View Javadoc
1   ///////////////////////////////////////////////////////////////////////////////////////////////
2   // checkstyle: Checks Java source code and other text files for adherence to a set of rules.
3   // Copyright (C) 2001-2026 the original author or authors.
4   //
5   // This library is free software; you can redistribute it and/or
6   // modify it under the terms of the GNU Lesser General Public
7   // License as published by the Free Software Foundation; either
8   // version 2.1 of the License, or (at your option) any later version.
9   //
10  // This library is distributed in the hope that it will be useful,
11  // but WITHOUT ANY WARRANTY; without even the implied warranty of
12  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13  // Lesser General Public License for more details.
14  //
15  // You should have received a copy of the GNU Lesser General Public
16  // License along with this library; if not, write to the Free Software
17  // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18  ///////////////////////////////////////////////////////////////////////////////////////////////
19  
20  package com.puppycrawl.tools.checkstyle;
21  
22  import java.io.IOException;
23  import java.io.InputStream;
24  import java.util.Map;
25  
26  import javax.xml.parsers.ParserConfigurationException;
27  import javax.xml.parsers.SAXParserFactory;
28  
29  import org.xml.sax.InputSource;
30  import org.xml.sax.SAXException;
31  import org.xml.sax.SAXParseException;
32  import org.xml.sax.XMLReader;
33  import org.xml.sax.helpers.DefaultHandler;
34  
35  /**
36   * Contains the common implementation of a loader, for loading a configuration
37   * from an XML file.
38   *
39   * <p>
40   * The error handling policy can be described as being austere, dead set,
41   * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard-
42   * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive,
43   * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous,
44   * scrupulous, set, severe, square, stern, stickler, straight, strait-laced,
45   * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight.
46   * </p>
47   *
48   * @noinspection ThisEscapedInObjectConstruction
49   * @noinspectionreason ThisEscapedInObjectConstruction - only reference is used and not
50   *      accessed until initialized
51   */
52  public class XmlLoader
53      extends DefaultHandler {
54  
55      /** Maps public id to resolve to resource name for the DTD. */
56      private final Map<String, String> publicIdToResourceNameMap;
57      /** Parser to read XML files. **/
58      private final XMLReader parser;
59  
60      /**
61       * Creates a new instance.
62       *
63       * @param publicIdToResourceNameMap maps public IDs to DTD resource names
64       * @throws SAXException if an error occurs
65       * @throws ParserConfigurationException if an error occurs
66       */
67      protected XmlLoader(Map<String, String> publicIdToResourceNameMap)
68              throws SAXException, ParserConfigurationException {
69          this.publicIdToResourceNameMap = Map.copyOf(publicIdToResourceNameMap);
70          parser = createXmlReader(this);
71      }
72  
73      /**
74       * Parses the specified input source.
75       *
76       * @param inputSource the input source to parse.
77       * @throws IOException if an error occurs
78       * @throws SAXException in an error occurs
79       */
80      public void parseInputSource(InputSource inputSource)
81              throws IOException, SAXException {
82          parser.parse(inputSource);
83      }
84  
85      @Override
86      public InputSource resolveEntity(String publicId, String systemId) {
87          InputSource inputSource = null;
88          if (publicId != null) {
89              final String dtdResourceName = publicIdToResourceNameMap.get(publicId);
90  
91              if (dtdResourceName != null) {
92                  final ClassLoader loader = getClass().getClassLoader();
93                  final InputStream dtdIs = loader.getResourceAsStream(dtdResourceName);
94                  inputSource = new InputSource(dtdIs);
95              }
96          }
97          return inputSource;
98      }
99  
100     @Override
101     public void error(SAXParseException exception) throws SAXException {
102         throw exception;
103     }
104 
105     /**
106      * Helper method to create {@code XMLReader}.
107      *
108      * @param handler the content handler
109      * @return new XMLReader instance
110      * @throws ParserConfigurationException if a parser cannot be created
111      * @throws SAXException for SAX errors
112      */
113     private static XMLReader createXmlReader(DefaultHandler handler)
114             throws SAXException, ParserConfigurationException {
115         final SAXParserFactory factory = SAXParserFactory.newInstance();
116         LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory);
117         factory.setValidating(true);
118         final XMLReader xmlReader = factory.newSAXParser().getXMLReader();
119         xmlReader.setContentHandler(handler);
120         xmlReader.setEntityResolver(handler);
121         xmlReader.setErrorHandler(handler);
122         return xmlReader;
123     }
124 
125     /**
126      * Used for setting specific for secure java installations features to SAXParserFactory.
127      * Pulled out as a separate class in order to suppress Pitest mutations.
128      */
129     public static final class LoadExternalDtdFeatureProvider {
130 
131         /** System property name to enable external DTD load. */
132         public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad";
133 
134         /** Feature that enables loading external DTD when loading XML files. */
135         public static final String LOAD_EXTERNAL_DTD =
136                 "http://apache.org/xml/features/nonvalidating/load-external-dtd";
137         /** Feature that enables including external general entities in XML files. */
138         public static final String EXTERNAL_GENERAL_ENTITIES =
139                 "http://xml.org/sax/features/external-general-entities";
140         /** Feature that enables including external parameter entities in XML files. */
141         public static final String EXTERNAL_PARAMETER_ENTITIES =
142                 "http://xml.org/sax/features/external-parameter-entities";
143 
144         /** Stop instances being created. **/
145         private LoadExternalDtdFeatureProvider() {
146         }
147 
148         /**
149          * Configures SAXParserFactory with features required
150          * to use external DTD file loading, this is not activated by default to no allow
151          * usage of schema files that checkstyle do not know
152          * it is even security problem to allow files from outside.
153          *
154          * @param factory factory to be configured with special features
155          * @throws SAXException if an error occurs
156          * @throws ParserConfigurationException if an error occurs
157          */
158         public static void setFeaturesBySystemProperty(SAXParserFactory factory)
159                 throws SAXException, ParserConfigurationException {
160 
161             final boolean enableExternalDtdLoad = Boolean.parseBoolean(
162                 System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false"));
163 
164             factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad);
165             factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad);
166             factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad);
167         }
168 
169     }
170 
171 }