[CXF-8273] Remove static methods from StaxUtils to restrict XML level/count - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.4.0
Component/s: None
Labels:
None

Estimated Complexity:
Unknown

Description

This task is to remove static methods from StaxUtils to restrict XML level/count:

-    public static void setInnerElementLevelThreshold(int i) {
-        innerElementLevelThreshold = i != -1 ? i : 500;
-        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxElementDepth", innerElementLevelThreshold);
-    }
-    public static void setInnerElementCountThreshold(int i) {
-        innerElementCountThreshold = i != -1 ? i : 50000;
-        setProperty(SAFE_INPUT_FACTORY, "com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold);
-    }

These methods are problematic as they only set the property on the SAFE_INPUT_FACTORY and not on any of the instances that might already be stored in the NS_AWARE_INPUT_FACTORY_POOL. Instead, set the system properties to customize how we restrict XML.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Colm O hEigeartaigh

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 29/Apr/20 13:40

Updated:: 22/Dec/21 20:43

Resolved:: 29/Apr/20 15:18