001////////////////////////////////////////////////////////////////////////////////
002// checkstyle: Checks Java source code for adherence to a set of rules.
003// Copyright (C) 2001-2022 the original author or authors.
004//
005// This library is free software; you can redistribute it and/or
006// modify it under the terms of the GNU Lesser General Public
007// License as published by the Free Software Foundation; either
008// version 2.1 of the License, or (at your option) any later version.
009//
010// This library is distributed in the hope that it will be useful,
011// but WITHOUT ANY WARRANTY; without even the implied warranty of
012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
013// Lesser General Public License for more details.
014//
015// You should have received a copy of the GNU Lesser General Public
016// License along with this library; if not, write to the Free Software
017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
018////////////////////////////////////////////////////////////////////////////////
019
020package com.puppycrawl.tools.checkstyle;
021
022import java.io.IOException;
023import java.io.InputStream;
024import java.util.Map;
025
026import javax.xml.parsers.ParserConfigurationException;
027import javax.xml.parsers.SAXParserFactory;
028
029import org.xml.sax.InputSource;
030import org.xml.sax.SAXException;
031import org.xml.sax.SAXParseException;
032import org.xml.sax.XMLReader;
033import org.xml.sax.helpers.DefaultHandler;
034
035/**
036 * Contains the common implementation of a loader, for loading a configuration
037 * from an XML file.
038 * <p>
039 * The error handling policy can be described as being austere, dead set,
040 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard-
041 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive,
042 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous,
043 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced,
044 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight.
045 * </p>
046 *
047 * @noinspection ThisEscapedInObjectConstruction
048 */
049public class XmlLoader
050    extends DefaultHandler {
051
052    /** Maps public id to resolve to resource name for the DTD. */
053    private final Map<String, String> publicIdToResourceNameMap;
054    /** Parser to read XML files. **/
055    private final XMLReader parser;
056
057    /**
058     * Creates a new instance.
059     *
060     * @param publicIdToResourceNameMap maps public IDs to DTD resource names
061     * @throws SAXException if an error occurs
062     * @throws ParserConfigurationException if an error occurs
063     */
064    protected XmlLoader(Map<String, String> publicIdToResourceNameMap)
065            throws SAXException, ParserConfigurationException {
066        this.publicIdToResourceNameMap = Map.copyOf(publicIdToResourceNameMap);
067        parser = createXmlReader(this);
068    }
069
070    /**
071     * Parses the specified input source.
072     *
073     * @param inputSource the input source to parse.
074     * @throws IOException if an error occurs
075     * @throws SAXException in an error occurs
076     */
077    public void parseInputSource(InputSource inputSource)
078            throws IOException, SAXException {
079        parser.parse(inputSource);
080    }
081
082    @Override
083    public InputSource resolveEntity(String publicId, String systemId)
084            throws SAXException, IOException {
085        final String dtdResourceName;
086        if (publicId == null) {
087            dtdResourceName = null;
088        }
089        else {
090            dtdResourceName = publicIdToResourceNameMap.get(publicId);
091        }
092        final InputSource inputSource;
093        if (dtdResourceName == null) {
094            inputSource = super.resolveEntity(publicId, systemId);
095        }
096        else {
097            final ClassLoader loader =
098                    getClass().getClassLoader();
099            final InputStream dtdIs =
100                    loader.getResourceAsStream(dtdResourceName);
101
102            inputSource = new InputSource(dtdIs);
103        }
104        return inputSource;
105    }
106
107    @Override
108    public void error(SAXParseException exception) throws SAXException {
109        throw exception;
110    }
111
112    /**
113     * Helper method to create {@code XMLReader}.
114     *
115     * @param handler the content handler
116     * @return new XMLReader instance
117     * @throws ParserConfigurationException if a parser cannot be created
118     * @throws SAXException for SAX errors
119     */
120    private static XMLReader createXmlReader(DefaultHandler handler)
121            throws SAXException, ParserConfigurationException {
122        final SAXParserFactory factory = SAXParserFactory.newInstance();
123        LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory);
124        factory.setValidating(true);
125        final XMLReader xmlReader = factory.newSAXParser().getXMLReader();
126        xmlReader.setContentHandler(handler);
127        xmlReader.setEntityResolver(handler);
128        xmlReader.setErrorHandler(handler);
129        return xmlReader;
130    }
131
132    /**
133     * Used for setting specific for secure java installations features to SAXParserFactory.
134     * Pulled out as a separate class in order to suppress Pitest mutations.
135     */
136    public static final class LoadExternalDtdFeatureProvider {
137
138        /** System property name to enable external DTD load. */
139        public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad";
140
141        /** Feature that enables loading external DTD when loading XML files. */
142        public static final String LOAD_EXTERNAL_DTD =
143                "http://apache.org/xml/features/nonvalidating/load-external-dtd";
144        /** Feature that enables including external general entities in XML files. */
145        public static final String EXTERNAL_GENERAL_ENTITIES =
146                "http://xml.org/sax/features/external-general-entities";
147        /** Feature that enables including external parameter entities in XML files. */
148        public static final String EXTERNAL_PARAMETER_ENTITIES =
149                "http://xml.org/sax/features/external-parameter-entities";
150
151        /** Stop instances being created. **/
152        private LoadExternalDtdFeatureProvider() {
153        }
154
155        /**
156         * Configures SAXParserFactory with features required
157         * to use external DTD file loading, this is not activated by default to no allow
158         * usage of schema files that checkstyle do not know
159         * it is even security problem to allow files from outside.
160         *
161         * @param factory factory to be configured with special features
162         * @throws SAXException if an error occurs
163         * @throws ParserConfigurationException if an error occurs
164         */
165        public static void setFeaturesBySystemProperty(SAXParserFactory factory)
166                throws SAXException, ParserConfigurationException {
167
168            final boolean enableExternalDtdLoad = Boolean.parseBoolean(
169                System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false"));
170
171            factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad);
172            factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad);
173            factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad);
174        }
175
176    }
177
178}