Apache
/
poi
mirror of https://github.com/apache/poi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 63768: Adjust handling of SchemaFactory 

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1867484 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
PJ Fanning 2019-09-24 18:33:37 +00:00
parent 8e3286a64c
commit 06f28db213
3 changed files with 286 additions and 262 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/ooxml/java/org/apache/poi/xssf/extractor/XSSFExportToXml.java
View File

@ -28,6 +28,7 @@ import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.Vector; import java.util.Vector;
import javax.xml.XMLConstants;
import javax.xml.transform.OutputKeys; import javax.xml.transform.OutputKeys;
import javax.xml.transform.Source; import javax.xml.transform.Source;
import javax.xml.transform.Transformer; import javax.xml.transform.Transformer;
@ -241,9 +242,10 @@ public class XSSFExportToXml implements Comparator<String>{
* @throws SAXException If validating the document fails * @throws SAXException If validating the document fails
*/ */
private boolean isValid(Document xml) throws SAXException{ private boolean isValid(Document xml) throws SAXException{
try{ try {
String language = "http://www.w3.org/2001/XMLSchema"; String language = "http://www.w3.org/2001/XMLSchema";
SchemaFactory factory = SchemaFactory.newInstance(language); SchemaFactory factory = SchemaFactory.newInstance(language);
trySetFeature(factory, XMLConstants.FEATURE_SECURE_PROCESSING, true);
Source source = new DOMSource(map.getSchema()); Source source = new DOMSource(map.getSchema());
Schema schema = factory.newSchema(source); Schema schema = factory.newSchema(source);
@ -313,7 +315,7 @@ public class XSSFExportToXml implements Comparator<String>{
String[] xpathTokens = xpath.split("/"); String[] xpathTokens = xpath.split("/");
Node currentNode =rootNode; Node currentNode = rootNode;
// The first token is empty, the second is the root node // The first token is empty, the second is the root node
for(int i =2; i<xpathTokens.length;i++) { for(int i =2; i<xpathTokens.length;i++) {
@ -535,4 +537,14 @@ public class XSSFExportToXml implements Comparator<String>{
} }
return complexTypeNode; return complexTypeNode;
} }
private static void trySetFeature(SchemaFactory sf, String feature, boolean enabled) {
try {
sf.setFeature(feature, enabled);
} catch (Exception e) {
LOG.log(POILogger.WARN, "SchemaFactory Feature unsupported", feature, e);
} catch (AbstractMethodError ame) {
LOG.log(POILogger.WARN, "Cannot set SchemaFactory feature because outdated XML parser in classpath", feature, ame);
}
}
} }

12
src/ooxml/testcases/org/apache/poi/xssf/extractor/TestXSSFExportToXML.java
View File

@ -51,6 +51,7 @@ import org.junit.Test;
import org.xml.sax.EntityResolver; import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource; import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
/** /**
* @author Roberto Manicardi * @author Roberto Manicardi
@ -671,4 +672,15 @@ public final class TestXSSFExportToXML {
} }
} }
} }
@Test(expected = SAXParseException.class)
public void testXXEInSchema() throws Exception {
try (XSSFWorkbook wb = XSSFTestDataSamples.openSampleWorkbook("xxe_in_schema.xlsx")) {
for (XSSFMap map : wb.getCustomXMLMappings()) {
XSSFExportToXml exporter = new XSSFExportToXml(map);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
exporter.exportToXML(bos, true);
}
}
}
} }

BIN
test-data/spreadsheet/xxe_in_schema.xlsx Normal file
View File

Binary file not shown.