jmeter-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pmoua...@apache.org
Subject svn commit: r1763096 - /jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java
Date Sun, 02 Oct 2016 19:22:50 GMT
Author: pmouawad
Date: Sun Oct  2 19:22:49 2016
New Revision: 1763096

URL: http://svn.apache.org/viewvc?rev=1763096&view=rev
Log:
XStream upgrade
Workaround the security fix without losing the DTD

Modified:
    jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java

Modified: jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java?rev=1763096&r1=1763095&r2=1763096&view=diff
==============================================================================
--- jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java (original)
+++ jmeter/trunk/src/core/org/apache/jmeter/gui/action/template/TemplateManager.java Sun Oct
 2 19:22:49 2016
@@ -22,12 +22,16 @@ import java.io.File;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.jmeter.util.JMeterUtils;
 import org.apache.jorphan.logging.LoggingManager;
 import org.apache.log.Logger;
 
 import com.thoughtworks.xstream.XStream;
+import com.thoughtworks.xstream.io.StreamException;
 import com.thoughtworks.xstream.io.xml.DomDriver;
 
 /**
@@ -63,7 +67,26 @@ public class TemplateManager {
     }
     
     private XStream initXStream() {
-        XStream xstream = new XStream(new DomDriver());
+        XStream xstream = new XStream(new DomDriver(){
+            /**
+             * Create the DocumentBuilderFactory instance.
+             * See https://blog.compass-security.com/2012/08/secure-xml-parser-configuration/
+             * See https://github.com/x-stream/xstream/issues/25
+             * @return the new instance
+             */
+            @Override
+            protected DocumentBuilderFactory createDocumentBuilderFactory() {
+                final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+                try {
+                    factory.setFeature("http://xml.org/sax/features/external-general-entities",
false);
+                    factory.setFeature("http://xml.org/sax/features/external-parameter-entities",
false);
+                } catch (ParserConfigurationException e) {
+                    throw new StreamException(e);
+                }
+                factory.setExpandEntityReferences(false);
+                return factory;
+            }
+        });
         xstream.alias("template", Template.class);
         xstream.alias("templates", Templates.class);
         xstream.useAttributeFor(Template.class, "isTestPlan");



Mime
View raw message