vanitasvitae
/
Smack
mirror of https://github.com/vanitasvitae/Smack.git
1
0
Fork 0
Code Issues Releases Wiki Activity
4,990 Commits 61 Branches 35 Tags 36 MiB
Commit Graph

5 Commits

Author SHA1 Message Date
Florian Schmaus 3bef905ef5 [xmlparser-stax] Move getNamespace() to its friends within the file 2021-03-03 21:43:43 +01:00
Florian Schmaus ba6968fc79 [xmlparser-stax] Fix potential IAE in StaxXmlPullParser.getNamespace() 
StAX's NamespaceContext.getNamespaceURI(String) is allowed to throw an
IllegalArgumentException in case the argument is null. We simply
re-use getNamespace(String) which will substitute the default
namespace if the argument is null to avoid this.

Connection closed due to an exception
java.lang.IllegalArgumentException: Illegal to pass null as argument
at com.ctc.wstx.sr.NsInputElementStack.getNamespaceURI(NsInputElementStack.java:486)
at org.jivesoftware.smack.xml.stax.StaxXmlPullParser.getNamespace(StaxXmlPullParser.java:113)
at org.jivesoftware.smack.AbstractXMPPConnection.parseFeatures(AbstractXMPPConnection.java:1852)
at org.jivesoftware.smack.AbstractXMPPConnection.parseFeaturesAndNotify(AbstractXMPPConnection.java:1887)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1300(XMPPTCPConnection.java:130)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:983)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:913)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:936)
at java.lang.Thread.run(Thread.java:748)

Fixes SMACK-903
 2021-03-03 21:41:07 +01:00
Florian Schmaus c1b412c457 [xmlparser-stax] Disable external entities and DTD 
Before that, the StAX parser used by Smack for XML parsing had
only external entity replacement disabled. We further harden the
parser by disabling DTDs.

See also:
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser
 2020-10-05 08:55:10 +02:00
Florian Schmaus 947244b704 Use XMLInputFactory.newInstance() instead of newFactory() 
As newFactory() is errornously marked as deprecated in Java 9 or
higher. See also https://bugs.openjdk.java.net/browse/JDK-8183519
 2019-07-19 23:05:46 +02:00
Florian Schmaus 4133eb175c Replace XPP3 by XmlPullParser interface wrapping StAX and XPP3 
Introducing Smack's own XmlPullParser interface which tries to stay as
compatible as possible to XPP3. The interface is used to either wrap
StAX's XMLStreamReader if Smack is used on Java SE, and XPP3's
XmlPullParser if Smack is used on on Android.

Fixes SMACK-591.

Also introduce JUnit 5 and non-strict javadoc projects.
 2019-05-06 22:10:50 +02:00