Browse Source

Merge pull request #2238 in CORE/base-third from feature/10.0 to feature/x

* commit '8ab7742594e48561a5581835382ac4ba60811794':
  DEC-17989 itext XXE安全漏洞修复,参考 930a1c81f8
research/11.0
superman 4 years ago
parent
commit
4664c48cdd
  1. 18
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java
  2. 2
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java
  3. 2
      fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java
  4. 18
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java
  5. 2
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java
  6. 2
      fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java

18
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/SafeEmptyEntityResolver.java

@ -0,0 +1,18 @@
package com.fr.third.com.lowagie.text;
import java.io.IOException;
import java.io.StringReader;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
/**
* @author Hugh.C
* @version 1.0
* Created by Hugh.C on 2021/4/26
*/
public class SafeEmptyEntityResolver implements EntityResolver {
public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
}

2
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/pdf/XfaForm.java

@ -49,6 +49,7 @@
package com.fr.third.com.lowagie.text.pdf; package com.fr.third.com.lowagie.text.pdf;
import com.fr.third.com.lowagie.text.SafeEmptyEntityResolver;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -140,6 +141,7 @@ public class XfaForm {
DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance();
fact.setNamespaceAware(true); fact.setNamespaceAware(true);
DocumentBuilder db = fact.newDocumentBuilder(); DocumentBuilder db = fact.newDocumentBuilder();
db.setEntityResolver(new SafeEmptyEntityResolver());
domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray())); domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray()));
extractNodes(); extractNodes();
} }

2
fine-itext-old/src/main/java/com/fr/third/com/lowagie/text/xml/xmp/XmpReader.java

@ -46,6 +46,7 @@
*/ */
package com.fr.third.com.lowagie.text.xml.xmp; package com.fr.third.com.lowagie.text.xml.xmp;
import com.fr.third.com.lowagie.text.SafeEmptyEntityResolver;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -85,6 +86,7 @@ public class XmpReader {
DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance();
fact.setNamespaceAware(true); fact.setNamespaceAware(true);
DocumentBuilder db = fact.newDocumentBuilder(); DocumentBuilder db = fact.newDocumentBuilder();
db.setEntityResolver(new SafeEmptyEntityResolver());
ByteArrayInputStream bais = new ByteArrayInputStream(bytes); ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
domDocument = db.parse(bais); domDocument = db.parse(bais);
} catch (ParserConfigurationException e) { } catch (ParserConfigurationException e) {

18
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/SafeEmptyEntityResolver.java

@ -0,0 +1,18 @@
package com.fr.third.v2.lowagie.text;
import java.io.IOException;
import java.io.StringReader;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
/**
* @author Hugh.C
* @version 1.0
* Created by Hugh.C on 2021/4/26
*/
public class SafeEmptyEntityResolver implements EntityResolver {
public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
return new InputSource(new StringReader(""));
}
}

2
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/pdf/XfaForm.java

@ -49,6 +49,7 @@
package com.fr.third.v2.lowagie.text.pdf; package com.fr.third.v2.lowagie.text.pdf;
import com.fr.third.v2.lowagie.text.SafeEmptyEntityResolver;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -140,6 +141,7 @@ public class XfaForm {
DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance();
fact.setNamespaceAware(true); fact.setNamespaceAware(true);
DocumentBuilder db = fact.newDocumentBuilder(); DocumentBuilder db = fact.newDocumentBuilder();
db.setEntityResolver(new SafeEmptyEntityResolver());
domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray())); domDocument = db.parse(new ByteArrayInputStream(bout.toByteArray()));
extractNodes(); extractNodes();
} }

2
fine-itext/src/main/java/com/fr/third/v2/lowagie/text/xml/xmp/XmpReader.java

@ -46,6 +46,7 @@
*/ */
package com.fr.third.v2.lowagie.text.xml.xmp; package com.fr.third.v2.lowagie.text.xml.xmp;
import com.fr.third.v2.lowagie.text.SafeEmptyEntityResolver;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
@ -85,6 +86,7 @@ public class XmpReader {
DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance();
fact.setNamespaceAware(true); fact.setNamespaceAware(true);
DocumentBuilder db = fact.newDocumentBuilder(); DocumentBuilder db = fact.newDocumentBuilder();
db.setEntityResolver(new SafeEmptyEntityResolver());
ByteArrayInputStream bais = new ByteArrayInputStream(bytes); ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
domDocument = db.parse(bais); domDocument = db.parse(bais);
} catch (ParserConfigurationException e) { } catch (ParserConfigurationException e) {

Loading…
Cancel
Save