From 848384ab7d023bd1d65865a4babfa515302e6d1c Mon Sep 17 00:00:00 2001 From: Robert Varga Date: Sat, 11 Mar 2017 17:44:31 +0100 Subject: [PATCH] Make XmlDocumentUtils use UntrustedXML When dealing with incoming XML, we should not be trusting it. Instead of open-coded DocumentBuilderFactory, use the one encapsulated in UntrustedXML. Change-Id: I3bcee704de8dc73428950ac59579b33aabe15bc0 Signed-off-by: Robert Varga --- .../data/impl/codec/xml/XmlDocumentUtils.java | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java b/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java index f05cc7a7f8..d487632f1d 100644 --- a/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java +++ b/yang/yang-data-impl/src/main/java/org/opendaylight/yangtools/yang/data/impl/codec/xml/XmlDocumentUtils.java @@ -12,9 +12,7 @@ import com.google.common.base.Preconditions; import java.net.URI; import java.util.Map; import java.util.Map.Entry; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; +import org.opendaylight.yangtools.util.xml.UntrustedXML; import org.opendaylight.yangtools.yang.common.QName; import org.opendaylight.yangtools.yang.data.api.AttributesContainer; import org.opendaylight.yangtools.yang.data.api.ModifyAction; @@ -35,15 +33,7 @@ public final class XmlDocumentUtils { } public static Document getDocument() { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - Document doc = null; - try { - DocumentBuilder bob = dbf.newDocumentBuilder(); - doc = bob.newDocument(); - } catch (ParserConfigurationException e) { - throw new RuntimeException(e); - } - return doc; + return UntrustedXML.newDocumentBuilder().newDocument(); } private static Element createElementFor(final Document doc, final QName qname, final Object obj) { @@ -79,7 +69,8 @@ public final class XmlDocumentUtils { } public static Optional getModifyOperationFromAttributes(final Element xmlElement) { - Attr attributeNodeNS = xmlElement.getAttributeNodeNS(OPERATION_ATTRIBUTE_QNAME.getNamespace().toString(), OPERATION_ATTRIBUTE_QNAME.getLocalName()); + Attr attributeNodeNS = xmlElement.getAttributeNodeNS(OPERATION_ATTRIBUTE_QNAME.getNamespace().toString(), + OPERATION_ATTRIBUTE_QNAME.getLocalName()); if (attributeNodeNS == null) { return Optional.absent(); } @@ -90,7 +81,8 @@ public final class XmlDocumentUtils { return Optional.of(action); } - public static Optional findFirstSchema(final QName qname, final Iterable dataSchemaNode) { + public static Optional findFirstSchema(final QName qname, + final Iterable dataSchemaNode) { if (dataSchemaNode != null && qname != null) { for (DataSchemaNode dsn : dataSchemaNode) { if (qname.isEqualWithoutRevision(dsn.getQName())) { -- 2.36.6