diff --git a/scplugin/src/test/java/org/eclipse/persistence/tools/workbench/test/scplugin/model/read/LoadTopLinkSessionsTest.java b/scplugin/src/test/java/org/eclipse/persistence/tools/workbench/test/scplugin/model/read/LoadTopLinkSessionsTest.java index f5565cb2..40c04440 100644 --- a/scplugin/src/test/java/org/eclipse/persistence/tools/workbench/test/scplugin/model/read/LoadTopLinkSessionsTest.java +++ b/scplugin/src/test/java/org/eclipse/persistence/tools/workbench/test/scplugin/model/read/LoadTopLinkSessionsTest.java @@ -21,6 +21,7 @@ import java.nio.channels.Channels; import java.nio.channels.FileChannel; import java.nio.channels.ReadableByteChannel; +import java.nio.file.Files; import java.util.Collection; import java.util.Enumeration; import java.util.Iterator; @@ -56,7 +57,7 @@ private File prepareSessionsXmlFile(ZipFile zipFile, ZipEntry entry) throws Exce // Create the Channel for the destination String fileName = entry.getName().replace('/', '_'); - File file = File.createTempFile(fileName, null); + File file = Files.createTempFile(fileName, null).toFile(); FileOutputStream fos = new FileOutputStream(file); FileChannel destinationChannel = fos.getChannel(); diff --git a/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/CollectionTools.java b/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/CollectionTools.java index 982b7bed..6d5fa965 100644 --- a/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/CollectionTools.java +++ b/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/CollectionTools.java @@ -15,6 +15,7 @@ package org.eclipse.persistence.tools.workbench.utility; import java.lang.reflect.Array; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -1635,7 +1636,7 @@ public static Object[] rotate(Object[] array, int distance) { if (distance == 0) { return array; } - for (int cycleStart = 0, nMoved = 0; nMoved != len; cycleStart++) { + for (int cycleStart = 0, nMoved = 0; nMoved < len; cycleStart++) { Object displaced = array[cycleStart]; int i = cycleStart; do { @@ -1676,7 +1677,7 @@ public static char[] rotate(char[] array, int distance) { if (distance == 0) { return array; } - for (int cycleStart = 0, nMoved = 0; nMoved != len; cycleStart++) { + for (int cycleStart = 0, nMoved = 0; nMoved < len; cycleStart++) { char displaced = array[cycleStart]; int i = cycleStart; do { @@ -1717,7 +1718,7 @@ public static int[] rotate(int[] array, int distance) { if (distance == 0) { return array; } - for (int cycleStart = 0, nMoved = 0; nMoved != len; cycleStart++) { + for (int cycleStart = 0, nMoved = 0; nMoved < len; cycleStart++) { int displaced = array[cycleStart]; int i = cycleStart; do { @@ -1758,7 +1759,7 @@ public static Set set(Object[] array) { return set; } - private static final Random RANDOM = new Random(); + private static final Random RANDOM = new SecureRandom(); /** * Return the array after "shuffling" it. diff --git a/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/XMLTools.java b/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/XMLTools.java index 0cdb5f6c..e1c2827d 100644 --- a/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/XMLTools.java +++ b/utility/src/main/java/org/eclipse/persistence/tools/workbench/utility/XMLTools.java @@ -29,6 +29,7 @@ import java.util.ArrayList; import java.util.List; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -79,6 +80,26 @@ public final class XMLTools { private static synchronized DocumentBuilderFactory documentBuilderFactory() { if (documentBuilderFactory == null) { documentBuilderFactory = DocumentBuilderFactory.newInstance(); + String FEATURE = null; + try { + FEATURE = "http://xml.org/sax/features/external-parameter-entities"; + documentBuilderFactory.setFeature(FEATURE, false); + + FEATURE = "http://apache.org/xml/features/nonvalidating/load-external-dtd"; + documentBuilderFactory.setFeature(FEATURE, false); + + FEATURE = "http://xml.org/sax/features/external-general-entities"; + documentBuilderFactory.setFeature(FEATURE, false); + + documentBuilderFactory.setXIncludeAware(false); + documentBuilderFactory.setExpandEntityReferences(false); + + documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + + } catch (ParserConfigurationException e) { + throw new IllegalStateException("The feature '" + + FEATURE + "' is not supported by your XML processor.", e); + } } return documentBuilderFactory; } @@ -452,6 +473,9 @@ public static void addSimpleTextNodes(Node parent, String childrenName, String c private static synchronized TransformerFactory transformerFactory() { if (transformerFactory == null) { transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); } return transformerFactory; }