Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8273

Remove static methods from StaxUtils to restrict XML level/count

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.4.0
    • Component/s: None
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      This task is to remove static methods from StaxUtils to restrict XML level/count:

       

      -    public static void setInnerElementLevelThreshold(int i) {
      -        innerElementLevelThreshold = i != -1 ? i : 500;
      -        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
      -    }
      -    public static void setInnerElementCountThreshold(int i) {
      -        innerElementCountThreshold = i != -1 ? i : 50000;
      -        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
      -    }
      

      These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.

       

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              coheigea Colm O hEigeartaigh
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: