Source code

001////////////////////////////////////////////////////////////////////////////////
002// checkstyle: Checks Java source code for adherence to a set of rules.
003// Copyright (C) 2001-2018 the original author or authors.
004//
005// This library is free software; you can redistribute it and/or
006// modify it under the terms of the GNU Lesser General Public
007// License as published by the Free Software Foundation; either
008// version 2.1 of the License, or (at your option) any later version.
009//
010// This library is distributed in the hope that it will be useful,
011// but WITHOUT ANY WARRANTY; without even the implied warranty of
012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
013// Lesser General Public License for more details.
014//
015// You should have received a copy of the GNU Lesser General Public
016// License along with this library; if not, write to the Free Software
017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
018////////////////////////////////////////////////////////////////////////////////
019
020package com.puppycrawl.tools.checkstyle;
021
022import java.io.IOException;
023import java.io.InputStream;
024import java.util.HashMap;
025import java.util.Map;
026
027import javax.xml.parsers.ParserConfigurationException;
028import javax.xml.parsers.SAXParserFactory;
029
030import org.xml.sax.InputSource;
031import org.xml.sax.SAXException;
032import org.xml.sax.SAXParseException;
033import org.xml.sax.XMLReader;
034import org.xml.sax.helpers.DefaultHandler;
035
036/**
037 * Contains the common implementation of a loader, for loading a configuration
038 * from an XML file.
039 * <p>
040 * The error handling policy can be described as being austere, dead set,
041 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard-
042 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive,
043 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous,
044 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced,
045 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight.
046 * </p>
047 *
048 * @author Oliver Burn
049 * @noinspection ThisEscapedInObjectConstruction
050 */
051public class XmlLoader
052    extends DefaultHandler {
053
054    /** Maps public id to resolve to resource name for the DTD. */
055    private final Map<String, String> publicIdToResourceNameMap;
056    /** Parser to read XML files. **/
057    private final XMLReader parser;
058
059    /**
060     * Creates a new instance.
061     * @param publicId the public ID for the DTD to resolve
062     * @param dtdResourceName the resource for the DTD
063     * @throws SAXException if an error occurs
064     * @throws ParserConfigurationException if an error occurs
065     */
066    protected XmlLoader(String publicId, String dtdResourceName)
067            throws SAXException, ParserConfigurationException {
068        this(new HashMap<>(1));
069        publicIdToResourceNameMap.put(publicId, dtdResourceName);
070    }
071
072    /**
073     * Creates a new instance.
074     * @param publicIdToResourceNameMap maps public IDs to DTD resource names
075     * @throws SAXException if an error occurs
076     * @throws ParserConfigurationException if an error occurs
077     */
078    protected XmlLoader(Map<String, String> publicIdToResourceNameMap)
079            throws SAXException, ParserConfigurationException {
080        this.publicIdToResourceNameMap = new HashMap<>(publicIdToResourceNameMap);
081        final SAXParserFactory factory = SAXParserFactory.newInstance();
082        FeaturesForVerySecureJavaInstallations.addFeaturesForVerySecureJavaInstallations(factory);
083        factory.setValidating(true);
084        factory.setNamespaceAware(true);
085        parser = factory.newSAXParser().getXMLReader();
086        parser.setContentHandler(this);
087        parser.setEntityResolver(this);
088        parser.setErrorHandler(this);
089    }
090
091    /**
092     * Parses the specified input source.
093     * @param inputSource the input source to parse.
094     * @throws IOException if an error occurs
095     * @throws SAXException in an error occurs
096     */
097    public void parseInputSource(InputSource inputSource)
098            throws IOException, SAXException {
099        parser.parse(inputSource);
100    }
101
102    @Override
103    public InputSource resolveEntity(String publicId, String systemId)
104            throws SAXException, IOException {
105        final InputSource inputSource;
106        if (publicIdToResourceNameMap.keySet().contains(publicId)) {
107            final String dtdResourceName =
108                    publicIdToResourceNameMap.get(publicId);
109            final ClassLoader loader =
110                getClass().getClassLoader();
111            final InputStream dtdIs =
112                loader.getResourceAsStream(dtdResourceName);
113
114            inputSource = new InputSource(dtdIs);
115        }
116        else {
117            inputSource = super.resolveEntity(publicId, systemId);
118        }
119        return inputSource;
120    }
121
122    @Override
123    public void error(SAXParseException exception) throws SAXException {
124        throw exception;
125    }
126
127    @Override
128    public void fatalError(SAXParseException exception) throws SAXException {
129        throw exception;
130    }
131
132    /**
133     * Used for setting specific for secure java installations features to SAXParserFactory.
134     * Pulled out as a separate class in order to suppress Pitest mutations.
135     */
136    public static final class FeaturesForVerySecureJavaInstallations {
137
138        /** Feature that enables loading external DTD when loading XML files. */
139        private static final String LOAD_EXTERNAL_DTD =
140                "http://apache.org/xml/features/nonvalidating/load-external-dtd";
141        /** Feature that enables including external general entities in XML files. */
142        private static final String EXTERNAL_GENERAL_ENTITIES =
143                "http://xml.org/sax/features/external-general-entities";
144
145        /** Stop instances being created. **/
146        private FeaturesForVerySecureJavaInstallations() {
147        }
148
149        /**
150         * Configures SAXParserFactory with features required
151         * for execution on very secured environments.
152         * @param factory factory to be configured with special features
153         * @throws SAXException if an error occurs
154         * @throws ParserConfigurationException if an error occurs
155         */
156        public static void addFeaturesForVerySecureJavaInstallations(SAXParserFactory factory)
157                throws SAXException, ParserConfigurationException {
158            factory.setFeature(LOAD_EXTERNAL_DTD, true);
159            factory.setFeature(EXTERNAL_GENERAL_ENTITIES, true);
160        }
161
162    }
163
164}