/* * reserved comment block * DO NOT REMOVE OR ALTER! */ /* * The Apache Software License, Version 1.1 * * * Copyright (c) 2003 The Apache Software Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Xerces" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation and was * originally based on software copyright (c) 1999, International * Business Machines, Inc., http://www.apache.org. For more * information on the Apache Software Foundation, please see * . */ package com.sun.org.apache.xerces.internal.util; import com.sun.org.apache.xerces.internal.impl.Constants; import java.security.AccessController; import java.security.PrivilegedAction; /** * This class is a container for parser settings that relate to * security, or more specifically, it is intended to be used to prevent denial-of-service * attacks from being launched against a system running Xerces. * Any component that is aware of a denial-of-service attack that can arise * from its processing of a certain kind of document may query its Component Manager * for the property (http://apache.org/xml/properties/security-manager) * whose value will be an instance of this class. * If no value has been set for the property, the component should proceed in the "usual" (spec-compliant) * manner. If a value has been set, then it must be the case that the component in * question needs to know what method of this class to query. This class * will provide defaults for all known security issues, but will also provide * setters so that those values can be tailored by applications that care. * * @author Neil Graham, IBM * * @version $Id: SecurityManager.java,v 1.5 2010-11-01 04:40:14 joehw Exp $ */ public final class SecurityManager { // // Constants // // default value for entity expansion limit private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000; /** Default value of number of nodes created. **/ private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 5000; // // Data // private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000; /** Entity expansion limit. **/ private int entityExpansionLimit; /** W3C XML Schema maxOccurs limit. **/ private int maxOccurLimit; private int fElementAttributeLimit; // default constructor. Establishes default values for // all known security holes. /** * Default constructor. Establishes default values * for known security vulnerabilities. */ public SecurityManager() { entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ; fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; //We are reading system properties only once , //at the time of creation of this object , readSystemProperties(); } /** *

Sets the number of entity expansions that the * parser should permit in a document.

* * @param limit the number of entity expansions * permitted in a document */ public void setEntityExpansionLimit(int limit) { entityExpansionLimit = limit; } /** *

Returns the number of entity expansions * that the parser permits in a document.

* * @return the number of entity expansions * permitted in a document */ public int getEntityExpansionLimit() { return entityExpansionLimit; } /** *

Sets the limit of the number of content model nodes * that may be created when building a grammar for a W3C * XML Schema that contains maxOccurs attributes with values * other than "unbounded".

* * @param limit the maximum value for maxOccurs other * than "unbounded" */ public void setMaxOccurNodeLimit(int limit){ maxOccurLimit = limit; } /** *

Returns the limit of the number of content model nodes * that may be created when building a grammar for a W3C * XML Schema that contains maxOccurs attributes with values * other than "unbounded".

* * @return the maximum value for maxOccurs other * than "unbounded" */ public int getMaxOccurNodeLimit(){ return maxOccurLimit; } public int getElementAttrLimit(){ return fElementAttributeLimit; } public void setElementAttrLimit(int limit){ fElementAttributeLimit = limit; } private void readSystemProperties(){ //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT try { String value = getSystemProperty(Constants.ENTITY_EXPANSION_LIMIT); if(value != null && !value.equals("")){ entityExpansionLimit = Integer.parseInt(value); if (entityExpansionLimit < 0) entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; } else entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; }catch(Exception ex){} try { String value = getSystemProperty(Constants.MAX_OCCUR_LIMIT); if(value != null && !value.equals("")){ maxOccurLimit = Integer.parseInt(value); if (maxOccurLimit < 0) maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; } else maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; }catch(Exception ex){} try { String value = getSystemProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT); if(value != null && !value.equals("")){ fElementAttributeLimit = Integer.parseInt(value); if ( fElementAttributeLimit < 0) fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; } else fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; }catch(Exception ex){} } private String getSystemProperty(final String propName) { return AccessController.doPrivileged(new PrivilegedAction() { public String run() { return System.getProperty(propName); } }); } } // class SecurityManager