Check for some different XML parsers

rob809 · Sep 1, 2023 · 29f3632 · 29f3632
1 parent 48bcba4
commit 29f3632
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/jena-arq/src/main/java/org/apache/jena/riot/system/RiotLib.java b/jena-arq/src/main/java/org/apache/jena/riot/system/RiotLib.java
@@ -22,7 +22,6 @@
 import static org.apache.jena.riot.RDFLanguages.NTRIPLES;
 import static org.apache.jena.riot.RDFLanguages.RDFJSON;
 import static org.apache.jena.riot.RDFLanguages.sameLang;
-import static org.apache.jena.riot.writer.WriterConst.PREFIX_IRI;
 
 import java.io.OutputStream;
 import java.io.Writer;
@@ -296,7 +295,7 @@ public static void writeBase(IndentedWriter out, String base, boolean newStyle)
     private static void writeBaseNewStyle(IndentedWriter out, String base) {
         if (base != null) {
             out.print("BASE ");
-            out.pad(PREFIX_IRI);
+            out.pad(7);   // Align to possible prefixes. 7 is the length of "prefix "
             out.print("<");
             out.print(base);
             out.print(">");
@@ -307,7 +306,7 @@ private static void writeBaseNewStyle(IndentedWriter out, String base) {
     private static void writeBaseOldStyle(IndentedWriter out, String base) {
         if (base != null) {
             out.print("@base ");
-            out.pad(PREFIX_IRI);
+            out.pad(8);   // Align to possible prefixes. 8 is the length of "@prefix "
             out.print("<");
             out.print(base);
             out.print(">");
@@ -348,11 +347,11 @@ public static void writePrefix(IndentedWriter out, String prefix, String uri, bo
         writePrefix(out, prefix, uri, newStyle, 0);
     }
 
-    private static void writePrefix(IndentedWriter out, String prefix, String uri, boolean newStyle, int maxPrefixLenght) {
+    private static void writePrefix(IndentedWriter out, String prefix, String uri, boolean newStyle, int maxPrefixLength) {
         if (newStyle)
-            writePrefixNewStyle(out, prefix, uri, maxPrefixLenght);
+            writePrefixNewStyle(out, prefix, uri, maxPrefixLength);
         else
-            writePrefixOldStyle(out, prefix, uri, maxPrefixLenght);
+            writePrefixOldStyle(out, prefix, uri, maxPrefixLength);
     }
 
     /**
@@ -362,7 +361,7 @@ private static void writePrefixNewStyle(IndentedWriter out, String prefix, Strin
         out.print("PREFIX ");
         out.print(prefix);
         out.print(": ");
-        out.pad(9 + intent); // 9 e.q. length of "PREFIX" plus ": "
+        out.pad(9 + intent); // 9 is length of "PREFIX : "
         out.print("<");
         out.print(uri);
         out.print(">");
@@ -376,7 +375,7 @@ private static void writePrefixOldStyle(IndentedWriter out, String prefix, Strin
         out.print("@prefix ");
         out.print(prefix);
         out.print(": ");
-        out.pad(10 + intent); // 10 e.q. length of "@prefix" plus ": "
+        out.pad(10 + intent); // 10 is length of "@prefix : "
         out.print("<");
         out.print(uri);
         out.print(">");

diff --git a/jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java b/jena-core/src/main/java/org/apache/jena/util/JenaXMLInput.java
@@ -38,8 +38,10 @@
  * Create XML input methods.
  * <p>
  * External DTD and entity processing is disabled to prevent
- * <a href="https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing">XXE Processing</a>
- * problems.
+ * <br/>
+ * <a href="https://owasp.org/www-community/vulnerabilities/XML_External_Entity_(XXE)_Processing">XXE Processing Problems</a>
+ * <br/>
+ * <a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html">XML External Entity Prevention Cheat Sheet</a>
  */
 public class JenaXMLInput {
 
@@ -72,15 +74,23 @@ public static XMLReader createXMLReader() throws ParserConfigurationException, S
      * Initialize an XMLInputFactory to jena settings.
      */
     public static void initXMLInputFactory(XMLInputFactory xf) {
+
+        String name = xf.getClass().getName();
+        boolean isWoodstox = name.startsWith("com.ctc.wstx.stax.");
+        boolean isJDK = name.contains("sun.xml.internal");
+        boolean isXerces = name.startsWith("org.apache.xerces");
+
         // This disables DTDs entirely for the factory.
         // All DTDs are silently ignored; takes precedence over ACCESS_EXTERNAL_DTD
     	setXMLInputFactoryProperty(xf, XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
 
         // disable external entities (silently ignore)
         setXMLInputFactoryProperty(xf, XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
 
+        // Not supported by Woodstox. IS_SUPPORTING_EXTERNAL_ENTITIES = false is enough.
         // Disable external DTDs (files and HTTP) - errors unless SUPPORT_DTD is false.
-        setXMLInputFactoryProperty(xf, XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        if ( ! isWoodstox )
+            setXMLInputFactoryProperty(xf, XMLConstants.ACCESS_EXTERNAL_DTD, "");
     }
 
     /**