OSDN -- Open-Source-Software-Entwicklung und Downloads
Übersetzungsstatus von Deutsch translation status for de
  • R/O
  • HTTP
  • SSH
  • HTTPS
Fork

TogaGem: Commit

TogaGemは、3D動画制作ツール、MikuMikuDance(MMD)で用いられる各種データファイルを読み書きするためのJavaライブラリです。
旧TogaParserライブラリの資産は、TogaGemライブラリに吸収されました。


Commit MetaInfo

Revision4a44b5f608e5d55be6704728c4455b8013615483 (tree)
Zeit2019-06-24 00:06:06
AutorOlyutorskii <olyutorskii@user...>
CommiterOlyutorskii

Log Message

Move out xml-xsd info from resolver.

Ändern Zusammenfassung

Diff

--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -7,6 +7,7 @@ TogaGem 変更履歴
77 X.XXX.X (XXXX-XX-XX)
88 * Split entity resolver from resource resolver to prevent XXE vulnerability.
99 * Make Schema-factory safe to prevent XXE vulnerability.
10+ * Move out xml-xsd info from resolver.
1011
1112 3.121.2 (2019-06-06)
1213 ・DatatypeIo is public now, for replacing JAXB.
--- a/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java
+++ b/src/main/java/jp/sfjp/mikutoga/xml/SchemaUtil.java
@@ -30,8 +30,36 @@ import org.xml.sax.SAXNotSupportedException;
3030 */
3131 public final class SchemaUtil {
3232
33+
34+ /** XML Schema. */
35+ public static final String SCHEMA_XML =
36+ "http://www.w3.org/2001/xml.xsd";
37+
38+ /** XSD namespace. */
39+ public static final String NS_XSD =
40+ "http://www.w3.org/2001/XMLSchema-instance";
41+
42+ private static final String LOCAL_SCHEMA_XML =
43+ "resources/xmlspace.xsd";
44+
45+ private static final URI URI_XSD_ORIG;
46+ private static final URI URI_XSD_LOCAL;
47+
3348 private static final String ALLOWED_USCHEMA = "http";
3449
50+ private static final Class<?> THISCLASS = SchemaUtil.class;
51+
52+
53+ static{
54+ URL redirectRes = THISCLASS.getResource(LOCAL_SCHEMA_XML);
55+ String redirectResName = redirectRes.toString();
56+
57+ URI_XSD_ORIG = URI.create(SCHEMA_XML);
58+ URI_XSD_LOCAL = URI.create(redirectResName);
59+
60+ assert ALLOWED_USCHEMA.equalsIgnoreCase(URI_XSD_ORIG.getScheme());
61+ }
62+
3563
3664 /**
3765 * 隠しコンストラクタ。
@@ -43,6 +71,17 @@ public final class SchemaUtil {
4371
4472
4573 /**
74+ * build xml.xsd redirection info.
75+ *
76+ * @return resolver
77+ */
78+ public static XmlResourceResolver buildXmlXsdResolver(){
79+ XmlResourceResolver result = new XmlResourceResolver();
80+ result.putRedirected(URI_XSD_ORIG, URI_XSD_LOCAL);
81+ return result;
82+ }
83+
84+ /**
4685 * Build SchemaFactory for XML Schema but safety.
4786 *
4887 * <p>Includes some considerations for XXE vulnerabilities.
--- a/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java
+++ b/src/main/java/jp/sfjp/mikutoga/xml/XmlResourceResolver.java
@@ -27,21 +27,8 @@ import org.w3c.dom.ls.LSResourceResolver;
2727 public class XmlResourceResolver
2828 implements LSResourceResolver{
2929
30- /** XML Schema. */
31- public static final String SCHEMA_XML =
32- "http://www.w3.org/2001/xml.xsd";
33-
34- /** XSD名前空間。 */
35- public static final String NS_XSD =
36- "http://www.w3.org/2001/XMLSchema-instance";
37-
38- private static final String LOCAL_SCHEMA_XML =
39- "resources/xmlspace.xsd";
40-
4130 private static final URI EMPTY_URI = URI.create("");
4231
43- private static final Class<?> THISCLASS = XmlResourceResolver.class;
44-
4532
4633 private final Map<URI, URI> uriMap;
4734
@@ -52,21 +39,11 @@ public class XmlResourceResolver
5239 public XmlResourceResolver(){
5340 super();
5441
55- assert this.getClass().equals(THISCLASS);
56-
5742 Map<URI, URI> map;
5843 map = new HashMap<>();
5944 map = Collections.synchronizedMap(map);
6045 this.uriMap = map;
6146
62- URL redirectRes = THISCLASS.getResource(LOCAL_SCHEMA_XML);
63- String redirectResName = redirectRes.toString();
64-
65- URI originalURI = URI.create(SCHEMA_XML);
66- URI redirectURI = URI.create(redirectResName);
67-
68- putRedirectedImpl(originalURI, redirectURI);
69-
7047 return;
7148 }
7249
Show on old repository browser