001//////////////////////////////////////////////////////////////////////////////// 002// checkstyle: Checks Java source code for adherence to a set of rules. 003// Copyright (C) 2001-2022 the original author or authors. 004// 005// This library is free software; you can redistribute it and/or 006// modify it under the terms of the GNU Lesser General Public 007// License as published by the Free Software Foundation; either 008// version 2.1 of the License, or (at your option) any later version. 009// 010// This library is distributed in the hope that it will be useful, 011// but WITHOUT ANY WARRANTY; without even the implied warranty of 012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 013// Lesser General Public License for more details. 014// 015// You should have received a copy of the GNU Lesser General Public 016// License along with this library; if not, write to the Free Software 017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 018//////////////////////////////////////////////////////////////////////////////// 019 020package com.puppycrawl.tools.checkstyle; 021 022import java.io.IOException; 023import java.io.InputStream; 024import java.util.Map; 025 026import javax.xml.parsers.ParserConfigurationException; 027import javax.xml.parsers.SAXParserFactory; 028 029import org.xml.sax.InputSource; 030import org.xml.sax.SAXException; 031import org.xml.sax.SAXParseException; 032import org.xml.sax.XMLReader; 033import org.xml.sax.helpers.DefaultHandler; 034 035/** 036 * Contains the common implementation of a loader, for loading a configuration 037 * from an XML file. 038 * <p> 039 * The error handling policy can be described as being austere, dead set, 040 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard- 041 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive, 042 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous, 043 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced, 044 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight. 045 * </p> 046 * 047 * @noinspection ThisEscapedInObjectConstruction 048 */ 049public class XmlLoader 050 extends DefaultHandler { 051 052 /** Maps public id to resolve to resource name for the DTD. */ 053 private final Map<String, String> publicIdToResourceNameMap; 054 /** Parser to read XML files. **/ 055 private final XMLReader parser; 056 057 /** 058 * Creates a new instance. 059 * 060 * @param publicIdToResourceNameMap maps public IDs to DTD resource names 061 * @throws SAXException if an error occurs 062 * @throws ParserConfigurationException if an error occurs 063 */ 064 protected XmlLoader(Map<String, String> publicIdToResourceNameMap) 065 throws SAXException, ParserConfigurationException { 066 this.publicIdToResourceNameMap = Map.copyOf(publicIdToResourceNameMap); 067 parser = createXmlReader(this); 068 } 069 070 /** 071 * Parses the specified input source. 072 * 073 * @param inputSource the input source to parse. 074 * @throws IOException if an error occurs 075 * @throws SAXException in an error occurs 076 */ 077 public void parseInputSource(InputSource inputSource) 078 throws IOException, SAXException { 079 parser.parse(inputSource); 080 } 081 082 @Override 083 public InputSource resolveEntity(String publicId, String systemId) 084 throws SAXException, IOException { 085 final String dtdResourceName; 086 if (publicId == null) { 087 dtdResourceName = null; 088 } 089 else { 090 dtdResourceName = publicIdToResourceNameMap.get(publicId); 091 } 092 final InputSource inputSource; 093 if (dtdResourceName == null) { 094 inputSource = super.resolveEntity(publicId, systemId); 095 } 096 else { 097 final ClassLoader loader = 098 getClass().getClassLoader(); 099 final InputStream dtdIs = 100 loader.getResourceAsStream(dtdResourceName); 101 102 inputSource = new InputSource(dtdIs); 103 } 104 return inputSource; 105 } 106 107 @Override 108 public void error(SAXParseException exception) throws SAXException { 109 throw exception; 110 } 111 112 /** 113 * Helper method to create {@code XMLReader}. 114 * 115 * @param handler the content handler 116 * @return new XMLReader instance 117 * @throws ParserConfigurationException if a parser cannot be created 118 * @throws SAXException for SAX errors 119 */ 120 private static XMLReader createXmlReader(DefaultHandler handler) 121 throws SAXException, ParserConfigurationException { 122 final SAXParserFactory factory = SAXParserFactory.newInstance(); 123 LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory); 124 factory.setValidating(true); 125 final XMLReader xmlReader = factory.newSAXParser().getXMLReader(); 126 xmlReader.setContentHandler(handler); 127 xmlReader.setEntityResolver(handler); 128 xmlReader.setErrorHandler(handler); 129 return xmlReader; 130 } 131 132 /** 133 * Used for setting specific for secure java installations features to SAXParserFactory. 134 * Pulled out as a separate class in order to suppress Pitest mutations. 135 */ 136 public static final class LoadExternalDtdFeatureProvider { 137 138 /** System property name to enable external DTD load. */ 139 public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad"; 140 141 /** Feature that enables loading external DTD when loading XML files. */ 142 public static final String LOAD_EXTERNAL_DTD = 143 "http://apache.org/xml/features/nonvalidating/load-external-dtd"; 144 /** Feature that enables including external general entities in XML files. */ 145 public static final String EXTERNAL_GENERAL_ENTITIES = 146 "http://xml.org/sax/features/external-general-entities"; 147 /** Feature that enables including external parameter entities in XML files. */ 148 public static final String EXTERNAL_PARAMETER_ENTITIES = 149 "http://xml.org/sax/features/external-parameter-entities"; 150 151 /** Stop instances being created. **/ 152 private LoadExternalDtdFeatureProvider() { 153 } 154 155 /** 156 * Configures SAXParserFactory with features required 157 * to use external DTD file loading, this is not activated by default to no allow 158 * usage of schema files that checkstyle do not know 159 * it is even security problem to allow files from outside. 160 * 161 * @param factory factory to be configured with special features 162 * @throws SAXException if an error occurs 163 * @throws ParserConfigurationException if an error occurs 164 */ 165 public static void setFeaturesBySystemProperty(SAXParserFactory factory) 166 throws SAXException, ParserConfigurationException { 167 168 final boolean enableExternalDtdLoad = Boolean.parseBoolean( 169 System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false")); 170 171 factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad); 172 factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad); 173 factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad); 174 } 175 176 } 177 178}