HHH-13960 Add SAXReader sec features to match the defaults

2020-04-20 15:18:02 +02:00 · 2020-04-20 15:18:02 +02:00 · 78bcb66cd5
parent 146a43d83b
commit 78bcb66cd5
3 changed files with 17 additions and 2 deletions
--- a/hibernate-core/src/main/java/org/hibernate/internal/util/xml/XMLHelper.java
+++ b/hibernate-core/src/main/java/org/hibernate/internal/util/xml/XMLHelper.java
@ -59,6 +59,14 @@ public final class XMLHelper {

 	public SAXReader createSAXReader(ErrorLogger errorLogger, EntityResolver entityResolver) {
 		SAXReader saxReader = new SAXReader();
+		try {
+			saxReader.setFeature( "http://apache.org/xml/features/nonvalidating/load-external-dtd", false );
+			saxReader.setFeature( "http://xml.org/sax/features/external-general-entities", false );
+			saxReader.setFeature( "http://xml.org/sax/features/external-parameter-entities", false );
+		}
+		catch (Exception e) {
+			throw new RuntimeException( e );
+		}
 		saxReader.setMergeAdjacentText( true );
 		saxReader.setValidation( true );
 		saxReader.setErrorHandler( errorLogger );
--- a/hibernate-core/src/test/java/org/hibernate/test/annotations/xml/ejb3/Ejb3XmlTestCase.java
+++ b/hibernate-core/src/test/java/org/hibernate/test/annotations/xml/ejb3/Ejb3XmlTestCase.java
@ -64,7 +64,11 @@ abstract class Ejb3XmlTestCase extends BaseUnitTestCase {

 	protected XMLContext getContext(InputStream is) throws Exception {
 		XMLContext xmlContext = new XMLContext( BootstrapContextImpl.INSTANCE );
-		Document doc = new SAXReader().read( is );
+		SAXReader reader = new SAXReader();
+		reader.setFeature( "http://apache.org/xml/features/nonvalidating/load-external-dtd", false );
+		reader.setFeature( "http://xml.org/sax/features/external-general-entities", false );
+		reader.setFeature( "http://xml.org/sax/features/external-parameter-entities", false );
+		Document doc = reader.read( is );
 		xmlContext.addDocument( doc );
 		return xmlContext;
 	}
--- a/hibernate-spatial/src/test/java/org/hibernate/spatial/testing/TestDataReader.java
+++ b/hibernate-spatial/src/test/java/org/hibernate/spatial/testing/TestDataReader.java
@ -26,10 +26,13 @@ public class TestDataReader {
 		List<TestDataElement> testDataElements = new ArrayList<TestDataElement>();
 		SAXReader reader = new SAXReader();
 		try {
+			reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false );
+			reader.setFeature("http://xml.org/sax/features/external-general-entities", false );
+			reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false );
 			Document document = reader.read( getInputStream( fileName ) );
 			addDataElements( document, testDataElements );
 		}
-		catch (DocumentException e) {
+		catch (Exception e) {
 			throw new RuntimeException( e );
 		}
 		return testDataElements;