|
1 /* |
|
2 * Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 /* |
|
18 * Licensed to the Apache Software Foundation (ASF) under one or more |
|
19 * contributor license agreements. See the NOTICE file distributed with |
|
20 * this work for additional information regarding copyright ownership. |
|
21 * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
22 * (the "License"); you may not use this file except in compliance with |
|
23 * the License. You may obtain a copy of the License at |
|
24 * |
|
25 * http://www.apache.org/licenses/LICENSE-2.0 |
|
26 * |
|
27 * Unless required by applicable law or agreed to in writing, software |
|
28 * distributed under the License is distributed on an "AS IS" BASIS, |
|
29 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
30 * See the License for the specific language governing permissions and |
|
31 * limitations under the License. |
|
32 */ |
|
33 |
|
34 /* |
|
35 * $Id: SecurityManager.hpp 568078 2007-08-21 11:43:25Z amassari $ |
|
36 */ |
|
37 |
|
38 #ifndef SECURITYMANAGER_HPP |
|
39 #define SECURITYMANAGER_HPP |
|
40 |
|
41 #include <xercesc/util/XercesDefs.hpp> |
|
42 |
|
43 XERCES_CPP_NAMESPACE_BEGIN |
|
44 |
|
45 /** |
|
46 * Allow application to force the parser to behave in a security-conscious |
|
47 * way. |
|
48 * |
|
49 * <p> There are cases in which an XML- or XmL-schema- |
|
50 * conformant processor can be presented with documents the |
|
51 * processing of which can involve the consumption of |
|
52 * prohibitive amounts of system resources. Applications can |
|
53 * attach instances of this class to parsers that they've |
|
54 * created, via the |
|
55 * http://apache.org/xml/properties/security-manager property. |
|
56 * </p> |
|
57 * |
|
58 * <p> Defaults will be provided for all known security holes. |
|
59 * Setter methods will be provided on this class to ensure that |
|
60 * an application can customize each limit as it chooses. |
|
61 * Components that are vulnerable to any given hole need to be |
|
62 * written to act appropriately when an instance of this class |
|
63 * has been set on the calling parser. |
|
64 * </p> |
|
65 */ |
|
66 |
|
67 class XMLUTIL_EXPORT SecurityManager |
|
68 { |
|
69 public: |
|
70 |
|
71 enum { ENTITY_EXPANSION_LIMIT = 50000}; |
|
72 |
|
73 /** @name default Constructors */ |
|
74 //@{ |
|
75 /** Default constructor */ |
|
76 SecurityManager() |
|
77 : fEntityExpansionLimit(ENTITY_EXPANSION_LIMIT) |
|
78 { |
|
79 } |
|
80 |
|
81 /** Destructor */ |
|
82 virtual ~SecurityManager(){}; |
|
83 //@} |
|
84 |
|
85 /** @name The Security Manager */ |
|
86 //@{ |
|
87 /** |
|
88 * An application should call this method when it wishes to specify a particular |
|
89 * limit to the number of entity expansions the parser will permit in a |
|
90 * particular document. The default behaviour should allow the parser |
|
91 * to validate nearly all XML non-malicious XML documents; if an |
|
92 * application knows that it is operating in a domain where entities are |
|
93 * uncommon, for instance, it may wish to provide a limit lower than the |
|
94 * parser's default. |
|
95 * |
|
96 * @param newLimit the new entity expansion limit |
|
97 * |
|
98 */ |
|
99 virtual void setEntityExpansionLimit(unsigned int newLimit) |
|
100 { |
|
101 fEntityExpansionLimit = newLimit; |
|
102 } |
|
103 |
|
104 /** |
|
105 * Permits the application or a parser component to query the current |
|
106 * limit for entity expansions. |
|
107 * |
|
108 * @return the current setting of the entity expansion limit |
|
109 * |
|
110 */ |
|
111 virtual unsigned int getEntityExpansionLimit() const |
|
112 { |
|
113 return fEntityExpansionLimit; |
|
114 } |
|
115 //@} |
|
116 |
|
117 protected: |
|
118 unsigned int fEntityExpansionLimit; |
|
119 |
|
120 private: |
|
121 |
|
122 /* Unimplemented Constructors and operators */ |
|
123 /* Copy constructor */ |
|
124 SecurityManager(const SecurityManager&); |
|
125 |
|
126 /** Assignment operator */ |
|
127 SecurityManager& operator=(const SecurityManager&); |
|
128 }; |
|
129 |
|
130 XERCES_CPP_NAMESPACE_END |
|
131 |
|
132 #endif |