aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-04-01 13:34:52 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-04-01 13:34:52 +0200
commitb9dbd4eed6cb0615a883de2e871e849fb32f1258 (patch)
tree04039923afae7631385640a2d564168bc3071846
parent4645963011550f50dd1a40186d5896b468f010d1 (diff)
downloadmoa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.gz
moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.tar.bz2
moa-id-spss-b9dbd4eed6cb0615a883de2e871e849fb32f1258.zip
update Axis to axis-1.0_IAIK_1.1.jar
- solve problems with possible XML External Entity (XXE) attacks - DocType Declarations are not allowed in axis-1.0_IAIK_1.1.jar
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java5
-rw-r--r--pom.xml2
-rw-r--r--repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jarbin0 -> 1095327 bytes
-rw-r--r--repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom7
4 files changed, 13 insertions, 1 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 102d3a31f..2b816ed4c 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -115,6 +115,8 @@ public class DOMUtils {
private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
"http://xml.org/sax/features/external-parameter-entities";
+ private static final String DISALLOW_DOCTYPE_FEATURE =
+ "http://apache.org/xml/features/disallow-doctype-decl";
@@ -514,6 +516,9 @@ public class DOMUtils {
parser.setFeature(NAMESPACES_FEATURE, true);
parser.setFeature(VALIDATION_FEATURE, true);
parser.setFeature(SCHEMA_VALIDATION_FEATURE, true);
+ parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+ parser.setFeature(DISALLOW_DOCTYPE_FEATURE, true);
+
if (externalSchemaLocations != null) {
parser.setProperty(
diff --git a/pom.xml b/pom.xml
index b8e1bc1df..90284c712 100644
--- a/pom.xml
+++ b/pom.xml
@@ -112,7 +112,7 @@
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
- <version>1.0_IAIK</version>
+ <version>1.0_IAIK_1.1</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar
new file mode 100644
index 000000000..7aefe85c1
--- /dev/null
+++ b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.jar
Binary files differ
diff --git a/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom
new file mode 100644
index 000000000..5aa7bc508
--- /dev/null
+++ b/repository/axis/axis/1.0_IAIK_1.1/axis-1.0_IAIK_1.1.pom
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?><project>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>axis</groupId>
+ <artifactId>axis</artifactId>
+ <version>1.0_IAIK_1.1</version>
+ <description>AXIS 1.0 patched(1.1) (XXE attacks)</description>
+</project>