Produced by Araxis Merge on 4/5/2017 4:25:29 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | C:\working_scrub\Unredacted\VAP Code Base\VAP_Bld2_Source_Code_CIF_2017-02-14\nvap-common\src\main\java\gov\va\nvap\common\util | DocumentBuilderFactoryUtil.java | Wed Feb 1 18:37:28 2017 UTC |
| 2 | eHX-CIF.zip\eHX-CIF\VAP Code Base\VAP_Bld2_Source_Code_CIF_2017-02-14\nvap-common\src\main\java\gov\va\nvap\common\util | DocumentBuilderFactoryUtil.java | Mon Apr 3 14:00:49 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 208 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /* | |
| 2 | * To chan ge this li cense head er, choose License H eaders in Project Pr operties. | |
| 3 | * To chan ge this te mplate fil e, choose Tools | Te mplates | |
| 4 | * and ope n the temp late in th e editor. | |
| 5 | */ | |
| 6 | package go v.va.nvap. common.uti l; | |
| 7 | ||
| 8 | import jav ax.xml.par sers.Docum entBuilder Factory; | |
| 9 | ||
| 10 | /** | |
| 11 | * | |
| 12 | * @author DN S VAZQUD | |
| 13 | */ | |
| 14 | public cla ss Documen tBuilderFa ctoryUtil | |
| 15 | { | |
| 16 | public static Do cumentBuil derFactory getDocume ntBuilderF actory( | |
| 17 | String f actoryClas sName, | |
| 18 | boolean namespaceA ware, | |
| 19 | boolean validating , | |
| 20 | boolean expandEnti tyReferenc es) | |
| 21 | { | |
| 22 | Do cumentBuil derFactory dbf; | |
| 23 | ||
| 24 | if (factoryC lassName ! = null) { | |
| 25 | System.s etProperty ("javax.xm l.parsers. DocumentBu ilderFacto ry", | |
| 26 | factoryCla ssName); | |
| 27 | } | |
| 28 | ||
| 29 | // Step 1: c reate a Do cumentBuil derFactory and confi gure it | |
| 30 | db f = Docume ntBuilderF actory.new Instance() ; | |
| 31 | ||
| 32 | // Optional: set vario us configu ration opt ions | |
| 33 | db f.setNames paceAware( namespaceA ware); | |
| 34 | db f.setValid ating(vali dating); | |
| 35 | ||
| 36 | // Add vario us options explicitl y to preve nt XXE att acks. add try/catch around eve ry | |
| 37 | // setAttrib ute just i n case a s pecific pa rser does not suppor t it. | |
| 38 | db f.setExpan dEntityRef erences(ex pandEntity References ); | |
| 39 | tr y { | |
| 40 | dbf.setA ttribute(" http://xml .org/sax/f eatures/ex ternal-gen eral-entit ies", | |
| 41 | Boolean.FA LSE); | |
| 42 | } | |
| 43 | ca tch (Throw able t) { | |
| 44 | } | |
| 45 | tr y { | |
| 46 | dbf.setA ttribute(" http://xml .org/sax/f eatures/ex ternal-par ameter-ent ities", | |
| 47 | Boolean.FA LSE); | |
| 48 | } | |
| 49 | ca tch (Throw able t) { | |
| 50 | } | |
| 51 | tr y { | |
| 52 | dbf.setA ttribute(" http://apa che.org/xm l/features /disallow- doctype-de cl", | |
| 53 | Boolean.TR UE); | |
| 54 | } | |
| 55 | ca tch (Throw able t) { | |
| 56 | } | |
| 57 | tr y { | |
| 58 | dbf.setA ttribute(" http://jav ax.xml.XML Constants/ feature/se cure-proce ssing", | |
| 59 | Boolean.TR UE); | |
| 60 | } | |
| 61 | ca tch (Throw able t) { | |
| 62 | } | |
| 63 | tr y { | |
| 64 | dbf.setA ttribute(" http://apa che.org/xm l/features /nonvalida ting/load- external-d td", | |
| 65 | Boolean.FA LSE); | |
| 66 | } | |
| 67 | ca tch (Throw able t) { | |
| 68 | } | |
| 69 | ||
| 70 | tr y { | |
| 71 | // Some parsers do n't throw an excepti on here, b ut throw o ne when th e | |
| 72 | // facto ry creates an instan ce instead , so try t o only do this for | |
| 73 | // Xerce s. | |
| 74 | if (dbf. getClass() .getName() .equals("o rg.apache. xerces.jax p.Document BuilderFac tory")) { | |
| 75 | // s peed up pr ocessing b y turning off deferr ed node ex pansion | |
| 76 | dbf. setAttribu te("http:/ /apache.or g/xml/feat ures/dom/d efer-node- expansion" , | |
| 77 | Boolea n.FALSE); | |
| 78 | } | |
| 79 | } | |
| 80 | ca tch (Illeg alArgument Exception e) { | |
| 81 | // parse rs that do not suppo rt this op tion *shou ld* throw this excep tion | |
| 82 | } | |
| 83 | ||
| 84 | tr y { | |
| 85 | // Some parsers do n't throw an excepti on here, b ut throw o ne when th e | |
| 86 | // facto ry creates an instan ce instead , so try t o only do this for | |
| 87 | // Xerce s. | |
| 88 | if (dbf. getClass() .getName() .equals("o rg.apache. xerces.jax p.Document BuilderFac tory")) { | |
| 89 | // f uture: pro tect again st DOS att acks throu gh DOCTYPE processin g | |
| 90 | dbf. setAttribu te("http:/ /apache.or g/xml/feat ures/disal low-doctyp e-decl", | |
| 91 | Boolea n.TRUE); | |
| 92 | } | |
| 93 | } | |
| 94 | ca tch (Illeg alArgument Exception e) { | |
| 95 | // parse rs that do not suppo rt this op tion *shou ld* throw this excep tion | |
| 96 | } | |
| 97 | ||
| 98 | /* | |
| 99 | At t his point the Docume ntBuilderF actory ins tance can be saved | |
| 100 | and reused to create any number of DocumentB uilder ins tances | |
| 101 | with the same configurat ion option s. | |
| 102 | * / | |
| 103 | re turn dbf; | |
| 104 | } | |
| 105 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.