Skip to content

Commit b8755b2

Browse files
YLChen-007cyl-auth
authored and
Locharla, Sandeep
committed
Refactor XML parsing to use safer document builders in multiple classes (apache#12129)
Co-authored-by: chenyoulong20g@ict.ac.cn <chenyoulong20g@ict.ac.cn>
1 parent f46f58a commit b8755b2

File tree

3 files changed

+16
-14
lines changed

3 files changed

+16
-14
lines changed

plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtMigrateVolumeCommandWrapper.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@
4444
import org.apache.cloudstack.storage.datastore.util.ScaleIOUtil;
4545
import org.apache.cloudstack.storage.to.PrimaryDataStoreTO;
4646
import org.apache.cloudstack.storage.to.VolumeObjectTO;
47+
import org.apache.cloudstack.utils.security.ParserUtils;
4748
import org.apache.commons.lang3.ArrayUtils;
4849
import org.apache.commons.lang3.StringUtils;
4950
import org.libvirt.Connect;
@@ -237,7 +238,7 @@ protected MigrateVolumeAnswer checkBlockJobStatus(MigrateVolumeCommand command,
237238

238239
private String generateDestinationDiskLabel(String diskXml) throws ParserConfigurationException, IOException, SAXException {
239240

240-
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
241+
DocumentBuilderFactory dbFactory = ParserUtils.getSaferDocumentBuilderFactory();
241242
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
242243
Document doc = dBuilder.parse(new ByteArrayInputStream(diskXml.getBytes("UTF-8")));
243244
doc.getDocumentElement().normalize();
@@ -251,7 +252,7 @@ private String generateDestinationDiskLabel(String diskXml) throws ParserConfigu
251252
protected String generateDestinationDiskXML(Domain dm, String srcVolumeId, String diskFilePath, String destSecretUUID) throws LibvirtException, ParserConfigurationException, IOException, TransformerException, SAXException {
252253
final String domXml = dm.getXMLDesc(0);
253254

254-
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
255+
DocumentBuilderFactory dbFactory = ParserUtils.getSaferDocumentBuilderFactory();
255256
DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
256257
Document doc = dBuilder.parse(new ByteArrayInputStream(domXml.getBytes("UTF-8")));
257258
doc.getDocumentElement().normalize();

server/src/main/java/com/cloud/test/DatabaseConfig.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -427,7 +427,7 @@ protected void doConfig() {
427427
try {
428428
final File configFile = new File(_configFileName);
429429

430-
SAXParserFactory spfactory = SAXParserFactory.newInstance();
430+
SAXParserFactory spfactory = ParserUtils.getSaferSAXParserFactory();
431431
final SAXParser saxParser = spfactory.newSAXParser();
432432
final DbConfigXMLHandler handler = new DbConfigXMLHandler();
433433
handler.setParent(this);

utils/src/main/java/com/cloud/utils/cisco/n1kv/vsm/VsmCommand.java

Lines changed: 12 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
import javax.xml.parsers.ParserConfigurationException;
2727

2828
import org.apache.logging.log4j.Logger;
29+
import org.apache.cloudstack.utils.security.ParserUtils;
2930
import org.apache.logging.log4j.LogManager;
3031
import org.w3c.dom.DOMException;
3132
import org.w3c.dom.DOMImplementation;
@@ -67,7 +68,7 @@ public enum OperationType {
6768
public static String getAddPortProfile(String name, PortProfileType type, BindingType binding, SwitchPortMode mode, int vlanid, String vdc, String espName) {
6869
try {
6970
// Create the document and root element.
70-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
71+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
7172
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
7273
DOMImplementation domImpl = docBuilder.getDOMImplementation();
7374
Document doc = createDocument(domImpl);
@@ -100,7 +101,7 @@ public static String getAddPortProfile(String name, PortProfileType type, Bindin
100101
public static String getAddPortProfile(String name, PortProfileType type, BindingType binding, SwitchPortMode mode, int vlanid) {
101102
try {
102103
// Create the document and root element.
103-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
104+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
104105
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
105106
DOMImplementation domImpl = docBuilder.getDOMImplementation();
106107
Document doc = createDocument(domImpl);
@@ -133,7 +134,7 @@ public static String getAddPortProfile(String name, PortProfileType type, Bindin
133134
public static String getUpdatePortProfile(String name, SwitchPortMode mode, List<Pair<VsmCommand.OperationType, String>> params) {
134135
try {
135136
// Create the document and root element.
136-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
137+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
137138
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
138139
DOMImplementation domImpl = docBuilder.getDOMImplementation();
139140
Document doc = createDocument(domImpl);
@@ -166,7 +167,7 @@ public static String getUpdatePortProfile(String name, SwitchPortMode mode, List
166167
public static String getDeletePortProfile(String portName) {
167168
try {
168169
// Create the document and root element.
169-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
170+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
170171
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
171172
DOMImplementation domImpl = docBuilder.getDOMImplementation();
172173
Document doc = createDocument(domImpl);
@@ -199,7 +200,7 @@ public static String getDeletePortProfile(String portName) {
199200
public static String getAddPolicyMap(String name, int averageRate, int maxRate, int burstRate) {
200201
try {
201202
// Create the document and root element.
202-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
203+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
203204
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
204205
DOMImplementation domImpl = docBuilder.getDOMImplementation();
205206
Document doc = createDocument(domImpl);
@@ -232,7 +233,7 @@ public static String getAddPolicyMap(String name, int averageRate, int maxRate,
232233
public static String getDeletePolicyMap(String name) {
233234
try {
234235
// Create the document and root element.
235-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
236+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
236237
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
237238
DOMImplementation domImpl = docBuilder.getDOMImplementation();
238239
Document doc = createDocument(domImpl);
@@ -265,7 +266,7 @@ public static String getDeletePolicyMap(String name) {
265266
public static String getServicePolicy(String policyMap, String portProfile, boolean attach) {
266267
try {
267268
// Create the document and root element.
268-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
269+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
269270
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
270271
DOMImplementation domImpl = docBuilder.getDOMImplementation();
271272
Document doc = createDocument(domImpl);
@@ -297,7 +298,7 @@ public static String getServicePolicy(String policyMap, String portProfile, bool
297298

298299
public static String getPortProfile(String name) {
299300
try {
300-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
301+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
301302
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
302303
DOMImplementation domImpl = docBuilder.getDOMImplementation();
303304
Document doc = createDocument(domImpl);
@@ -334,7 +335,7 @@ public static String getPortProfile(String name) {
334335

335336
public static String getPolicyMap(String name) {
336337
try {
337-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
338+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
338339
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
339340
DOMImplementation domImpl = docBuilder.getDOMImplementation();
340341
Document doc = createDocument(domImpl);
@@ -367,7 +368,7 @@ public static String getPolicyMap(String name) {
367368

368369
public static String getHello() {
369370
try {
370-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
371+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
371372
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
372373
DOMImplementation domImpl = docBuilder.getDOMImplementation();
373374

@@ -395,7 +396,7 @@ public static String getHello() {
395396
public static String getVServiceNode(String vlanId, String ipAddr) {
396397
try {
397398
// Create the document and root element.
398-
DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
399+
DocumentBuilderFactory docFactory = ParserUtils.getSaferDocumentBuilderFactory();
399400
DocumentBuilder docBuilder = docFactory.newDocumentBuilder();
400401
DOMImplementation domImpl = docBuilder.getDOMImplementation();
401402
Document doc = createDocument(domImpl);

0 commit comments

Comments
 (0)