edu.hm.hafner.analysis.SecureDigester Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of analysis-model Show documentation

This library provides a Java object model to read, aggregate, filter, and query static analysis reports. It is used by Jenkins' warnings next generation plug-in to visualize the warnings of individual builds. Additionally, this library is used by a GitHub action to autograde student software projects based on a given set of metrics (unit tests, code and mutation coverage, static analysis warnings).

There is a newer version: 13.3.0

Show newest version

package edu.hm.hafner.analysis;

import javax.xml.parsers.SAXParserFactory;

import org.apache.commons.digester3.Digester;
import org.xml.sax.InputSource;

import edu.hm.hafner.util.SecureXmlParserFactory;

/**
 * A secure {@link Digester} implementation that does not resolve external entities.
 *
 * @author Ullrich Hafner
 */
public final class SecureDigester extends Digester {
    /**
     * Creates a new {@link Digester} instance that does not resolve external entities.
     *
     * @param classWithClassLoader
     *         the class to get the class loader from
     */
    public SecureDigester(final Class classWithClassLoader) {
        super();

        setClassLoader(classWithClassLoader.getClassLoader());

        SAXParserFactory factory = getFactory(); // Since there is no way to set the factory we need to modify the existing one
        SecureXmlParserFactory parserFactory = new SecureXmlParserFactory();
        parserFactory.configureSaxParserFactory(factory);
        setValidating(false);
        setEntityResolver((publicId, systemId) -> new InputSource());
    }
}