Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - GHSA-58qw-p7qm-5rvh #10066

Closed
joakime opened this issue Jul 5, 2023 · 0 comments · Fixed by #10067
Closed

Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - GHSA-58qw-p7qm-5rvh #10066

joakime opened this issue Jul 5, 2023 · 0 comments · Fixed by #10067
Assignees
@joakime
Labels
Enhancement Security
Milestone
10.0.x

Comments

@joakime
Copy link
Contributor

joakime commented Jul 5, 2023
edited
Loading

Jetty version(s)
10+

Enhancement Description
If the user of Jetty's XmlParser class wants to customize the SAXParserFactory or SAXParser, then there is no way for them to accomplish that.

Provide an API that allows the user to customize the behaviors of these classes to suit their needs.

This addresses Advisory GHSA-58qw-p7qm-5rvh
@joakime joakime added this to the 10.0.x milestone Jul 5, 2023
@joakime joakime self-assigned this Jul 5, 2023
joakime added a commit that referenced this issue Jul 5, 2023
@joakime
Issue #10066 - Allow customization of SAXParserFactory / SAXParser in…
1db3f0d 
… XmlParser

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
joakime added a commit that referenced this issue Jul 5, 2023
@joakime
Issue #10066 - rename to `.getSAXParser()
a1b8585 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
joakime added a commit that referenced this issue Jul 5, 2023
@joakime
Issue #10066 - fix checkstyle
bba390f 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
joakime added a commit that referenced this issue Jul 5, 2023
@joakime
Issue #10066 - a more reliable test case
beb858c 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
joakime added a commit that referenced this issue Jul 5, 2023
@joakime
Issue #10066 - allow test case to skip if xerces is not in use.
3937995 
Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
@joakime joakime linked a pull request Jul 5, 2023 that will close this issue
Issue #10066 - Allow customization of SAXParserFactory and SAXParser in XmlParser #10067
Merged
joakime added a commit that referenced this issue Jul 6, 2023
@joakime @gregw
Issue #10066 - Allow customization of SAXParserFactory and `SAXPars…
9a05c75 
…er` in `XmlParser` (#10067)

* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
---------

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
joakime added a commit that referenced this issue Aug 11, 2023
@joakime @gregw
Issue #10066 - Allow customization of SAXParserFactory and `SAXPars…
15da450 
…er` in `XmlParser` (#10067)

* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
---------

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
joakime added a commit that referenced this issue Aug 14, 2023
@joakime @gregw
Issue #10066 - Allow customization of SAXParserFactory and `SAXPars…
d4d8832 
…er` in `XmlParser` (#10299)

Backports of
* Issue #10066 - Allow customization of `SAXParserFactory` and `SAXParser` in `XmlParser` (#10067)
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)

Consisting of
* Allow customization of SAXParserFactory / SAXParser in XmlParser
* Introduce method `.getSAXParser()`
* Prepending doctype in testcases
* More comprehensive changes to redirectEntity config
* Updating various old/moved URL references found across project (`jetty-10.0.x`) (#10098)
* Now that the migration of `https://eclipse.org/jetty/` to `https://eclipse.dev/jetty/` has occurred, it is time to review the URI use in our project
* Added more URIs to XmlConfiguration
* Better SAXParseException handling to report resource that is causing the problem
* Add missing DOCTYPE declarations
* Enforcing unique XML ids

---------

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Co-authored-by: Greg Wilkins <gregw@webtide.com>
@joakime joakime changed the title Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class Allow SAXParserFactory or SAXParser to be configured in Jetty's XmlParser class - GHSA-58qw-p7qm-5rvh Aug 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joakime joakime

Labels
Enhancement Security
Projects
None yet
Milestone
10.0.x
1 participant
@joakime