Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Parsing xxe-test\src\main\resources\test.xml
setDocumentLocator com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser$LocatorProxy@783f472b
startDocument
fatal org.xml.sax.SAXParseException; systemId: file:xxe-test/src/main/resources/test.xml; lineNumber: 2; columnNumber: 10; DOCTYPE is disallowed when the feature "http://apache.org/xml/features/disallow-doctype-decl" set to true.
startElement <,,log4j:configuration>
data "\n "
startElement <,,test>
endElement </test>
data "\n "
startElement <,,test2>
data "&"
endElement </test2>
data "\n "
startElement <,,test3>
data "int-resolved" << ----------
endElement </test3>
data "\n"
endElement </log4j:configuration>
endDocument
Done.
package net.eckenfels.test.xxe;
import java.io.File;
import java.io.IOException;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
import org.xml.sax.DTDHandler;
import org.xml.sax.EntityResolver;
import org.xml.sax.ErrorHandler;
import org.xml.sax.InputSource;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.XMLReaderFactory;
public class ReaderTests
{
static class Handler implements ContentHandler, DTDHandler, EntityResolver, ErrorHandler
{
public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException
{
System.out.println("resolveEntity " + publicId + "," + systemId);
return null;
}
public void notationDecl(String name, String publicId, String systemId) throws SAXException
{
System.out.println("notationDecl " + name + "," + publicId + "," + systemId);
}
public void unparsedEntityDecl(String name, String publicId, String systemId, String notationName) throws SAXException
{
System.out.println("unparsedEntityDecl " + name + "," + publicId + "," + systemId + "," + notationName);
}
public void setDocumentLocator(Locator locator)
{
System.out.println("setDocumentLocator " + locator);
}
public void startDocument() throws SAXException
{
System.out.println("startDocument");
}
public void endDocument() throws SAXException
{
System.out.println("endDocument");
}
public void startPrefixMapping(String prefix, String uri) throws SAXException
{
System.out.println("startPrefixMapping " + prefix + "," + uri);
}
public void endPrefixMapping(String prefix) throws SAXException
{
System.out.println("endPrefixMapping " + prefix);
}
public void startElement(String uri, String localName, String qName, Attributes atts) throws SAXException
{
System.out.println("startElement <" + uri + "," + localName + "," + qName + ">");
}
public void endElement(String uri, String localName, String qName) throws SAXException
{
System.out.println("endElement </" + qName + ">");
}
public void characters(char[] ch, int start, int length) throws SAXException
{
String d = String.valueOf(ch,start,length).replace("\n", "\\n").replace("\r", "\\r");
System.out.println(" data \"" + d +"\"");
}
public void ignorableWhitespace(char[] ch, int start, int length) throws SAXException
{
System.out.print(" ");
}
public void processingInstruction(String target, String data) throws SAXException
{
System.out.print("!");
}
public void skippedEntity(String name) throws SAXException
{
System.out.println("skippedEntity " + name);
}
public void warning(SAXParseException exception) throws SAXException
{
System.err.println("warn " + exception);
}
public void error(SAXParseException exception) throws SAXException
{
System.err.println("error " + exception);
}
public void fatalError(SAXParseException exception) throws SAXException
{
System.err.println("fatal " + exception);
}
}
public static void main(String[] args) throws SAXException, IOException
{
Object myHandler = new Handler();
XMLReader reader = XMLReaderFactory.createXMLReader();
//reader.setProperty("http://xml.org/sax/properties/lexical-handler", myHandler);
reader.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
reader.setFeature("http://xml.org/sax/features/namespaces", false);
reader.setFeature("http://apache.org/xml/features/continue-after-fatal-error", true); // !
reader.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
reader.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
reader.setFeature("http://xml.org/sax/features/external-general-entities", false);
reader.setContentHandler((ContentHandler)myHandler);
//reader.setDTDHandler((DTDHandler)myHandler);
//reader.setEntityResolver((EntityResolver)myHandler);
reader.setErrorHandler((ErrorHandler)myHandler);
File f = new File("src/main/resources/test.xml").getAbsoluteFile();
System.out.println("Parsing " + f);
reader.parse(f.toURI().toString());
System.out.println("Done.");
}
}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd" [
<!ENTITY ext SYSTEM "test.txt">
<!ENTITY int 'int-resolved'>
]>
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<test>&ext;</test>
<test2>&amp;</test2>
<test3>&int;</test3>
</log4j:configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.