Package org.apache.solr.util

Class SafeXMLParsing

java.lang.Object

org.apache.solr.util.SafeXMLParsing

public final class SafeXMLParsing
extends Object

Some utility methods for parsing XML in a safe way. This class can be used to parse XML coming from network (completely untrusted) or it can load a config file from a ResourceLoader. In this case it allows external entities and xincludes, but only referring to files reachable by the loader.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SYSTEMID_UNTRUSTED

Method Summary

Modifier and Type	Method	Description
static Document	parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, String file)	Parses a config file from a Solr config based on ResourceLoader.
static Document	parseConfigXML(org.slf4j.Logger log, org.apache.lucene.util.ResourceLoader loader, InputSource is)	Parses a config file from a Solr config based on InputSource.
static Document	parseUntrustedXML(org.slf4j.Logger log, InputStream in)	Parses non-Solr configs as XML based on the given InputStream, disabling any external entities with secure processing enabled.
static Document	parseUntrustedXML(org.slf4j.Logger log, Reader reader)	Parses the given InputStream as XML, disabling any external entities with secure processing enabled.
static Document	parseUntrustedXML(org.slf4j.Logger log, String xml)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SYSTEMID_UNTRUSTED

public static final String SYSTEMID_UNTRUSTED

See Also:

• Constant Field Values

Method Details

parseConfigXML

public static Document parseConfigXML(org.slf4j.Logger log,
 org.apache.lucene.util.ResourceLoader loader,
 String file)
                               throws SAXException,
IOException

Parses a config file from a Solr config based on ResourceLoader. Xinclude and external entities are enabled, but cannot escape the resource loader.

Throws:

SAXException

IOException

parseConfigXML

public static Document parseConfigXML(org.slf4j.Logger log,
 org.apache.lucene.util.ResourceLoader loader,
 InputSource is)
                               throws SAXException,
IOException

Parses a config file from a Solr config based on InputSource. Xinclude and external entities are enabled, but cannot escape the resource loader.

Throws:

SAXException

IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
 InputStream in)
                                  throws SAXException,
IOException

Parses non-Solr configs as XML based on the given InputStream, disabling any external entities with secure processing enabled. The given InputStream is not closed.

Throws:

SAXException

IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
 Reader reader)
                                  throws SAXException,
IOException

Parses the given InputStream as XML, disabling any external entities with secure processing enabled. The given Reader is not closed.

Throws:

SAXException

IOException

parseUntrustedXML

public static Document parseUntrustedXML(org.slf4j.Logger log,
 String xml)
                                  throws SAXException,
IOException

Throws:

SAXException

IOException