001/////////////////////////////////////////////////////////////////////////////////////////////// 002// checkstyle: Checks Java source code and other text files for adherence to a set of rules. 003// Copyright (C) 2001-2024 the original author or authors. 004// 005// This library is free software; you can redistribute it and/or 006// modify it under the terms of the GNU Lesser General Public 007// License as published by the Free Software Foundation; either 008// version 2.1 of the License, or (at your option) any later version. 009// 010// This library is distributed in the hope that it will be useful, 011// but WITHOUT ANY WARRANTY; without even the implied warranty of 012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 013// Lesser General Public License for more details. 014// 015// You should have received a copy of the GNU Lesser General Public 016// License along with this library; if not, write to the Free Software 017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 018/////////////////////////////////////////////////////////////////////////////////////////////// 019 020package com.puppycrawl.tools.checkstyle; 021 022import java.io.IOException; 023import java.io.InputStream; 024import java.util.Map; 025 026import javax.xml.parsers.ParserConfigurationException; 027import javax.xml.parsers.SAXParserFactory; 028 029import org.xml.sax.InputSource; 030import org.xml.sax.SAXException; 031import org.xml.sax.SAXParseException; 032import org.xml.sax.XMLReader; 033import org.xml.sax.helpers.DefaultHandler; 034 035import com.puppycrawl.tools.checkstyle.utils.UnmodifiableCollectionUtil; 036 037/** 038 * Contains the common implementation of a loader, for loading a configuration 039 * from an XML file. 040 * <p> 041 * The error handling policy can be described as being austere, dead set, 042 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard- 043 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive, 044 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous, 045 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced, 046 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight. 047 * </p> 048 * 049 * @noinspection ThisEscapedInObjectConstruction 050 * @noinspectionreason ThisEscapedInObjectConstruction - only reference is used and not 051 * accessed until initialized 052 */ 053public class XmlLoader 054 extends DefaultHandler { 055 056 /** Maps public id to resolve to resource name for the DTD. */ 057 private final Map<String, String> publicIdToResourceNameMap; 058 /** Parser to read XML files. **/ 059 private final XMLReader parser; 060 061 /** 062 * Creates a new instance. 063 * 064 * @param publicIdToResourceNameMap maps public IDs to DTD resource names 065 * @throws SAXException if an error occurs 066 * @throws ParserConfigurationException if an error occurs 067 */ 068 protected XmlLoader(Map<String, String> publicIdToResourceNameMap) 069 throws SAXException, ParserConfigurationException { 070 this.publicIdToResourceNameMap = 071 UnmodifiableCollectionUtil.copyOfMap(publicIdToResourceNameMap); 072 parser = createXmlReader(this); 073 } 074 075 /** 076 * Parses the specified input source. 077 * 078 * @param inputSource the input source to parse. 079 * @throws IOException if an error occurs 080 * @throws SAXException in an error occurs 081 */ 082 public void parseInputSource(InputSource inputSource) 083 throws IOException, SAXException { 084 parser.parse(inputSource); 085 } 086 087 @Override 088 public InputSource resolveEntity(String publicId, String systemId) { 089 InputSource inputSource = null; 090 if (publicId != null) { 091 final String dtdResourceName = publicIdToResourceNameMap.get(publicId); 092 093 if (dtdResourceName != null) { 094 final ClassLoader loader = getClass().getClassLoader(); 095 final InputStream dtdIs = loader.getResourceAsStream(dtdResourceName); 096 inputSource = new InputSource(dtdIs); 097 } 098 } 099 return inputSource; 100 } 101 102 @Override 103 public void error(SAXParseException exception) throws SAXException { 104 throw exception; 105 } 106 107 /** 108 * Helper method to create {@code XMLReader}. 109 * 110 * @param handler the content handler 111 * @return new XMLReader instance 112 * @throws ParserConfigurationException if a parser cannot be created 113 * @throws SAXException for SAX errors 114 */ 115 private static XMLReader createXmlReader(DefaultHandler handler) 116 throws SAXException, ParserConfigurationException { 117 final SAXParserFactory factory = SAXParserFactory.newInstance(); 118 LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory); 119 factory.setValidating(true); 120 final XMLReader xmlReader = factory.newSAXParser().getXMLReader(); 121 xmlReader.setContentHandler(handler); 122 xmlReader.setEntityResolver(handler); 123 xmlReader.setErrorHandler(handler); 124 return xmlReader; 125 } 126 127 /** 128 * Used for setting specific for secure java installations features to SAXParserFactory. 129 * Pulled out as a separate class in order to suppress Pitest mutations. 130 */ 131 public static final class LoadExternalDtdFeatureProvider { 132 133 /** System property name to enable external DTD load. */ 134 public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad"; 135 136 /** Feature that enables loading external DTD when loading XML files. */ 137 public static final String LOAD_EXTERNAL_DTD = 138 "http://apache.org/xml/features/nonvalidating/load-external-dtd"; 139 /** Feature that enables including external general entities in XML files. */ 140 public static final String EXTERNAL_GENERAL_ENTITIES = 141 "http://xml.org/sax/features/external-general-entities"; 142 /** Feature that enables including external parameter entities in XML files. */ 143 public static final String EXTERNAL_PARAMETER_ENTITIES = 144 "http://xml.org/sax/features/external-parameter-entities"; 145 146 /** Stop instances being created. **/ 147 private LoadExternalDtdFeatureProvider() { 148 } 149 150 /** 151 * Configures SAXParserFactory with features required 152 * to use external DTD file loading, this is not activated by default to no allow 153 * usage of schema files that checkstyle do not know 154 * it is even security problem to allow files from outside. 155 * 156 * @param factory factory to be configured with special features 157 * @throws SAXException if an error occurs 158 * @throws ParserConfigurationException if an error occurs 159 */ 160 public static void setFeaturesBySystemProperty(SAXParserFactory factory) 161 throws SAXException, ParserConfigurationException { 162 163 final boolean enableExternalDtdLoad = Boolean.parseBoolean( 164 System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false")); 165 166 factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad); 167 factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad); 168 factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad); 169 } 170 171 } 172 173}