- /*
- * The Apache Software License, Version 1.1
- *
- *
- * Copyright (c) 2003 The Apache Software Foundation.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Xerces" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation and was
- * originally based on software copyright (c) 1999, International
- * Business Machines, Inc., http://www.apache.org. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- */
-
- package com.sun.org.apache.xerces.internal.util;
- import com.sun.org.apache.xerces.internal.impl.Constants;
- /**
- * This class is a container for parser settings that relate to
- * security, or more specifically, it is intended to be used to prevent denial-of-service
- * attacks from being launched against a system running Xerces.
- * Any component that is aware of a denial-of-service attack that can arise
- * from its processing of a certain kind of document may query its Component Manager
- * for the property (http://apache.org/xml/properties/security-manager)
- * whose value will be an instance of this class.
- * If no value has been set for the property, the component should proceed in the "usual" (spec-compliant)
- * manner. If a value has been set, then it must be the case that the component in
- * question needs to know what method of this class to query. This class
- * will provide defaults for all known security issues, but will also provide
- * setters so that those values can be tailored by applications that care.
- *
- * @author Neil Graham, IBM
- *
- * @version $Id: SecurityManager.java,v 1.5 2004/03/23 01:23:41 mrglavas Exp $
- */
- public final class SecurityManager {
-
- //
- // Constants
- //
-
- // default value for entity expansion limit
- private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 64000;
-
- /** Default value of number of nodes created. **/
- private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 3000;
-
- //
- // Data
- //
-
- private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000;
-
- /** Entity expansion limit. **/
- private int entityExpansionLimit;
-
- /** W3C XML Schema maxOccurs limit. **/
- private int maxOccurLimit;
-
- private int fElementAttributeLimit;
- // default constructor. Establishes default values for
- // all known security holes.
- /**
- * Default constructor. Establishes default values
- * for known security vulnerabilities.
- */
- public SecurityManager() {
- entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
- maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ;
- fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
- //We are reading system properties only once ,
- //at the time of creation of this object ,
- readSystemProperties();
- }
-
- /**
- * <p>Sets the number of entity expansions that the
- * parser should permit in a document.</p>
- *
- * @param limit the number of entity expansions
- * permitted in a document
- */
- public void setEntityExpansionLimit(int limit) {
- entityExpansionLimit = limit;
- }
-
- /**
- * <p>Returns the number of entity expansions
- * that the parser permits in a document.</p>
- *
- * @return the number of entity expansions
- * permitted in a document
- */
- public int getEntityExpansionLimit() {
- return entityExpansionLimit;
- }
-
- /**
- * <p>Sets the limit of the number of content model nodes
- * that may be created when building a grammar for a W3C
- * XML Schema that contains maxOccurs attributes with values
- * other than "unbounded".</p>
- *
- * @param limit the maximum value for maxOccurs other
- * than "unbounded"
- */
- public void setMaxOccurNodeLimit(int limit){
- maxOccurLimit = limit;
- }
-
- /**
- * <p>Returns the limit of the number of content model nodes
- * that may be created when building a grammar for a W3C
- * XML Schema that contains maxOccurs attributes with values
- * other than "unbounded".</p>
- *
- * @return the maximum value for maxOccurs other
- * than "unbounded"
- */
- public int getMaxOccurNodeLimit(){
- return maxOccurLimit;
- }
-
- public int getElementAttrLimit(){
- return fElementAttributeLimit;
- }
-
- public void setElementAttrLimit(int limit){
- fElementAttributeLimit = limit;
- }
-
- private void readSystemProperties(){
-
- //TODO: also read SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT
- try {
- String value = System.getProperty(Constants.ENTITY_EXPANSION_LIMIT);
- if(value != null && !value.equals("")){
- entityExpansionLimit = Integer.parseInt(value);
- if (entityExpansionLimit < 0)
- entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
- }
- else
- entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT;
- }catch(Exception ex){}
-
- try {
- String value = System.getProperty(Constants.MAX_OCCUR_LIMIT);
- if(value != null && !value.equals("")){
- maxOccurLimit = Integer.parseInt(value);
- if (maxOccurLimit < 0)
- maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
- }
- else
- maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT;
- }catch(Exception ex){}
-
- try {
- String value = System.getProperty(Constants.SYSTEM_PROPERTY_ELEMENT_ATTRIBUTE_LIMIT);
- if(value != null && !value.equals("")){
- fElementAttributeLimit = Integer.parseInt(value);
- if ( fElementAttributeLimit < 0)
- fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
- }
- else
- fElementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT;
-
- }catch(Exception ex){}
-
- }
-
- } // class SecurityManager
-