001/////////////////////////////////////////////////////////////////////////////////////////////// 002// checkstyle: Checks Java source code and other text files for adherence to a set of rules. 003// Copyright (C) 2001-2024 the original author or authors. 004// 005// This library is free software; you can redistribute it and/or 006// modify it under the terms of the GNU Lesser General Public 007// License as published by the Free Software Foundation; either 008// version 2.1 of the License, or (at your option) any later version. 009// 010// This library is distributed in the hope that it will be useful, 011// but WITHOUT ANY WARRANTY; without even the implied warranty of 012// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 013// Lesser General Public License for more details. 014// 015// You should have received a copy of the GNU Lesser General Public 016// License along with this library; if not, write to the Free Software 017// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 018/////////////////////////////////////////////////////////////////////////////////////////////// 019 020package com.puppycrawl.tools.checkstyle; 021 022import java.io.IOException; 023import java.io.InputStream; 024import java.util.Map; 025 026import javax.xml.parsers.ParserConfigurationException; 027import javax.xml.parsers.SAXParserFactory; 028 029import org.xml.sax.InputSource; 030import org.xml.sax.SAXException; 031import org.xml.sax.SAXParseException; 032import org.xml.sax.XMLReader; 033import org.xml.sax.helpers.DefaultHandler; 034 035import com.puppycrawl.tools.checkstyle.utils.UnmodifiableCollectionUtil; 036 037/** 038 * Contains the common implementation of a loader, for loading a configuration 039 * from an XML file. 040 * 041 * <p> 042 * The error handling policy can be described as being austere, dead set, 043 * disciplinary, dour, draconian, exacting, firm, forbidding, grim, hard, hard- 044 * boiled, harsh, harsh, in line, iron-fisted, no-nonsense, oppressive, 045 * persnickety, picky, prudish, punctilious, puritanical, rigid, rigorous, 046 * scrupulous, set, severe, square, stern, stickler, straight, strait-laced, 047 * stringent, stuffy, stuffy, tough, unpermissive, unsparing and uptight. 048 * </p> 049 * 050 * @noinspection ThisEscapedInObjectConstruction 051 * @noinspectionreason ThisEscapedInObjectConstruction - only reference is used and not 052 * accessed until initialized 053 */ 054public class XmlLoader 055 extends DefaultHandler { 056 057 /** Maps public id to resolve to resource name for the DTD. */ 058 private final Map<String, String> publicIdToResourceNameMap; 059 /** Parser to read XML files. **/ 060 private final XMLReader parser; 061 062 /** 063 * Creates a new instance. 064 * 065 * @param publicIdToResourceNameMap maps public IDs to DTD resource names 066 * @throws SAXException if an error occurs 067 * @throws ParserConfigurationException if an error occurs 068 */ 069 protected XmlLoader(Map<String, String> publicIdToResourceNameMap) 070 throws SAXException, ParserConfigurationException { 071 this.publicIdToResourceNameMap = 072 UnmodifiableCollectionUtil.copyOfMap(publicIdToResourceNameMap); 073 parser = createXmlReader(this); 074 } 075 076 /** 077 * Parses the specified input source. 078 * 079 * @param inputSource the input source to parse. 080 * @throws IOException if an error occurs 081 * @throws SAXException in an error occurs 082 */ 083 public void parseInputSource(InputSource inputSource) 084 throws IOException, SAXException { 085 parser.parse(inputSource); 086 } 087 088 @Override 089 public InputSource resolveEntity(String publicId, String systemId) { 090 InputSource inputSource = null; 091 if (publicId != null) { 092 final String dtdResourceName = publicIdToResourceNameMap.get(publicId); 093 094 if (dtdResourceName != null) { 095 final ClassLoader loader = getClass().getClassLoader(); 096 final InputStream dtdIs = loader.getResourceAsStream(dtdResourceName); 097 inputSource = new InputSource(dtdIs); 098 } 099 } 100 return inputSource; 101 } 102 103 @Override 104 public void error(SAXParseException exception) throws SAXException { 105 throw exception; 106 } 107 108 /** 109 * Helper method to create {@code XMLReader}. 110 * 111 * @param handler the content handler 112 * @return new XMLReader instance 113 * @throws ParserConfigurationException if a parser cannot be created 114 * @throws SAXException for SAX errors 115 */ 116 private static XMLReader createXmlReader(DefaultHandler handler) 117 throws SAXException, ParserConfigurationException { 118 final SAXParserFactory factory = SAXParserFactory.newInstance(); 119 LoadExternalDtdFeatureProvider.setFeaturesBySystemProperty(factory); 120 factory.setValidating(true); 121 final XMLReader xmlReader = factory.newSAXParser().getXMLReader(); 122 xmlReader.setContentHandler(handler); 123 xmlReader.setEntityResolver(handler); 124 xmlReader.setErrorHandler(handler); 125 return xmlReader; 126 } 127 128 /** 129 * Used for setting specific for secure java installations features to SAXParserFactory. 130 * Pulled out as a separate class in order to suppress Pitest mutations. 131 */ 132 public static final class LoadExternalDtdFeatureProvider { 133 134 /** System property name to enable external DTD load. */ 135 public static final String ENABLE_EXTERNAL_DTD_LOAD = "checkstyle.enableExternalDtdLoad"; 136 137 /** Feature that enables loading external DTD when loading XML files. */ 138 public static final String LOAD_EXTERNAL_DTD = 139 "http://apache.org/xml/features/nonvalidating/load-external-dtd"; 140 /** Feature that enables including external general entities in XML files. */ 141 public static final String EXTERNAL_GENERAL_ENTITIES = 142 "http://xml.org/sax/features/external-general-entities"; 143 /** Feature that enables including external parameter entities in XML files. */ 144 public static final String EXTERNAL_PARAMETER_ENTITIES = 145 "http://xml.org/sax/features/external-parameter-entities"; 146 147 /** Stop instances being created. **/ 148 private LoadExternalDtdFeatureProvider() { 149 } 150 151 /** 152 * Configures SAXParserFactory with features required 153 * to use external DTD file loading, this is not activated by default to no allow 154 * usage of schema files that checkstyle do not know 155 * it is even security problem to allow files from outside. 156 * 157 * @param factory factory to be configured with special features 158 * @throws SAXException if an error occurs 159 * @throws ParserConfigurationException if an error occurs 160 */ 161 public static void setFeaturesBySystemProperty(SAXParserFactory factory) 162 throws SAXException, ParserConfigurationException { 163 164 final boolean enableExternalDtdLoad = Boolean.parseBoolean( 165 System.getProperty(ENABLE_EXTERNAL_DTD_LOAD, "false")); 166 167 factory.setFeature(LOAD_EXTERNAL_DTD, enableExternalDtdLoad); 168 factory.setFeature(EXTERNAL_GENERAL_ENTITIES, enableExternalDtdLoad); 169 factory.setFeature(EXTERNAL_PARAMETER_ENTITIES, enableExternalDtdLoad); 170 } 171 172 } 173 174}