public final class DocumentBuilderFactoryUtil extends Object
Modifier and Type | Method and Description |
---|---|
static void |
configureSecureTransformerFactory(TransformerFactory transformerFactory)
Configures a given
TransformerFactory with security features turned on. |
static void |
configureSecurity(DocumentBuilderFactory documentBuilderFactory)
Configures a given DocumentBuilderFactory with security features turned on.
|
static Map<String,Boolean> |
getSecureDocumentBuilderFeatures()
Build the default set of parser features to use.
|
static Map<String,String> |
getSecureTransformerFactoryFeatures()
Build the default set of parser features to use to protect a Java
TransformerFactory from XXE. |
static byte[] |
marshall(Node node,
boolean omitXMLDeclaration)
This method performs marshal on
node and returns it in a byte array. |
static Document |
newDocument() |
static DocumentBuilderFactory |
newSecureDocumentBuilderFactory()
Returns a new DocumentBuilderFactory instance already set up with security features turned on.
|
static TransformerFactory |
newSecureTransformerFactory()
Returns a new
TransformerFactory instance already set up with security features turned on. |
static Document |
parse(byte[] xmlBytes) |
static Document |
parse(InputStream xmlInputStream) |
static Document |
parse(String xmlString) |
static String |
toString(Node node) |
public static void configureSecurity(@Nonnull DocumentBuilderFactory documentBuilderFactory) throws ParserConfigurationException
documentBuilderFactory
- the instance to configureParserConfigurationException
- if one of the features is not supported@Nonnull public static Map<String,Boolean> getSecureDocumentBuilderFeatures()
XMLConstants.FEATURE_SECURE_PROCESSING
= true@Nonnull public static byte[] marshall(@Nonnull Node node, boolean omitXMLDeclaration) throws TransformerException
node
and returns it in a byte array.
Note that it does not protect against XXE. If necessary it should be done the node
before.
node
- the object to marshallomitXMLDeclaration
- the flag to omit XML DeclarationTransformerException
- When it is not
possible to create a Transformer
instance.@Nonnull public static Document newDocument() throws ParserConfigurationException
ParserConfigurationException
@Nonnull public static DocumentBuilderFactory newSecureDocumentBuilderFactory() throws ParserConfigurationException
ParserConfigurationException
- if an instance could not be createdpublic static TransformerFactory newSecureTransformerFactory()
TransformerFactory
instance already set up with security features turned on.TransformerFactory
instance already set up with security features turned on.public static void configureSecureTransformerFactory(@Nonnull TransformerFactory transformerFactory)
TransformerFactory
with security features turned on.transformerFactory
- the instance to configure@Nonnull public static Map<String,String> getSecureTransformerFactoryFeatures()
TransformerFactory
from XXE.
See https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet for more details.
The default features set are: @Nonnull public static Document parse(@Nonnull InputStream xmlInputStream) throws IOException, SAXException, ParserConfigurationException
@Nonnull public static Document parse(@Nonnull byte[] xmlBytes) throws IOException, SAXException, ParserConfigurationException
@Nonnull public static Document parse(@Nonnull String xmlString) throws IOException, SAXException, ParserConfigurationException
@Nonnull public static String toString(@Nonnull Node node) throws TransformerException
TransformerException
Copyright © 2020. All Rights Reserved.