1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package com.sun.org.apache.xerces.internal.utils;
27
28 import com.sun.org.apache.xerces.internal.impl.Constants;
29 import com.sun.org.apache.xerces.internal.util.SecurityManager;
30 import java.util.concurrent.CopyOnWriteArrayList;
31 import org.xml.sax.SAXException;
32
33 /**
34 * This class manages standard and implementation-specific limitations.
35 *
36 */
37 public final class XMLSecurityManager {
38
39 /**
40 * States of the settings of a property, in the order: default value, value
41 * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system
42 * properties, and jaxp api properties
43 */
44 public static enum State {
45 //this order reflects the overriding order
46
47 DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"),
48 JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"),
49 APIPROPERTY("property");
50
51 final String literal;
52 State(String literal) {
53 this.literal = literal;
54 }
55
56 String literal() {
57 return literal;
58 }
59 }
60
61 /**
62 * Limits managed by the security manager
63 */
64 public static enum Limit {
65
66 ENTITY_EXPANSION_LIMIT("EntityExpansionLimit",
67 Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000),
68 MAX_OCCUR_NODE_LIMIT("MaxOccurLimit",
69 Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000),
70 ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit",
71 Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000),
72 TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit",
73 Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000),
74 GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
75 Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0),
76 PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit",
77 Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000),
78 MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit",
79 Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0),
80 MAX_NAME_LIMIT("MaxXMLNameLimit",
81 Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000);
82
83 final String key;
84 final String apiProperty;
85 final String systemProperty;
86 final int defaultValue;
87 final int secureValue;
88
89 Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) {
90 this.key = key;
91 this.apiProperty = apiProperty;
92 this.systemProperty = systemProperty;
93 this.defaultValue = value;
94 this.secureValue = secureValue;
95 }
96
97 public boolean equalsAPIPropertyName(String propertyName) {
98 return (propertyName == null) ? false : apiProperty.equals(propertyName);
99 }
100
101 public boolean equalsSystemPropertyName(String propertyName) {
102 return (propertyName == null) ? false : systemProperty.equals(propertyName);
103 }
104
105 public String key() {
106 return key;
107 }
108
109 public String apiProperty() {
110 return apiProperty;
111 }
112
113 String systemProperty() {
114 return systemProperty;
115 }
116
117 public int defaultValue() {
118 return defaultValue;
119 }
120
121 int secureValue() {
122 return secureValue;
123 }
124 }
125
126 /**
127 * Map old property names with the new ones
128 */
129 public static enum NameMap {
130
131 ENTITY_EXPANSION_LIMIT(Constants.SP_ENTITY_EXPANSION_LIMIT, Constants.ENTITY_EXPANSION_LIMIT),
132 MAX_OCCUR_NODE_LIMIT(Constants.SP_MAX_OCCUR_LIMIT, Constants.MAX_OCCUR_LIMIT),
133 ELEMENT_ATTRIBUTE_LIMIT(Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, Constants.ELEMENT_ATTRIBUTE_LIMIT);
134 final String newName;
135 final String oldName;
136
137 NameMap(String newName, String oldName) {
138 this.newName = newName;
139 this.oldName = oldName;
140 }
141
142 String getOldName(String newName) {
143 if (newName.equals(this.newName)) {
144 return oldName;
145 }
146 return null;
147 }
148 }
149 private static final int NO_LIMIT = 0;
150 /**
151 * Values of the properties
152 */
153 private final int[] values;
154 /**
155 * States of the settings for each property
156 */
157 private State[] states;
158 /**
159 * Flag indicating if secure processing is set
160 */
161 boolean secureProcessing;
162
163 /**
164 * States that determine if properties are set explicitly
165 */
166 private boolean[] isSet;
167
168
169 /**
170 * Index of the special entityCountInfo property
171 */
172 private final int indexEntityCountInfo = 10000;
173 private String printEntityCountInfo = "";
174
175 /**
176 * Default constructor. Establishes default values for known security
177 * vulnerabilities.
178 */
179 public XMLSecurityManager() {
180 this(false);
181 }
182
183 /**
184 * Instantiate Security Manager in accordance with the status of
185 * secure processing
186 * @param secureProcessing
187 */
188 public XMLSecurityManager(boolean secureProcessing) {
189 values = new int[Limit.values().length];
190 states = new State[Limit.values().length];
191 isSet = new boolean[Limit.values().length];
192 this.secureProcessing = secureProcessing;
193 for (Limit limit : Limit.values()) {
194 if (secureProcessing) {
195 values[limit.ordinal()] = limit.secureValue;
196 states[limit.ordinal()] = State.FSP;
197 } else {
198 values[limit.ordinal()] = limit.defaultValue();
199 states[limit.ordinal()] = State.DEFAULT;
200 }
201 }
202 //read system properties or jaxp.properties
203 readSystemProperties();
204 }
205
206 /**
207 * Setting FEATURE_SECURE_PROCESSING explicitly
208 */
209 public void setSecureProcessing(boolean secure) {
210 secureProcessing = secure;
211 for (Limit limit : Limit.values()) {
212 if (secure) {
213 setLimit(limit.ordinal(), State.FSP, limit.secureValue());
214 } else {
215 setLimit(limit.ordinal(), State.FSP, limit.defaultValue());
216 }
217 }
218 }
219
220 /**
221 * Return the state of secure processing
222 * @return the state of secure processing
223 */
224 public boolean isSecureProcessing() {
225 return secureProcessing;
226 }
227
228
229 /**
230 * Set limit by property name and state
231 * @param propertyName property name
232 * @param state the state of the property
233 * @param value the value of the property
234 * @return true if the property is managed by the security manager; false
235 * if otherwise.
236 */
237 public boolean setLimit(String propertyName, State state, Object value) {
238 int index = getIndex(propertyName);
239 if (index > -1) {
240 setLimit(index, state, value);
241 return true;
242 }
243 return false;
244 }
245
246 /**
247 * Set the value for a specific limit.
248 *
249 * @param limit the limit
250 * @param state the state of the property
251 * @param value the value of the property
252 */
253 public void setLimit(Limit limit, State state, int value) {
254 setLimit(limit.ordinal(), state, value);
255 }
256
257 /**
258 * Set the value of a property by its index
259 *
260 * @param index the index of the property
261 * @param state the state of the property
262 * @param value the value of the property
263 */
264 public void setLimit(int index, State state, Object value) {
265 if (index == indexEntityCountInfo) {
266 printEntityCountInfo = (String)value;
267 } else {
268 int temp;
269 if (Integer.class.isAssignableFrom(value.getClass())) {
270 temp = ((Integer)value).intValue();
271 } else {
272 temp = Integer.parseInt((String) value);
273 if (temp < 0) {
274 temp = 0;
275 }
276 }
277 setLimit(index, state, temp);
278 }
279 }
280
281 /**
282 * Set the value of a property by its index
283 *
284 * @param index the index of the property
285 * @param state the state of the property
286 * @param value the value of the property
287 */
288 public void setLimit(int index, State state, int value) {
289 if (index == indexEntityCountInfo) {
290 //if it's explicitly set, it's treated as yes no matter the value
291 printEntityCountInfo = Constants.JDK_YES;
292 } else {
293 //only update if it shall override
294 if (state.compareTo(states[index]) >= 0) {
295 values[index] = value;
296 states[index] = state;
297 isSet[index] = true;
298 }
299 }
300 }
301
302 /**
303 * Return the value of the specified property
304 *
305 * @param propertyName the property name
306 * @return the value of the property as a string. If a property is managed
307 * by this manager, its value shall not be null.
308 */
309 public String getLimitAsString(String propertyName) {
310 int index = getIndex(propertyName);
311 if (index > -1) {
312 return getLimitValueByIndex(index);
313 }
314
315 return null;
316 }
317 /**
318 * Return the value of the specified property
319 *
320 * @param limit the property
321 * @return the value of the property
322 */
323 public int getLimit(Limit limit) {
324 return values[limit.ordinal()];
325 }
326
327 /**
328 * Return the value of a property by its ordinal
329 *
330 * @param limit the property
331 * @return value of a property
332 */
333 public String getLimitValueAsString(Limit limit) {
334 return Integer.toString(values[limit.ordinal()]);
335 }
336
337 /**
338 * Return the value of a property by its ordinal
339 *
340 * @param index the index of a property
341 * @return limit of a property as a string
342 */
343 public String getLimitValueByIndex(int index) {
344 if (index == indexEntityCountInfo) {
345 return printEntityCountInfo;
346 }
347
348 return Integer.toString(values[index]);
349 }
350
351 /**
352 * Return the state of the limit property
353 *
354 * @param limit the limit
355 * @return the state of the limit property
356 */
357 public State getState(Limit limit) {
358 return states[limit.ordinal()];
359 }
360
361 /**
362 * Return the state of the limit property
363 *
364 * @param limit the limit
365 * @return the state of the limit property
366 */
367 public String getStateLiteral(Limit limit) {
368 return states[limit.ordinal()].literal();
369 }
370
371 /**
372 * Get the index by property name
373 *
374 * @param propertyName property name
375 * @return the index of the property if found; return -1 if not
376 */
377 public int getIndex(String propertyName) {
378 for (Limit limit : Limit.values()) {
379 if (limit.equalsAPIPropertyName(propertyName)) {
380 //internally, ordinal is used as index
381 return limit.ordinal();
382 }
383 }
384 //special property to return entity count info
385 if (propertyName.equals(Constants.JDK_ENTITY_COUNT_INFO)) {
386 return indexEntityCountInfo;
387 }
388 return -1;
389 }
390
391 /**
392 * Check if there's no limit defined by the Security Manager
393 * @param limit
394 * @return
395 */
396 public boolean isNoLimit(int limit) {
397 return limit==NO_LIMIT;
398 }
399 /**
400 * Check if the size (length or count) of the specified limit property is
401 * over the limit
402 *
403 * @param limit the type of the limit property
404 * @param entityName the name of the entity
405 * @param size the size (count or length) of the entity
406 * @return true if the size is over the limit, false otherwise
407 */
408 public boolean isOverLimit(Limit limit, String entityName, int size,
409 XMLLimitAnalyzer limitAnalyzer) {
410 return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer);
411 }
412
413 /**
414 * Check if the value (length or count) of the specified limit property is
415 * over the limit
416 *
417 * @param index the index of the limit property
418 * @param entityName the name of the entity
419 * @param size the size (count or length) of the entity
420 * @return true if the size is over the limit, false otherwise
421 */
422 public boolean isOverLimit(int index, String entityName, int size,
423 XMLLimitAnalyzer limitAnalyzer) {
424 if (values[index] == NO_LIMIT) {
425 return false;
426 }
427 if (size > values[index]) {
428 limitAnalyzer.addValue(index, entityName, size);
429 return true;
430 }
431 return false;
432 }
433
434 /**
435 * Check against cumulated value
436 *
437 * @param limit the type of the limit property
438 * @param size the size (count or length) of the entity
439 * @return true if the size is over the limit, false otherwise
440 */
441 public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) {
442 return isOverLimit(limit.ordinal(), limitAnalyzer);
443 }
444
445 public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) {
446 if (values[index] == NO_LIMIT) {
447 return false;
448 }
449
450 if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() ||
451 index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() ||
452 index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() ||
453 index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() ||
454 index == Limit.MAX_NAME_LIMIT.ordinal()
455 ) {
456 return (limitAnalyzer.getTotalValue(index) > values[index]);
457 } else {
458 return (limitAnalyzer.getValue(index) > values[index]);
459 }
460 }
461
462 public void debugPrint(XMLLimitAnalyzer limitAnalyzer) {
463 if (printEntityCountInfo.equals(Constants.JDK_YES)) {
464 limitAnalyzer.debugPrint(this);
465 }
466 }
467
468
469 /**
470 * Indicate if a property is set explicitly
471 * @param index
472 * @return
473 */
474 public boolean isSet(int index) {
475 return isSet[index];
476 }
477
478 public boolean printEntityCountInfo() {
479 return printEntityCountInfo.equals(Constants.JDK_YES);
480 }
481
482 /**
483 * Read from system properties, or those in jaxp.properties
484 */
485 private void readSystemProperties() {
486
487 for (Limit limit : Limit.values()) {
488 if (!getSystemProperty(limit, limit.systemProperty())) {
489 //if system property is not found, try the older form if any
490 for (NameMap nameMap : NameMap.values()) {
491 String oldName = nameMap.getOldName(limit.systemProperty());
492 if (oldName != null) {
493 getSystemProperty(limit, oldName);
494 }
495 }
496 }
497 }
498
499 }
500
501 // Array list to store printed warnings for each SAX parser used
502 private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>();
503
504 /**
505 * Prints out warnings if a parser does not support the specified feature/property.
506 *
507 * @param parserClassName the name of the parser class
508 * @param propertyName the property name
509 * @param exception the exception thrown by the parser
510 */
511 public static void printWarning(String parserClassName, String propertyName, SAXException exception) {
512 String key = parserClassName+":"+propertyName;
513 if (printedWarnings.addIfAbsent(key)) {
514 System.err.println( "Warning: "+parserClassName+": "+exception.getMessage());
515 }
516 }
517
518 /**
519 * Read from system properties, or those in jaxp.properties
520 *
521 * @param property the type of the property
522 * @param sysPropertyName the name of system property
523 */
524 private boolean getSystemProperty(Limit limit, String sysPropertyName) {
525 try {
526 String value = SecuritySupport.getSystemProperty(sysPropertyName);
527 if (value != null && !value.equals("")) {
528 values[limit.ordinal()] = Integer.parseInt(value);
529 states[limit.ordinal()] = State.SYSTEMPROPERTY;
530 return true;
531 }
532
533 value = SecuritySupport.readJAXPProperty(sysPropertyName);
534 if (value != null && !value.equals("")) {
535 values[limit.ordinal()] = Integer.parseInt(value);
536 states[limit.ordinal()] = State.JAXPDOTPROPERTIES;
537 return true;
538 }
539 } catch (NumberFormatException e) {
540 //invalid setting
541 throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty());
542 }
543 return false;
544 }
545
546
547 /**
548 * Convert a value set through setProperty to XMLSecurityManager.
549 * If the value is an instance of XMLSecurityManager, use it to override the default;
550 * If the value is an old SecurityManager, convert to the new XMLSecurityManager.
551 *
552 * @param value user specified security manager
553 * @param securityManager an instance of XMLSecurityManager
554 * @return an instance of the new security manager XMLSecurityManager
555 */
556 static public XMLSecurityManager convert(Object value, XMLSecurityManager securityManager) {
557 if (value == null) {
558 if (securityManager == null) {
559 securityManager = new XMLSecurityManager(true);
560 }
561 return securityManager;
562 }
563 if (XMLSecurityManager.class.isAssignableFrom(value.getClass())) {
564 return (XMLSecurityManager)value;
565 } else {
566 if (securityManager == null) {
567 securityManager = new XMLSecurityManager(true);
568 }
569 if (SecurityManager.class.isAssignableFrom(value.getClass())) {
570 SecurityManager origSM = (SecurityManager)value;
571 securityManager.setLimit(Limit.MAX_OCCUR_NODE_LIMIT, State.APIPROPERTY, origSM.getMaxOccurNodeLimit());
572 securityManager.setLimit(Limit.ENTITY_EXPANSION_LIMIT, State.APIPROPERTY, origSM.getEntityExpansionLimit());
573 securityManager.setLimit(Limit.ELEMENT_ATTRIBUTE_LIMIT, State.APIPROPERTY, origSM.getElementAttrLimit());
574 }
575 return securityManager;
576 }
577 }
578 }