View Javadoc
1   ////////////////////////////////////////////////////////////////////////////////
2   // checkstyle: Checks Java source code for adherence to a set of rules.
3   // Copyright (C) 2001-2017 the original author or authors.
4   //
5   // This library is free software; you can redistribute it and/or
6   // modify it under the terms of the GNU Lesser General Public
7   // License as published by the Free Software Foundation; either
8   // version 2.1 of the License, or (at your option) any later version.
9   //
10  // This library is distributed in the hope that it will be useful,
11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  // Lesser General Public License for more details.
14  //
15  // You should have received a copy of the GNU Lesser General Public
16  // License along with this library; if not, write to the Free Software
17  // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18  ////////////////////////////////////////////////////////////////////////////////
19  
20  package com.puppycrawl.tools.checkstyle;
21  
22  import java.io.IOException;
23  import java.io.InputStream;
24  import java.util.HashMap;
25  import java.util.Map;
26  
27  import javax.xml.parsers.ParserConfigurationException;
28  import javax.xml.parsers.SAXParserFactory;
29  
30  import org.xml.sax.InputSource;
31  import org.xml.sax.SAXException;
32  import org.xml.sax.SAXParseException;
33  import org.xml.sax.XMLReader;
34  import org.xml.sax.helpers.DefaultHandler;
35  
36  /**
37   * Contains the common implementation of a loader, for loading a configuration
38   * from an XML file.
39   * <p>
40   * The error handling policy can be described as being austere, dead set,
41   * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard-
42   * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive,
43   * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous,
44   * scrupulous, set, severe, square, stern, stickler, straight, strait-laced,
45   * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight.
46   * </p>
47   *
48   * @author Oliver Burn
49   * @noinspection ThisEscapedInObjectConstruction
50   */
51  public class XmlLoader
52      extends DefaultHandler {
53      /** Maps public id to resolve to resource name for the DTD. */
54      private final Map<String, String> publicIdToResourceNameMap;
55      /** Parser to read XML files. **/
56      private final XMLReader parser;
57  
58      /**
59       * Creates a new instance.
60       * @param publicId the public ID for the DTD to resolve
61       * @param dtdResourceName the resource for the DTD
62       * @throws SAXException if an error occurs
63       * @throws ParserConfigurationException if an error occurs
64       */
65      protected XmlLoader(String publicId, String dtdResourceName)
66              throws SAXException, ParserConfigurationException {
67          this(new HashMap<>(1));
68          publicIdToResourceNameMap.put(publicId, dtdResourceName);
69      }
70  
71      /**
72       * Creates a new instance.
73       * @param publicIdToResourceNameMap maps public IDs to DTD resource names
74       * @throws SAXException if an error occurs
75       * @throws ParserConfigurationException if an error occurs
76       */
77      protected XmlLoader(Map<String, String> publicIdToResourceNameMap)
78              throws SAXException, ParserConfigurationException {
79          this.publicIdToResourceNameMap = new HashMap<>(publicIdToResourceNameMap);
80          final SAXParserFactory factory = SAXParserFactory.newInstance();
81          FeaturesForVerySecureJavaInstallations.addFeaturesForVerySecureJavaInstallations(factory);
82          factory.setValidating(true);
83          factory.setNamespaceAware(true);
84          parser = factory.newSAXParser().getXMLReader();
85          parser.setContentHandler(this);
86          parser.setEntityResolver(this);
87          parser.setErrorHandler(this);
88      }
89  
90      /**
91       * Parses the specified input source.
92       * @param inputSource the input source to parse.
93       * @throws IOException if an error occurs
94       * @throws SAXException in an error occurs
95       */
96      public void parseInputSource(InputSource inputSource)
97              throws IOException, SAXException {
98          parser.parse(inputSource);
99      }
100 
101     @Override
102     public InputSource resolveEntity(String publicId, String systemId)
103             throws SAXException, IOException {
104         final InputSource inputSource;
105         if (publicIdToResourceNameMap.keySet().contains(publicId)) {
106             final String dtdResourceName =
107                     publicIdToResourceNameMap.get(publicId);
108             final ClassLoader loader =
109                 getClass().getClassLoader();
110             final InputStream dtdIs =
111                 loader.getResourceAsStream(dtdResourceName);
112 
113             inputSource = new InputSource(dtdIs);
114         }
115         else {
116             inputSource = super.resolveEntity(publicId, systemId);
117         }
118         return inputSource;
119     }
120 
121     @Override
122     public void error(SAXParseException exception) throws SAXException {
123         throw exception;
124     }
125 
126     @Override
127     public void fatalError(SAXParseException exception) throws SAXException {
128         throw exception;
129     }
130 
131     /**
132      * Used for setting specific for secure java installations features to SAXParserFactory.
133      * Pulled out as a separate class in order to suppress Pitest mutations.
134      */
135     public static final class FeaturesForVerySecureJavaInstallations {
136         /** Feature that enables loading external DTD when loading XML files. */
137         private static final String LOAD_EXTERNAL_DTD =
138                 "http://apache.org/xml/features/nonvalidating/load-external-dtd";
139         /** Feature that enables including external general entities in XML files. */
140         private static final String EXTERNAL_GENERAL_ENTITIES =
141                 "http://xml.org/sax/features/external-general-entities";
142 
143         /** Stop instances being created. **/
144         private FeaturesForVerySecureJavaInstallations() {
145         }
146 
147         /**
148          * Configures SAXParserFactory with features required
149          * for execution on very secured environments.
150          * @param factory factory to be configured with special features
151          * @throws SAXException if an error occurs
152          * @throws ParserConfigurationException if an error occurs
153          */
154         public static void addFeaturesForVerySecureJavaInstallations(SAXParserFactory factory)
155                 throws SAXException, ParserConfigurationException {
156             factory.setFeature(LOAD_EXTERNAL_DTD, true);
157             factory.setFeature(EXTERNAL_GENERAL_ENTITIES, true);
158         }
159     }
160 }