[geotools/geotools] e0a3f1: GEOT-5514: Disabled DTD's in gt-xml to protect aga...

[Jody Garnett]

Branch: refs/heads/master
Home: https://github.com/geotools/geotools
Commit: e0a3f1a873c807909e0f69faf8e2731b639d41b5
https://github.com/geotools/geotools/commit/e0a3f1a873c807909e0f69faf8e2731b639d41b5
Author: Aaron Waddell <aaron....@bcs.org>
Date: 2016-09-18 (Sun, 18 Sep 2016)

Changed paths:
M modules/library/xml/pom.xml
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
A modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java
M pom.xml

Log Message:
-----------
GEOT-5514: Disabled DTD's in gt-xml to protect against XML External Entity Injection (XEE) attacks
Also added PowerMockito in order to add tests for DocumentFactory.java and protect against regression.


Commit: b3331c197defd0b1bbd2af0a6e467ae0fcbb2fc2
https://github.com/geotools/geotools/commit/b3331c197defd0b1bbd2af0a6e467ae0fcbb2fc2
Author: Aaron Waddell <aaron....@bcs.org>
Date: 2016-09-18 (Sun, 18 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
GEOT-5514: Make parsing of external entities in DocumentFactory configurable
For reasons including backwards compatibility, a user can now choose whether or not to parse external entities in DocumentFactory. Defaults to false.


Commit: 281f1a4e23e88dafd2a13e0427c8af41725eab8b
https://github.com/geotools/geotools/commit/281f1a4e23e88dafd2a13e0427c8af41725eab8b
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-18 (Sun, 18 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLHandlerHints.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLSAXHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/DocumentHandler.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
EntityResolver for DocumentFactory [GEOT-5514]


Commit: 6c3c6d0ac081b023c2ef6d8b0d8669d3f0724373
https://github.com/geotools/geotools/commit/6c3c6d0ac081b023c2ef6d8b0d8669d3f0724373
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-18 (Sun, 18 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
rework test case


Commit: a7cb5a05446ea1e475d743a25c87ec47979b0a55
https://github.com/geotools/geotools/commit/a7cb5a05446ea1e475d743a25c87ec47979b0a55
Author: Andrea Aime <andre...@gmail.com>
Date: 2016-09-18 (Sun, 18 Sep 2016)

Changed paths:
M modules/library/xml/pom.xml
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLHandlerHints.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java
M pom.xml

Log Message:
-----------
Removing powermock dependency


Commit: 530c64f23ce4090221b9c4e707589a44a3990f82
https://github.com/geotools/geotools/commit/530c64f23ce4090221b9c4e707589a44a3990f82
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLSAXHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ComplexElementHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ElementHandlerFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
disable dtd support (not needed by schema based parser)


Commit: 049d417170431ffe2b3318e287c2259e52202b19
https://github.com/geotools/geotools/commit/049d417170431ffe2b3318e287c2259e52202b19
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
restore dtd for WMS 1.1.1 DTD


Commit: f9f82b7c480246675f811ae328092be46f822d4e
https://github.com/geotools/geotools/commit/f9f82b7c480246675f811ae328092be46f822d4e
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-20 (Tue, 20 Sep 2016)

Changed paths:
M modules/library/xml/pom.xml
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLHandlerHints.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLSAXHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ComplexElementHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/DocumentHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ElementHandlerFactory.java
A modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
Merge pull request #1314 from jodygarnett/GEOT-5514

GEOT-5514: Introduce EntityResolver and option to disabled DTD for gt-wms client (to protect against XEE attacks)


Compare: https://github.com/geotools/geotools/compare/06c1dd1617c1...f9f82b7c4802