001///////////////////////////////////////////////////////////////////////////////////////////////
002// checkstyle: Checks Java source code and other text files for adherence to a set of rules.
003// Copyright (C) 2001-2024 the original author or authors.
004//
005// This library is free software; you can redistribute it and/or
006// modify it under the terms of the GNU Lesser General Public
007// License as published by the Free Software Foundation; either
008// version 2.1 of the License, or (at your option) any later version.
009//
010// This library is distributed in the hope that it will be useful,
011// but WITHOUT ANY WARRANTY; without even the implied warranty of
012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
013// Lesser General Public License for more details.
014//
015// You should have received a copy of the GNU Lesser General Public
016// License along with this library; if not, write to the Free Software
017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
018///////////////////////////////////////////////////////////////////////////////////////////////
019
020package com.puppycrawl.tools.checkstyle;
021
022import java.io.IOException;
023import java.io.InputStream;
024import java.util.Map;
025
026import javax.xml.parsers.ParserConfigurationException;
027import javax.xml.parsers.SAXParserFactory;
028
029import org.xml.sax.InputSource;
030import org.xml.sax.SAXException;
031import org.xml.sax.SAXParseException;
032import org.xml.sax.XMLReader;
033import org.xml.sax.helpers.DefaultHandler;
034
035import com.puppycrawl.tools.checkstyle.utils.UnmodifiableCollectionUtil;
036
037/**
038 * Contains the common implementation of a loader, for loading a configuration
039 * from an XML file.
040 * <p>
041 * The error handling policy can be described as being austere, dead set,
042 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard-
043 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive,
044 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous,
045 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced,
046 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight.
047 * </p>
048 *
049 * @noinspection ThisEscapedInObjectConstruction
050 * @noinspectionreason ThisEscapedInObjectConstruction - only reference is used and not
051 *      accessed until initialized
052 */
053public class XmlLoader
054    extends DefaultHandler {
055
056    /** Maps public id to resolve to resource name for the DTD. */
057    private final Map<String, String> publicIdToResourceNameMap;
058    /** Parser to read XML files. **/
059    private final XMLReader parser;
060
061    /**
062     * Creates a new instance.
063     *
064     * @param publicIdToResourceNameMap maps public IDs to DTD resource names
065     * @throws SAXException if an error occurs
066     * @throws ParserConfigurationException if an error occurs
067     */
068    protected XmlLoader(Map<String, String> publicIdToResourceNameMap)
069            throws SAXException, ParserConfigurationException {
070        this.publicIdToResourceNameMap =
071                UnmodifiableCollectionUtil.copyOfMap(publicIdToResourceNameMap);
072        parser = createXmlReader(this);
073    }
074
075    /**
076     * Parses the specified input source.
077     *
078     * @param inputSource the input source to parse.
079     * @throws IOException if an error occurs
080     * @throws SAXException in an error occurs
081     */
082    public void parseInputSource(InputSource inputSource)
083            throws IOException, SAXException {
084        parser.parse(inputSource);
085    }
086
087    @Override
088    public InputSource resolveEntity(String publicId, String systemId) {
089        InputSource inputSource = null;
090        if (publicId != null) {
091            final String dtdResourceName = publicIdToResourceNameMap.get(publicId);
092
093            if (dtdResourceName != null) {
094                final ClassLoader loader = getClass().getClassLoader();
095                final InputStream dtdIs = loader.getResourceAsStream(dtdResourceName);
096                inputSource = new InputSource(dtdIs);
097            }
098        }
099        return inputSource;
100    }
101
102    @Override
103    public void error(SAXParseException exception) throws SAXException {
104        throw exception;
105    }
106
107    /**
108     * Helper method to create {@code XMLReader}.
109     *
110     * @param handler the content handler
111     * @return new XMLReader instance
112     * @throws ParserConfigurationException if a parser cannot be created
113     * @throws SAXException for SAX errors
114     */
115    private static XMLReader createXmlReader(DefaultHandler handler)
116            throws SAXException, ParserConfigurationException {
117        final SAXParserFactory factory = SAXParserFactory.newInstance();
118        LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory);
119        factory.setValidating(true);
120        final XMLReader xmlReader = factory.newSAXParser().getXMLReader();
121        xmlReader.setContentHandler(handler);
122        xmlReader.setEntityResolver(handler);
123        xmlReader.setErrorHandler(handler);
124        return xmlReader;
125    }
126
127    /**
128     * Used for setting specific for secure java installations features to SAXParserFactory.
129     * Pulled out as a separate class in order to suppress Pitest mutations.
130     */
131    public static final class LoadExternalDtdFeatureProvider {
132
133        /** System property name to enable external DTD load. */
134        public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad";
135
136        /** Feature that enables loading external DTD when loading XML files. */
137        public static final String LOAD_EXTERNAL_DTD =
138                "http://apache.org/xml/features/nonvalidating/load-external-dtd";
139        /** Feature that enables including external general entities in XML files. */
140        public static final String EXTERNAL_GENERAL_ENTITIES =
141                "http://xml.org/sax/features/external-general-entities";
142        /** Feature that enables including external parameter entities in XML files. */
143        public static final String EXTERNAL_PARAMETER_ENTITIES =
144                "http://xml.org/sax/features/external-parameter-entities";
145
146        /** Stop instances being created. **/
147        private LoadExternalDtdFeatureProvider() {
148        }
149
150        /**
151         * Configures SAXParserFactory with features required
152         * to use external DTD file loading, this is not activated by default to no allow
153         * usage of schema files that checkstyle do not know
154         * it is even security problem to allow files from outside.
155         *
156         * @param factory factory to be configured with special features
157         * @throws SAXException if an error occurs
158         * @throws ParserConfigurationException if an error occurs
159         */
160        public static void setFeaturesBySystemProperty(SAXParserFactory factory)
161                throws SAXException, ParserConfigurationException {
162
163            final boolean enableExternalDtdLoad = Boolean.parseBoolean(
164                System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false"));
165
166            factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad);
167            factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad);
168            factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad);
169        }
170
171    }
172
173}