From 821e306fd1ea990a7988a08230d45f56ed4b7c82 Mon Sep 17 00:00:00 2001 From: egan Date: Thu, 5 Jul 2018 15:19:06 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DXML=E5=A4=96=E9=83=A8?= =?UTF-8?q?=E5=AE=9E=E4=BD=93=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E(XML=20Ex?= =?UTF-8?q?ternal=20Entity=20Injection=EF=BC=8C=E7=AE=80=E7=A7=B0=20XXE)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/egzosn/pay/common/util/XML.java | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/pay-java-common/src/main/java/com/egzosn/pay/common/util/XML.java b/pay-java-common/src/main/java/com/egzosn/pay/common/util/XML.java index d444aa8..c4e118d 100644 --- a/pay-java-common/src/main/java/com/egzosn/pay/common/util/XML.java +++ b/pay-java-common/src/main/java/com/egzosn/pay/common/util/XML.java @@ -6,9 +6,11 @@ import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.egzosn.pay.common.bean.result.PayException; import com.egzosn.pay.common.exception.PayErrorException; +import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -137,6 +139,23 @@ public class XML { return json; } + public static DocumentBuilder newDocumentBuilder() throws ParserConfigurationException { + DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + documentBuilderFactory.setFeature("http://xml.org/sax/features/external-general-entities", false); + documentBuilderFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + documentBuilderFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + documentBuilderFactory.setXIncludeAware(false); + documentBuilderFactory.setExpandEntityReferences(false); + + return documentBuilderFactory.newDocumentBuilder(); + } + + public static Document newDocument() throws ParserConfigurationException { + return newDocumentBuilder().newDocument(); + } + /*** * xml 解析成对应的对象 * @param in 输入流 @@ -147,8 +166,8 @@ public class XML { */ public static T inputStream2Bean(InputStream in, Class clazz) throws IOException { try { - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); + + DocumentBuilder documentBuilder = newDocumentBuilder(); org.w3c.dom.Document doc = documentBuilder.parse(in); doc.getDocumentElement().normalize(); NodeList children = doc.getDocumentElement().getChildNodes(); @@ -174,8 +193,7 @@ public class XML { m = new JSONObject(); } try { - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); + DocumentBuilder documentBuilder = newDocumentBuilder();; org.w3c.dom.Document doc = documentBuilder.parse(in); doc.getDocumentElement().normalize(); NodeList children = doc.getDocumentElement().getChildNodes(); @@ -206,14 +224,14 @@ public class XML { * @return XML格式的字符串 */ public static String getMap2Xml(Map data) { - DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder documentBuilder = null; + + + Document document = null; try { - documentBuilder = documentBuilderFactory.newDocumentBuilder(); + document = newDocument(); } catch (ParserConfigurationException e) { e.printStackTrace(); } - org.w3c.dom.Document document = documentBuilder.newDocument(); org.w3c.dom.Element root = document.createElement("xml"); document.appendChild(root); for (String key : data.keySet()) {