diff --git a/api/src/org/labkey/api/util/FileUtil.java b/api/src/org/labkey/api/util/FileUtil.java index a7239262343..50dcfdf5a82 100644 --- a/api/src/org/labkey/api/util/FileUtil.java +++ b/api/src/org/labkey/api/util/FileUtil.java @@ -267,7 +267,7 @@ public static boolean deleteDir(Path dir, Logger log) } - public static void deleteDir(@NotNull Path dir) throws IOException + public static boolean deleteDir(@NotNull Path dir) throws IOException { if (Files.exists(dir)) { @@ -276,17 +276,21 @@ public static void deleteDir(@NotNull Path dir) throws IOException // TODO: On Windows, collect is yielding AccessDenied Exception, so only do this for cloud try (Stream paths = Files.walk(dir)) { + boolean success = true; for (Path path : paths.sorted(Comparator.reverseOrder()).toList()) { - Files.deleteIfExists(path); + success = Files.deleteIfExists(path) && success; } + return success; } } else { - deleteDir(dir.toFile()); // Note: we maintain existing behavior from before Path work, which is to ignore any error + return deleteDir(dir.toFile()); // Note: we maintain existing behavior from before Path work, which is to ignore any error } } + + return true; } diff --git a/api/src/org/labkey/api/util/JunitUtil.java b/api/src/org/labkey/api/util/JunitUtil.java index ef92e2e3aea..24575abe785 100644 --- a/api/src/org/labkey/api/util/JunitUtil.java +++ b/api/src/org/labkey/api/util/JunitUtil.java @@ -26,18 +26,12 @@ import org.labkey.api.data.ContainerManager; import org.labkey.api.module.Module; import org.labkey.api.settings.AppProps; -import org.w3c.dom.Document; import org.w3c.dom.Node; -import org.xml.sax.InputSource; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; import java.io.IOException; -import java.io.StringReader; import java.nio.file.Files; import java.nio.file.Paths; -import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.LinkedList; @@ -64,21 +58,6 @@ public static String getAttributeValue(Node elem, String attr) return node.getNodeValue(); } - - public static Document tidyAsDocument(String html) throws Exception - { - ArrayList errors = new ArrayList<>(); - String tidy = JSoupUtil.convertHtmlToXml(html, errors); - - DocumentBuilderFactory fact = DocumentBuilderFactory.newInstance(); - fact.setValidating(false); - fact.setCoalescing(true); - fact.setIgnoringComments(true); - fact.setNamespaceAware(false); - DocumentBuilder builder = fact.newDocumentBuilder(); - return builder.parse(new InputSource(new StringReader(tidy))); - } - /** * Returns the container called "_junit" to be used by test cases. */ diff --git a/api/src/org/labkey/api/util/XmlBeansUtil.java b/api/src/org/labkey/api/util/XmlBeansUtil.java index 6f0eafdd61e..048a8f7bb72 100644 --- a/api/src/org/labkey/api/util/XmlBeansUtil.java +++ b/api/src/org/labkey/api/util/XmlBeansUtil.java @@ -28,6 +28,7 @@ import org.labkey.api.settings.LookAndFeelProperties; import org.xml.sax.SAXException; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; @@ -145,6 +146,8 @@ public static void addComment(XmlTokenSource doc, String comment) DOCUMENT_BUILDER_FACTORY.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DOCUMENT_BUILDER_FACTORY.setFeature("http://xml.org/sax/features/external-general-entities", false); DOCUMENT_BUILDER_FACTORY.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + DOCUMENT_BUILDER_FACTORY.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); + DOCUMENT_BUILDER_FACTORY.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DOCUMENT_BUILDER_FACTORY.setXIncludeAware(false); DOCUMENT_BUILDER_FACTORY.setExpandEntityReferences(false); } diff --git a/pipeline/src/org/labkey/pipeline/api/ParamParserImpl.java b/pipeline/src/org/labkey/pipeline/api/ParamParserImpl.java index 7bff474e15e..b429281159e 100644 --- a/pipeline/src/org/labkey/pipeline/api/ParamParserImpl.java +++ b/pipeline/src/org/labkey/pipeline/api/ParamParserImpl.java @@ -19,6 +19,7 @@ import org.apache.logging.log4j.Logger; import org.labkey.api.pipeline.ParamParser; import org.labkey.api.util.StringUtilsLabKey; +import org.labkey.api.util.XmlBeansUtil; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -27,7 +28,6 @@ import org.xml.sax.SAXParseException; import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -129,9 +129,7 @@ public void parse(InputStream inputStream) { try { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setValidating(false); - DocumentBuilder db = dbf.newDocumentBuilder(); + DocumentBuilder db = XmlBeansUtil.DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); InputSource source = new InputSource(new InputStreamReader(inputStream)); _doc = db.parse(source); diff --git a/query/src/org/labkey/query/ModuleQueryMetadataDef.java b/query/src/org/labkey/query/ModuleQueryMetadataDef.java index 81fbdddc035..21ecd8321f5 100644 --- a/query/src/org/labkey/query/ModuleQueryMetadataDef.java +++ b/query/src/org/labkey/query/ModuleQueryMetadataDef.java @@ -22,6 +22,7 @@ import org.labkey.api.util.DOMUtil; import org.labkey.api.util.PageFlowUtil; import org.labkey.api.util.Path; +import org.labkey.api.util.XmlBeansUtil; import org.labkey.api.util.logging.LogHelper; import org.labkey.query.persist.QueryDef; import org.labkey.query.persist.QueryManager; @@ -30,7 +31,6 @@ import org.xml.sax.SAXException; import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import java.io.IOException; @@ -112,9 +112,7 @@ else if (rootElementName.equalsIgnoreCase("query")) protected Document parseFile(Resource r) throws ParserConfigurationException, IOException, SAXException { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setValidating(false); - DocumentBuilder db = dbf.newDocumentBuilder(); + DocumentBuilder db = XmlBeansUtil.DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); return db.parse(r.getInputStream()); } diff --git a/query/src/org/labkey/query/olap/rolap/RolapReader.java b/query/src/org/labkey/query/olap/rolap/RolapReader.java index 05099dfdd38..d7e9a5a2b0c 100644 --- a/query/src/org/labkey/query/olap/rolap/RolapReader.java +++ b/query/src/org/labkey/query/olap/rolap/RolapReader.java @@ -24,6 +24,7 @@ import org.labkey.api.module.Module; import org.labkey.api.module.ModuleLoader; import org.labkey.api.util.ConfigurationException; +import org.labkey.api.util.XmlBeansUtil; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; @@ -31,7 +32,6 @@ import org.xml.sax.SAXException; import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import java.io.File; import java.io.IOException; @@ -97,20 +97,16 @@ public Map getAnnotations() private void loadDocument(File file) throws SAXException, ParserConfigurationException, IOException { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setValidating(false); - DocumentBuilder db = dbf.newDocumentBuilder(); + DocumentBuilder db = XmlBeansUtil.DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); _document = db.parse(file); } private void loadDocument(Reader reader) throws IOException { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setValidating(false); try { - DocumentBuilder db = dbf.newDocumentBuilder(); + DocumentBuilder db = XmlBeansUtil.DOCUMENT_BUILDER_FACTORY.newDocumentBuilder(); _document = db.parse(new InputSource(reader)); } catch (SAXException|ParserConfigurationException x) diff --git a/search/src/org/labkey/search/model/LuceneSearchServiceImpl.java b/search/src/org/labkey/search/model/LuceneSearchServiceImpl.java index 95ecd643575..6520cdd0324 100644 --- a/search/src/org/labkey/search/model/LuceneSearchServiceImpl.java +++ b/search/src/org/labkey/search/model/LuceneSearchServiceImpl.java @@ -108,6 +108,7 @@ import org.labkey.api.util.StringUtilsLabKey; import org.labkey.api.util.TestContext; import org.labkey.api.util.URLHelper; +import org.labkey.api.util.XmlBeansUtil; import org.labkey.api.util.logging.LogHelper; import org.labkey.api.view.ActionURL; import org.labkey.api.view.UnauthorizedException; @@ -120,7 +121,6 @@ import org.xml.sax.ContentHandler; import org.xml.sax.SAXException; -import javax.xml.parsers.DocumentBuilderFactory; import java.io.BufferedInputStream; import java.io.Closeable; import java.io.File; @@ -221,7 +221,7 @@ public LuceneSearchServiceImpl() try { InputStream is = getClass().getResourceAsStream("tikaConfig.xml"); - org.w3c.dom.Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(is); + org.w3c.dom.Document doc = XmlBeansUtil.DOCUMENT_BUILDER_FACTORY.newDocumentBuilder().parse(is); config = new TikaConfig(doc, new ServiceLoader(Thread.currentThread().getContextClassLoader(), LoadErrorHandler.IGNORE, new ProblemHandler(_log), true)); } catch (Exception e)