0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix issues from sonarcloud

Browse source
This commit is contained in:
Shinsuke Sugaya 2021-04-03 08:40:13 +09:00
parent cd41184064
commit db002c47f4
4 changed files with 10 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/main/java/org/codelibs/fess/helper/PluginHelper.java
View file

@ -35,6 +35,7 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@ -123,6 +124,8 @@ public class PluginHelper {
try (final InputStream is = new ByteArrayInputStream(pluginMetaContent.getBytes(Constants.UTF_8_CHARSET))) {
final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setFeature(Constants.FEATURE_SECURE_PROCESSING, true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);
final DocumentBuilder builder = factory.newDocumentBuilder();
final Document document = builder.parse(is);
final NodeList nodeList = document.getElementsByTagName("version");

4
src/main/java/org/codelibs/fess/helper/ThemeHelper.java
View file

@ -28,6 +28,7 @@ import java.util.zip.ZipInputStream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.core.stream.StreamUtil;
import org.codelibs.fess.exception.ThemeException;
import org.codelibs.fess.helper.PluginHelper.Artifact;
import org.codelibs.fess.helper.PluginHelper.ArtifactType;
@ -46,7 +47,8 @@ public class ThemeHelper {
ZipEntry entry;
while ((entry = zis.getNextEntry()) != null) {
if (!entry.isDirectory()) {
final String[] names = entry.getName().split("/");
final String[] names = StreamUtil.split(entry.getName(), "/")
.get(stream -> stream.filter(s -> !"..".equals(s)).toArray(n -> new String[n]));
if (names.length < 2) {
continue;
}

2
src/main/java/org/codelibs/fess/helper/UserInfoHelper.java
View file

@ -101,7 +101,7 @@ public class UserInfoHelper {
public void deleteUserCodeFromCookie(final HttpServletRequest request) {
final String cookieValue = getUserCodeFromCookie(request);
if (cookieValue != null) {
updateCookie(cookieValue, 0);
updateCookie(StringUtil.EMPTY, 0);
}
}

3
src/main/java/org/codelibs/fess/util/GsaConfigParser.java
View file

@ -26,6 +26,7 @@ import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.xml.XMLConstants;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@ -92,6 +93,8 @@ public class GsaConfigParser extends DefaultHandler {
final SAXParserFactory factory = SAXParserFactory.newInstance();
factory.setFeature(org.codelibs.fess.crawler.Constants.FEATURE_SECURE_PROCESSING, true);
final SAXParser parser = factory.newSAXParser();
parser.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, StringUtil.EMPTY);
parser.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, StringUtil.EMPTY);
parser.parse(is, this);
} catch (final Exception e) {
throw new GsaConfigException("Failed to parse XML file.", e);