YARN-11330. use secure XML parsers (#4981)
Move construction of XML parsers in YARN modules to using the locked-down parser factory of HADOOP-18469. One exception: GpuDeviceInformationParser still supports DTD resolution; all other features are disabled. Contributed by P J Fanning
This commit is contained in:
parent
9439d8e4e4
commit
bfce21ee08
@ -41,17 +41,18 @@
|
||||
@InterfaceStability.Unstable
|
||||
public class XMLUtils {
|
||||
|
||||
private static final String DISALLOW_DOCTYPE_DECL =
|
||||
public static final String DISALLOW_DOCTYPE_DECL =
|
||||
"http://apache.org/xml/features/disallow-doctype-decl";
|
||||
private static final String LOAD_EXTERNAL_DECL =
|
||||
public static final String LOAD_EXTERNAL_DECL =
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd";
|
||||
private static final String EXTERNAL_GENERAL_ENTITIES =
|
||||
public static final String EXTERNAL_GENERAL_ENTITIES =
|
||||
"http://xml.org/sax/features/external-general-entities";
|
||||
private static final String EXTERNAL_PARAMETER_ENTITIES =
|
||||
public static final String EXTERNAL_PARAMETER_ENTITIES =
|
||||
"http://xml.org/sax/features/external-parameter-entities";
|
||||
private static final String CREATE_ENTITY_REF_NODES =
|
||||
public static final String CREATE_ENTITY_REF_NODES =
|
||||
"http://apache.org/xml/features/dom/create-entity-ref-nodes";
|
||||
|
||||
public static final String VALIDATION =
|
||||
"http://xml.org/sax/features/validation";
|
||||
|
||||
/**
|
||||
* Transform input xml given a stylesheet.
|
||||
|
@ -37,6 +37,7 @@
|
||||
import org.apache.hadoop.security.ssl.SSLFactory;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.util.Tool;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.webapp.dao.ConfInfo;
|
||||
import org.apache.hadoop.yarn.webapp.dao.QueueConfigInfo;
|
||||
@ -190,7 +191,7 @@ private static void prettyFormatWithIndent(String input, int indent)
|
||||
Source xmlInput = new StreamSource(new StringReader(input));
|
||||
StringWriter sw = new StringWriter();
|
||||
StreamResult xmlOutput = new StreamResult(sw);
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
TransformerFactory transformerFactory = XMLUtils.newSecureTransformerFactory();
|
||||
transformerFactory.setAttribute("indent-number", indent);
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
|
@ -18,20 +18,27 @@
|
||||
|
||||
package org.apache.hadoop.yarn.server.nodemanager.webapp.dao.gpu;
|
||||
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.yarn.exceptions.YarnException;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.XMLReader;
|
||||
|
||||
import java.io.StringReader;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import javax.xml.parsers.SAXParserFactory;
|
||||
import javax.xml.transform.sax.SAXSource;
|
||||
import java.io.StringReader;
|
||||
|
||||
import org.apache.hadoop.classification.InterfaceAudience;
|
||||
import org.apache.hadoop.classification.InterfaceStability;
|
||||
import org.apache.hadoop.yarn.exceptions.YarnException;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.XMLReader;
|
||||
|
||||
import static org.apache.hadoop.util.XMLUtils.EXTERNAL_GENERAL_ENTITIES;
|
||||
import static org.apache.hadoop.util.XMLUtils.EXTERNAL_PARAMETER_ENTITIES;
|
||||
import static org.apache.hadoop.util.XMLUtils.LOAD_EXTERNAL_DECL;
|
||||
import static org.apache.hadoop.util.XMLUtils.VALIDATION;
|
||||
|
||||
/**
|
||||
* Parse XML and get GPU device information
|
||||
@ -68,10 +75,11 @@ public GpuDeviceInformationParser() throws YarnException {
|
||||
*/
|
||||
private SAXParserFactory initSaxParserFactory() throws Exception {
|
||||
SAXParserFactory spf = SAXParserFactory.newInstance();
|
||||
spf.setFeature(
|
||||
"http://apache.org/xml/features/nonvalidating/load-external-dtd",
|
||||
false);
|
||||
spf.setFeature("http://xml.org/sax/features/validation", false);
|
||||
spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
spf.setFeature(LOAD_EXTERNAL_DECL, false);
|
||||
spf.setFeature(EXTERNAL_GENERAL_ENTITIES, false);
|
||||
spf.setFeature(EXTERNAL_PARAMETER_ENTITIES, false);
|
||||
spf.setFeature(VALIDATION, false);
|
||||
return spf;
|
||||
}
|
||||
|
||||
|
@ -35,6 +35,7 @@
|
||||
import org.apache.hadoop.fs.Path;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.VersionInfo;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerId;
|
||||
@ -432,10 +433,9 @@ public void testSingleNodesXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML+ "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
InputSource is = new InputSource(new StringReader(xml));
|
||||
Document dom = db.parse(is);
|
||||
NodeList nodes = dom.getElementsByTagName("nodeInfo");
|
||||
assertEquals("incorrect number of elements", 1, nodes.getLength());
|
||||
|
@ -40,6 +40,7 @@
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileUtil;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
|
||||
import org.apache.hadoop.yarn.api.records.NodeId;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
@ -486,7 +487,7 @@ public void testNodeAppsStateInvalidXML() throws JSONException, Exception {
|
||||
response.getType().toString());
|
||||
String msg = response.getEntity(String.class);
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(msg));
|
||||
@ -651,7 +652,7 @@ public void testNodeAppsXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -676,7 +677,7 @@ public void testNodeSingleAppsXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -40,6 +40,7 @@
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileUtil;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.NodeId;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.server.nodemanager.Context;
|
||||
@ -257,7 +258,7 @@ public void testNodeAuxServicesXML() throws Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -39,6 +39,7 @@
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileUtil;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerId;
|
||||
import org.apache.hadoop.yarn.api.records.NodeId;
|
||||
@ -447,7 +448,7 @@ public void testNodeSingleContainerXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -476,7 +477,7 @@ public void testNodeContainerXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -17,17 +17,27 @@
|
||||
*/
|
||||
package org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair;
|
||||
|
||||
import org.apache.hadoop.classification.VisibleForTesting;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
|
||||
import org.apache.hadoop.classification.InterfaceAudience.Public;
|
||||
import org.apache.hadoop.classification.InterfaceStability.Unstable;
|
||||
import org.apache.hadoop.classification.VisibleForTesting;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.fs.FileSystem;
|
||||
import org.apache.hadoop.fs.Path;
|
||||
import org.apache.hadoop.fs.UnsupportedFileSystemException;
|
||||
import org.apache.hadoop.security.authorize.AccessControlList;
|
||||
import org.apache.hadoop.service.AbstractService;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.QueueACL;
|
||||
import org.apache.hadoop.yarn.security.AccessType;
|
||||
import org.apache.hadoop.yarn.security.Permission;
|
||||
@ -39,19 +49,14 @@
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.allocation.QueueProperties;
|
||||
import org.apache.hadoop.yarn.util.Clock;
|
||||
import org.apache.hadoop.yarn.util.SystemClock;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.w3c.dom.Document;
|
||||
import org.w3c.dom.Element;
|
||||
import org.w3c.dom.NodeList;
|
||||
import org.xml.sax.SAXException;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import java.io.IOException;
|
||||
import java.net.URL;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import static org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.allocation.AllocationFileQueueParser.EVERYBODY_ACL;
|
||||
import static org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.allocation.AllocationFileQueueParser.ROOT;
|
||||
|
||||
@ -236,8 +241,7 @@ public synchronized void reloadAllocations()
|
||||
LOG.info("Loading allocation file " + allocFile);
|
||||
|
||||
// Read and parse the allocations file.
|
||||
DocumentBuilderFactory docBuilderFactory =
|
||||
DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory docBuilderFactory = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
docBuilderFactory.setIgnoringComments(true);
|
||||
DocumentBuilder builder = docBuilderFactory.newDocumentBuilder();
|
||||
Document doc = builder.parse(fs.open(allocFile));
|
||||
|
@ -26,6 +26,7 @@
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.security.token.delegation.web.DelegationTokenIdentifier;
|
||||
import org.apache.hadoop.util.Sets;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.nodelabels.NodeAttributeStore;
|
||||
import org.apache.hadoop.yarn.nodelabels.NodeLabelUtil;
|
||||
import org.apache.hadoop.yarn.server.api.ResourceTracker;
|
||||
@ -2662,7 +2663,7 @@ private void writeToHostsFile(File file, String... hosts)
|
||||
private void writeToHostsXmlFile(
|
||||
File file, Pair<String, Integer>... hostsAndTimeouts) throws Exception {
|
||||
ensureFileExists(file);
|
||||
DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbFactory = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
Document doc = dbFactory.newDocumentBuilder().newDocument();
|
||||
Element hosts = doc.createElement("hosts");
|
||||
doc.appendChild(hosts);
|
||||
@ -2680,7 +2681,7 @@ private void writeToHostsXmlFile(
|
||||
);
|
||||
}
|
||||
}
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
TransformerFactory transformerFactory = XMLUtils.newSecureTransformerFactory();
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.transform(new DOMSource(doc), new StreamResult(file));
|
||||
|
@ -19,6 +19,7 @@
|
||||
package org.apache.hadoop.yarn.server.resourcemanager.placement;
|
||||
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairScheduler;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.FairSchedulerConfiguration;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.scheduler.fair.QueueManager;
|
||||
@ -188,11 +189,10 @@ private void ruleInit(Class <? extends PlacementRule> ruleClass) {
|
||||
|
||||
private Element createConf(String str) {
|
||||
// Create a simple rule element to use in the rule create
|
||||
DocumentBuilderFactory docBuilderFactory =
|
||||
DocumentBuilderFactory.newInstance();
|
||||
docBuilderFactory.setIgnoringComments(true);
|
||||
Document doc = null;
|
||||
try {
|
||||
DocumentBuilderFactory docBuilderFactory = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
docBuilderFactory.setIgnoringComments(true);
|
||||
DocumentBuilder builder = docBuilderFactory.newDocumentBuilder();
|
||||
doc = builder.parse(IOUtils.toInputStream(str, StandardCharsets.UTF_8));
|
||||
} catch (Exception ex) {
|
||||
|
@ -57,6 +57,7 @@
|
||||
import org.apache.hadoop.security.authorize.AuthorizationException;
|
||||
import org.apache.hadoop.service.Service.STATE;
|
||||
import org.apache.hadoop.util.VersionInfo;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationsRequest;
|
||||
import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationsResponse;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
@ -310,7 +311,7 @@ public void testInfoDefault() throws JSONException, Exception {
|
||||
}
|
||||
|
||||
public void verifyClusterInfoXML(String xml) throws JSONException, Exception {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -436,7 +437,7 @@ public void testClusterMetricsXML() throws JSONException, Exception {
|
||||
|
||||
public void verifyClusterMetricsXML(String xml) throws JSONException,
|
||||
Exception {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -607,7 +608,7 @@ public void testClusterSchedulerFifoXML() throws JSONException, Exception {
|
||||
|
||||
public void verifySchedulerFifoXML(String xml) throws JSONException,
|
||||
Exception {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -25,6 +25,7 @@
|
||||
import com.sun.jersey.test.framework.WebAppDescriptor;
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerState;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.MockAM;
|
||||
@ -395,7 +396,7 @@ public void testAppAttemptsXML() throws Exception {
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -31,6 +31,7 @@
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.util.Sets;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerState;
|
||||
import org.apache.hadoop.yarn.api.records.FinalApplicationStatus;
|
||||
import org.apache.hadoop.yarn.api.records.ResourceRequest;
|
||||
@ -189,7 +190,7 @@ public void testAppsXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -223,7 +224,7 @@ public void testRunningApp() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -264,7 +265,7 @@ public void testAppsXMLMulti() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -1724,7 +1725,7 @@ public void testSingleAppsXML() throws JSONException, Exception {
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -56,6 +56,7 @@
|
||||
import org.apache.hadoop.security.Credentials;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationAccessType;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationId;
|
||||
import org.apache.hadoop.yarn.api.records.ApplicationSubmissionContext;
|
||||
@ -532,7 +533,7 @@ protected static void verifyAppStateXML(ClientResponse response,
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -733,7 +734,7 @@ protected String validateGetNewApplicationJsonResponse(JSONObject json)
|
||||
|
||||
protected String validateGetNewApplicationXMLResponse(String response)
|
||||
throws ParserConfigurationException, IOException, SAXException {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(response));
|
||||
@ -1299,7 +1300,7 @@ protected static void verifyAppPriorityXML(ClientResponse response,
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -1329,7 +1330,7 @@ protected static void verifyAppPriorityXML(ClientResponse response,
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -1466,7 +1467,7 @@ protected static void verifyAppTimeoutXML(ClientResponse response,
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -50,6 +50,7 @@
|
||||
|
||||
import org.apache.hadoop.conf.Configuration;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.Resource;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
|
||||
@ -315,7 +316,7 @@ public static String serializeDocument(Document document) throws TransformerExce
|
||||
DOMSource domSource = new DOMSource(document);
|
||||
StringWriter writer = new StringWriter();
|
||||
StreamResult result = new StreamResult(writer);
|
||||
TransformerFactory tf = TransformerFactory.newInstance();
|
||||
TransformerFactory tf = XMLUtils.newSecureTransformerFactory();
|
||||
Transformer transformer = tf.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "2");
|
||||
@ -324,7 +325,7 @@ public static String serializeDocument(Document document) throws TransformerExce
|
||||
}
|
||||
|
||||
public static Document loadDocument(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory factory = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
InputSource is = new InputSource(new StringReader(xml));
|
||||
return builder.parse(is);
|
||||
|
@ -48,6 +48,7 @@
|
||||
import org.apache.hadoop.security.token.SecretManager.InvalidToken;
|
||||
import org.apache.hadoop.security.token.Token;
|
||||
import org.apache.hadoop.util.Time;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
|
||||
@ -697,7 +698,7 @@ private void verifySimpleAuthCancel() {
|
||||
|
||||
public static DelegationToken getDelegationTokenFromXML(String tokenXML)
|
||||
throws IOException, ParserConfigurationException, SAXException {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(tokenXML));
|
||||
|
@ -42,6 +42,7 @@
|
||||
import org.apache.hadoop.thirdparty.com.google.common.collect.ImmutableMap;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.Sets;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.NodeId;
|
||||
import org.apache.hadoop.yarn.api.records.NodeLabel;
|
||||
import org.apache.hadoop.yarn.api.records.Priority;
|
||||
@ -258,7 +259,7 @@ public void testSchedulerPartitionsXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -49,6 +49,7 @@
|
||||
import org.apache.hadoop.security.UserGroupInformation;
|
||||
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
|
||||
import org.apache.hadoop.security.authentication.server.PseudoAuthenticationHandler;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.api.records.ContainerStatus;
|
||||
import org.apache.hadoop.yarn.api.records.NodeAttribute;
|
||||
import org.apache.hadoop.yarn.api.records.NodeAttributeType;
|
||||
@ -578,10 +579,9 @@ public void testNonexistNodeXML() throws JSONException, Exception {
|
||||
response.getType().toString());
|
||||
String msg = response.getEntity(String.class);
|
||||
System.out.println(msg);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(msg));
|
||||
InputSource is = new InputSource(new StringReader(msg));
|
||||
Document dom = db.parse(is);
|
||||
NodeList nodes = dom.getElementsByTagName("RemoteException");
|
||||
Element element = (Element) nodes.item(0);
|
||||
@ -646,10 +646,9 @@ public void testNodesXML() throws JSONException, Exception {
|
||||
assertEquals(MediaType.APPLICATION_XML_TYPE + "; " + JettyUtils.UTF_8,
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
InputSource is = new InputSource(new StringReader(xml));
|
||||
Document dom = db.parse(is);
|
||||
NodeList nodesApps = dom.getElementsByTagName("nodes");
|
||||
assertEquals("incorrect number of elements", 1, nodesApps.getLength());
|
||||
@ -672,7 +671,7 @@ public void testSingleNodesXML() throws JSONException, Exception {
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
@ -694,7 +693,7 @@ public void testNodes2XML() throws JSONException, Exception {
|
||||
response.getType().toString());
|
||||
String xml = response.getEntity(String.class);
|
||||
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
@ -20,6 +20,7 @@
|
||||
|
||||
import com.sun.jersey.api.client.WebResource;
|
||||
import org.apache.hadoop.http.JettyUtils;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.codehaus.jettison.json.JSONObject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -29,7 +30,6 @@
|
||||
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.*;
|
||||
import javax.xml.transform.dom.DOMSource;
|
||||
import javax.xml.transform.stream.StreamResult;
|
||||
@ -84,7 +84,7 @@ private Document parseXml(BufferedClientResponse response) {
|
||||
try {
|
||||
String xml = response.getEntity(String.class);
|
||||
DocumentBuilder db =
|
||||
DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||
XMLUtils.newSecureDocumentBuilderFactory().newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
||||
@ -105,7 +105,7 @@ private void logResponse(Document doc) {
|
||||
public static String toXml(Node node) {
|
||||
StringWriter writer;
|
||||
try {
|
||||
TransformerFactory tf = TransformerFactory.newInstance();
|
||||
TransformerFactory tf = XMLUtils.newSecureTransformerFactory();
|
||||
Transformer transformer = tf.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty(
|
||||
|
@ -30,6 +30,7 @@
|
||||
import org.apache.hadoop.security.http.RestCsrfPreventionFilter;
|
||||
import org.apache.hadoop.service.Service.STATE;
|
||||
import org.apache.hadoop.util.VersionInfo;
|
||||
import org.apache.hadoop.util.XMLUtils;
|
||||
import org.apache.hadoop.yarn.conf.YarnConfiguration;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.MockRM;
|
||||
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
|
||||
@ -153,7 +154,7 @@ public void testAllowNonBrowserInteractionWithoutHeader() throws Exception {
|
||||
}
|
||||
|
||||
public void verifyClusterInfoXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilderFactory dbf = XMLUtils.newSecureDocumentBuilderFactory();
|
||||
DocumentBuilder db = dbf.newDocumentBuilder();
|
||||
InputSource is = new InputSource();
|
||||
is.setCharacterStream(new StringReader(xml));
|
||||
|
Loading…
Reference in New Issue
Block a user