Code Review / yangtools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (from parent 1: 64ae40a)
Make XmlDocumentUtils use UntrustedXML 75/53175/2
authorRobert Varga <rovarga@cisco.com>
Sat, 11 Mar 2017 16:44:31 +0000 (17:44 +0100)
committerRobert Varga <nite@hq.sk>
Sat, 11 Mar 2017 18:48:36 +0000 (18:48 +0000)
When dealing with incoming XML, we should not be trusting it. Instead
of open-coded DocumentBuilderFactory, use the one encapsulated in
UntrustedXML.

Change-Id: I3bcee704de8dc73428950ac59579b33aabe15bc0
Signed-off-by: Robert Varga <rovarga@cisco.com>
yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java patch | blob | history

diff --git a/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java b/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java
index f05cc7a7f89ce1ebae58cbef9db3d828615742fd..d487632f1d92732c7e0d37b4301e0a22531f75b5 100644 (file)
--- a/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java
+++ b/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java
@@ -12,9 +12,7 @@ import com.google.common.base.Preconditions;
 import java.net.URI;
 import java.util.Map;
 import java.util.Map.Entry;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
+import org.opendaylight.yangtools.util.xml.UntrustedXML;
 import org.opendaylight.yangtools.yang.common.QName;
 import org.opendaylight.yangtools.yang.data.api.AttributesContainer;
 import org.opendaylight.yangtools.yang.data.api.ModifyAction;
@@ -35,15 +33,7 @@ public final class XmlDocumentUtils {
     }
 
     public static Document getDocument() {
-        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
-        Document doc = null;
-        try {
-            DocumentBuilder bob = dbf.newDocumentBuilder();
-            doc = bob.newDocument();
-        } catch (ParserConfigurationException e) {
-            throw new RuntimeException(e);
-        }
-        return doc;
+        return UntrustedXML.newDocumentBuilder().newDocument();
     }
 
     private static Element createElementFor(final Document doc, final QName qname, final Object obj) {
@@ -79,7 +69,8 @@ public final class XmlDocumentUtils {
     }
 
     public static Optional<ModifyAction> getModifyOperationFromAttributes(final Element xmlElement) {
-        Attr attributeNodeNS = xmlElement.getAttributeNodeNS(OPERATION_ATTRIBUTE_QNAME.getNamespace().toString(), OPERATION_ATTRIBUTE_QNAME.getLocalName());
+        Attr attributeNodeNS = xmlElement.getAttributeNodeNS(OPERATION_ATTRIBUTE_QNAME.getNamespace().toString(),
+            OPERATION_ATTRIBUTE_QNAME.getLocalName());
         if (attributeNodeNS == null) {
             return Optional.absent();
         }
@@ -90,7 +81,8 @@ public final class XmlDocumentUtils {
         return Optional.of(action);
     }
 
-    public static Optional<DataSchemaNode> findFirstSchema(final QName qname, final Iterable<DataSchemaNode> dataSchemaNode) {
+    public static Optional<DataSchemaNode> findFirstSchema(final QName qname,
+            final Iterable<DataSchemaNode> dataSchemaNode) {
         if (dataSchemaNode != null && qname != null) {
             for (DataSchemaNode dsn : dataSchemaNode) {
                 if (qname.isEqualWithoutRevision(dsn.getQName())) {
OpenDaylight YANG Tools