalyzer.getTotalValue(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            fSecurityManager.getLimit(Limit.MAX_ELEMENT_DEPTH_LIMIT),
            "maxElementDepth"});
    }
}