search

jboss / mojarra

Fork of Mojarra
10 stars 41 forks source link

[JBEAP-19150] JSF trying to load DTD over the network #66

Closed moulalis closed 4 years ago

moulalis commented 4 years ago

Issue: https://issues.redhat.com/browse/JBEAP-19150 Upstream issue: https://github.com/eclipse-ee4j/mojarra/issues/4699 Upstream PR : https://github.com/eclipse-ee4j/mojarra/pull/4701

spyrkob commented 4 years ago

@moulalis can you link the upstream issue and PR in the description please

rmartinc commented 4 years ago

@moulalis Please try to also fix the same issue in the method getFacesConfigXmlVersion (just above the method you have modified). Maybe you have to reuse the createDocumentBuilderFactory to create the factory. And in the setFeature method try to catch the ParserConfigurationException in order to support another implementations (if that feature is not supported just do nothing, check the other methods too, if some exception can be thrown). Note that I just applied the recommended settings from owasp.

moulalis commented 4 years ago

@moulalis Please try to also fix the same issue in the method getFacesConfigXmlVersion (just above the method you have modified). Maybe you have to reuse the createDocumentBuilderFactory to create the factory. And in the setFeature method try to catch the ParserConfigurationException in order to support another implementations (if that feature is not supported just do nothing, check the other methods too, if some exception can be thrown). Note that I just applied the recommended settings from owasp.

@rmartinc I am done the above changes, please verify. Regarding the Exception the setFeature is throwing "ParserConfigurationException" I have handled that separately. on dbf.newDocumentBuilder().parse(stream) line there are two exceptions thrown ParserConfigurationException and SAXException handled that at the end.

rmartinc commented 4 years ago

The functionality is OK to me now. But the indentation seems to be strange (maybe you are using tabs and not spaces or similar). And we just do one commit for JIRA, so squash the three changes into just one.

With those two things is OK to me.

moulalis commented 4 years ago

The functionality is OK to me now. But the indentation seems to be strange (maybe you are using tabs and not spaces or similar). And we just do one commit for JIRA, so squash the three changes into just one.

With those two things is OK to me.

@rmartinc Formatted and squashed.