public class Digester2
extends org.apache.commons.digester.Digester
Digester
wrapper to fix the issue DIGESTER-118.
Since Jenkins 2.TODO, this class also attempts to set secure parsing defaults to prevent XXE (XML External Entity) vulnerabilities.
Digester2()
and Digester2(XMLReader)
will apply XXE protections unless a system property is set to disable them.Digester2(boolean)
and Digester2(XMLReader, boolean)
will apply XXE protections if and only if the boolean argument is true.Digester2(SAXParser)
will not apply protections, whatever instantiated the SAXParser
should do that.bodyText, bodyTexts, classLoader, configured, entityResolver, entityValidator, errorHandler, factory, inputSources, JAXP_SCHEMA_LANGUAGE, locator, log, match, matches, namespaceAware, namespaces, params, parser, publicId, reader, root, rules, saxLog, schema, schemaLanguage, schemaLocation, stack, substitutor, useContextClassLoader, validating, W3C_XML_SCHEMA, xincludeAware
Constructor and Description |
---|
Digester2() |
Digester2(boolean processSecurely) |
Digester2(SAXParser parser)
Deprecated.
|
Digester2(XMLReader reader) |
Digester2(XMLReader reader,
boolean processSecurely) |
Modifier and Type | Method and Description |
---|---|
void |
addObjectCreate(String pattern,
Class clazz) |
addBeanPropertySetter, addBeanPropertySetter, addCallMethod, addCallMethod, addCallMethod, addCallMethod, addCallParam, addCallParam, addCallParam, addCallParam, addCallParamPath, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addFactoryCreate, addObjectCreate, addObjectCreate, addObjectCreate, addObjectParam, addRule, addRuleSet, addSetNestedProperties, addSetNestedProperties, addSetNestedProperties, addSetNext, addSetNext, addSetProperties, addSetProperties, addSetProperties, addSetProperty, addSetRoot, addSetRoot, addSetTop, addSetTop, characters, cleanup, clear, configure, createInputSourceFromURL, createInputSourceFromURL, createSAXException, createSAXException, createSAXException, endDocument, endElement, endPrefixMapping, error, fatalError, findNamespaceURI, getClassLoader, getCount, getCurrentElementName, getCurrentNamespaces, getCustomContentHandler, getDebug, getDocumentLocator, getEntityResolver, getErrorHandler, getFactory, getFeature, getLogger, getMatch, getNamespaceAware, getParser, getProperty, getPublicId, getReader, getRoot, getRuleNamespaceURI, getRules, getSAXLogger, getSchema, getSchemaLanguage, getStackAction, getSubstitutor, getUseContextClassLoader, getValidating, getXIncludeAware, getXMLReader, getXMLSchema, ignorableWhitespace, initialize, isEmpty, log, log, notationDecl, parse, parse, parse, parse, parse, parse, peek, peek, peek, peek, peekParams, peekParams, pop, pop, popParams, processingInstruction, push, push, pushParams, register, register, resetRoot, resolveEntity, setClassLoader, setCustomContentHandler, setDebug, setDocumentLocator, setEntityResolver, setErrorHandler, setFeature, setLogger, setNamespaceAware, setProperty, setPublicId, setRuleNamespaceURI, setRules, setSAXLogger, setSchema, setSchemaLanguage, setStackAction, setSubstitutor, setUseContextClassLoader, setValidating, setXIncludeAware, setXMLSchema, skippedEntity, startDocument, startElement, startPrefixMapping, unparsedEntityDecl, warning
public Digester2()
@Deprecated public Digester2(SAXParser parser)
SAXParser
securely if processing potentially untrusted input, as this does not do it automatically (unlike other constructors).parser
- the parserpublic Digester2(XMLReader reader)
public Digester2(boolean processSecurely)
processSecurely
- true iff this should configure the parser to prevent XXE.public Digester2(XMLReader reader, boolean processSecurely)
reader
- the readerprocessSecurely
- true iff this should configure the parser to prevent XXE.Copyright © 2004–2021. All rights reserved.