[geotools/geotools] 5f865a: GEOT-5514: Disabled DTD's in gt-xml to protect aga...

0 views
Skip to first unread message

Jody Garnett

unread,
Sep 19, 2016, 4:53:53 PM9/19/16
to geotools...@googlegroups.com
Branch: refs/heads/15.x
Home: https://github.com/geotools/geotools
Commit: 5f865a74492f1a6eb7c2855f8d3b8edc79287843
https://github.com/geotools/geotools/commit/5f865a74492f1a6eb7c2855f8d3b8edc79287843
Author: Aaron Waddell <aaron....@bcs.org>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/pom.xml
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
A modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java
M pom.xml

Log Message:
-----------
GEOT-5514: Disabled DTD's in gt-xml to protect against XML External Entity Injection (XEE) attacks Also added PowerMockito in order to add tests for DocumentFactory.java and protect against regression.


Commit: 8ffee634c2bf8939c1da74e9797b6bb77f9c3c3e
https://github.com/geotools/geotools/commit/8ffee634c2bf8939c1da74e9797b6bb77f9c3c3e
Author: Aaron Waddell <aaron....@bcs.org>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
GEOT-5514: Make parsing of external entities in DocumentFactory configurable For reasons including backwards compatibility, a user can now choose whether or not to parse external entities in DocumentFactory. Defaults to false.


Commit: cda726366c21790dcb8628f6e32f2cf8864449fb
https://github.com/geotools/geotools/commit/cda726366c21790dcb8628f6e32f2cf8864449fb
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLHandlerHints.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLSAXHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/DocumentHandler.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
EntityResolver for DocumentFactory [GEOT-5514]


Commit: 1129cfb3c230dbb88ec4809b30fcf423a8cd1265
https://github.com/geotools/geotools/commit/1129cfb3c230dbb88ec4809b30fcf423a8cd1265
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
rework test case


Commit: ecf1499ae6006ca8985b3132bda4ff5fe032c1d5
https://github.com/geotools/geotools/commit/ecf1499ae6006ca8985b3132bda4ff5fe032c1d5
Author: Andrea Aime <andre...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/pom.xml
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLHandlerHints.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java
M pom.xml

Log Message:
-----------
Removing powermock dependency


Commit: 7bb399c933c6b6f5a879a5900ce861d8a21b3564
https://github.com/geotools/geotools/commit/7bb399c933c6b6f5a879a5900ce861d8a21b3564
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/main/java/org/geotools/xml/XMLSAXHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ComplexElementHandler.java
M modules/library/xml/src/main/java/org/geotools/xml/handlers/ElementHandlerFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
disable dtd support (not needed by schema based parser)


Commit: 0faf1a1909d52089111a047ee60f6c315b620b96
https://github.com/geotools/geotools/commit/0faf1a1909d52089111a047ee60f6c315b620b96
Author: Jody Garnett <jody.g...@gmail.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)

Changed paths:
M modules/library/xml/src/main/java/org/geotools/xml/DocumentFactory.java
M modules/library/xml/src/test/java/org/geotools/xml/DocumentFactoryTest.java

Log Message:
-----------
restore dtd for WMS 1.1.1 DTD


Compare: https://github.com/geotools/geotools/compare/a481fa192414...0faf1a1909d5
Reply all
Reply to author
Forward
0 new messages