DocumentBuilderFactory: Parse xml without external entity resolution

External entity resolution is not supported by PDE (see
PDECoreMessages.XMLErrorReporter_ExternalEntityResolution). PDE should
not contact or even inject external sources into Documents.

apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiFreezeAntTaskTests.java

@@ -22,19 +22,20 @@
 import java.util.Properties;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.eclipse.core.resources.IFile;
 import org.eclipse.core.resources.IFolder;
 import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
+@SuppressWarnings("restriction")
 public class ApiToolingApiFreezeAntTaskTests extends AntRunnerTestCase {
 
 	@Override
@@ -62,7 +63,8 @@ private void runTaskAndVerify(String resourceName) throws Exception, CoreExcepti
 		IFile reportFile = buildFolder.getFile("report.xml"); //$NON-NLS-1$
 		assertTrue("report.xml must exist", reportFile.exists()); //$NON-NLS-1$
 		InputSource is = new InputSource(reportFile.getContents());
-		DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+		DocumentBuilder db = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+				.newDocumentBuilder();
 		Document doc = db.parse(is);
 		NodeList elems = doc.getElementsByTagName("delta"); //$NON-NLS-1$
 		boolean found = false;

apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingApiuseAntTaskTests.java

@@ -22,18 +22,19 @@
 import java.util.Properties;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.eclipse.core.resources.IFolder;
 import org.eclipse.core.resources.IResource;
 import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
+@SuppressWarnings("restriction")
 public class ApiToolingApiuseAntTaskTests extends AntRunnerTestCase {
 
 	@Override
@@ -65,7 +66,8 @@ private IFolder runTaskAndVerify(String resourceName) throws Exception, CoreExce
 	public void test1() throws Exception {
 		IFolder reportFolder = runTaskAndVerify("test1"); //$NON-NLS-1$
 		InputSource is = new InputSource(reportFolder.getFile("not_searched.xml").getContents()); //$NON-NLS-1$
-		DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+		DocumentBuilder db = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+				.newDocumentBuilder();
 		Document doc = db.parse(is);
 
 		NodeList elems = doc.getElementsByTagName("component"); //$NON-NLS-1$

apitools/org.eclipse.pde.api.tools.tests/src/org/eclipse/pde/api/tools/anttasks/tests/ApiToolingCompareAntTaskTests.java

@@ -20,17 +20,18 @@
 import java.util.Properties;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
 import org.eclipse.core.resources.IFolder;
 import org.eclipse.core.runtime.CoreException;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
+@SuppressWarnings("restriction")
 public class ApiToolingCompareAntTaskTests extends AntRunnerTestCase {
 
 	@Override
@@ -59,7 +60,8 @@ private void runTaskAndVerify(String resourceName) throws Exception, CoreExcepti
 		assertTrue("report folder must exist", folder.exists()); //$NON-NLS-1$
 		assertTrue("report xml must exist", folder.getFile("compare.xml").exists()); //$NON-NLS-1$ //$NON-NLS-2$
 		InputSource is = new InputSource(folder.getFile("compare.xml").getContents()); //$NON-NLS-1$
-		DocumentBuilder db = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+		DocumentBuilder db = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+				.newDocumentBuilder();
 		Document doc = db.parse(is);
 		NodeList elems = doc.getElementsByTagName("delta"); //$NON-NLS-1$
 		boolean found = false;

apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/ApiBaselineManager.java

@@ -33,7 +33,6 @@
 import java.util.concurrent.ConcurrentHashMap;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 
@@ -64,6 +63,7 @@
 import org.eclipse.pde.core.plugin.ModelEntry;
 import org.eclipse.pde.core.plugin.PluginRegistry;
 import org.eclipse.pde.internal.core.DependencyManager;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -447,7 +447,7 @@ public IApiComponent[] readBaselineComponents(ApiBaseline baseline, InputStream
 		DocumentBuilder parser = null;
 		IApiComponent[] restored = null;
 		try {
-			parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			parser = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
 			parser.setErrorHandler(new DefaultHandler());
 		} catch (ParserConfigurationException | FactoryConfigurationError e) {
 			abort("Error restoring API baseline", e); //$NON-NLS-1$

apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlReferenceDescriptorWriter.java

@@ -28,7 +28,6 @@
 import java.util.Set;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 
@@ -47,6 +46,7 @@
 import org.eclipse.pde.api.tools.internal.provisional.model.IApiMember;
 import org.eclipse.pde.api.tools.internal.util.Signatures;
 import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
@@ -87,7 +87,7 @@ public class XmlReferenceDescriptorWriter {
 	public XmlReferenceDescriptorWriter(String location) {
 		fLocation = location;
 		try {
-			parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			parser = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
 			parser.setErrorHandler(new DefaultHandler());
 		} catch (FactoryConfigurationError | ParserConfigurationException pce) {
 			ApiPlugin.log(pce);

apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/search/XmlSearchReporter.java

@@ -24,7 +24,6 @@
 import java.util.List;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.FactoryConfigurationError;
 import javax.xml.parsers.ParserConfigurationException;
 
@@ -40,6 +39,7 @@
 import org.eclipse.pde.api.tools.internal.provisional.search.IApiSearchReporter;
 import org.eclipse.pde.api.tools.internal.provisional.search.IMetadata;
 import org.eclipse.pde.api.tools.internal.util.Util;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.xml.sax.helpers.DefaultHandler;
@@ -69,7 +69,7 @@ public XmlSearchReporter(String location, boolean debug) {
 		fLocation = location;
 		this.debug = debug;
 		try {
-			parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			parser = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
 			parser.setErrorHandler(new DefaultHandler());
 		} catch (FactoryConfigurationError | ParserConfigurationException pce) {
 			ApiPlugin.log(pce);

apitools/org.eclipse.pde.api.tools/src/org/eclipse/pde/api/tools/internal/util/Util.java

@@ -141,6 +141,7 @@
 import org.eclipse.pde.api.tools.internal.provisional.problems.IApiProblem;
 import org.eclipse.pde.api.tools.internal.provisional.problems.IApiProblemTypes;
 import org.eclipse.pde.api.tools.internal.search.SkippedComponent;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.eclipse.pde.internal.core.util.XmlTransformerFactory;
 import org.objectweb.asm.Opcodes;
 import org.osgi.framework.Version;
@@ -1788,7 +1789,7 @@ public static boolean isBinaryProject(IProject project) {
 	 * @throws CoreException if unable to create a new document
 	 */
 	public static Document newDocument() throws CoreException {
-		DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+		DocumentBuilderFactory dfactory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 		DocumentBuilder docBuilder = null;
 		try {
 			docBuilder = dfactory.newDocumentBuilder();
@@ -1811,7 +1812,8 @@ public static Element parseDocument(String document) throws CoreException {
 		Element root = null;
 		InputStream stream = null;
 		try {
-			DocumentBuilder parser = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			DocumentBuilder parser = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+					.newDocumentBuilder();
 			parser.setErrorHandler(new DefaultHandler());
 			stream = new ByteArrayInputStream(document.getBytes(StandardCharsets.UTF_8));
 			root = parser.parse(stream).getDocumentElement();

ds/org.eclipse.pde.ds.core/src/org/eclipse/pde/internal/ds/core/builders/XMLErrorReporter.java

@@ -36,6 +36,7 @@
 import org.eclipse.jface.text.IRegion;
 import org.eclipse.jface.text.Position;
 import org.eclipse.pde.internal.core.builders.CompilerFlags;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Element;
 import org.w3c.dom.Text;
 import org.xml.sax.Attributes;
@@ -168,7 +169,7 @@ public void warning(SAXParseException exception) throws SAXException {
 
 	@Override
 	public void startDocument() throws SAXException {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 		try {
 			// TODO we should be using a dom level 2 impl
 			fXMLDocument = factory.newDocumentBuilder().newDocument();

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/PDEAuxiliaryState.java

@@ -33,6 +33,7 @@
 import org.eclipse.pde.core.plugin.IPluginModelBase;
 import org.eclipse.pde.internal.core.ibundle.IBundleModel;
 import org.eclipse.pde.internal.core.ibundle.IBundlePluginModelBase;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.osgi.framework.BundleException;
 import org.osgi.framework.Constants;
 import org.w3c.dom.Document;
@@ -202,7 +203,7 @@ public boolean exportsExternalAnnotations(long bundleID) {
 	 */
 	protected void savePluginInfo(File dir) {
 		try {
-			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+			DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 			Document doc = factory.newDocumentBuilder().newDocument();
 			Element root = doc.createElement(ELEMENT_ROOT);
 
@@ -262,7 +263,8 @@ protected boolean readPluginInfoCache(File dir) {
 		File file = new File(dir, CACHE_EXTENSION);
 		if (file.exists() && file.isFile()) {
 			try {
-				DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+				DocumentBuilderFactory factory = XmlDocumentBuilderFactory
+						.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 				DocumentBuilder documentBuilder = factory.newDocumentBuilder();
 				documentBuilder.setErrorHandler(new DefaultHandler());
 				Document doc = documentBuilder.parse(file);
@@ -302,7 +304,8 @@ protected boolean exists(File dir) {
 	 */
 	public static void writePluginInfo(IPluginModelBase[] models, File destination) {
 		try {
-			DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			DocumentBuilder builder = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+					.newDocumentBuilder();
 			Document doc = builder.newDocument();
 
 			Element root = doc.createElement(ELEMENT_ROOT);

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/XMLDefaultHandler.java

@@ -19,6 +19,7 @@
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.Text;
@@ -74,7 +75,7 @@ public void setDocumentLocator(Locator locator) {
 
 	@Override
 	public void startDocument() throws SAXException {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 		try {
 			fDocument = factory.newDocumentBuilder().newDocument();
 		} catch (ParserConfigurationException e) {

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/BuildErrorReporter.java

@@ -30,7 +30,6 @@
 import java.util.regex.Pattern;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathFactory;
@@ -72,6 +71,7 @@
 import org.eclipse.pde.internal.core.text.build.BuildModel;
 import org.eclipse.pde.internal.core.util.CoreUtility;
 import org.eclipse.pde.internal.core.util.PatternConstructor;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.osgi.framework.Constants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
@@ -691,7 +691,8 @@ private void validateBinIncludes(IBuildEntry binIncludes, List<IBuildEntry> outp
 	// if we're defining fragments, make sure they have entries in plugin.xml
 	private void validateFragmentContributions(IBuildEntry binIncludes) {
 		try {
-			DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			DocumentBuilder newDocumentBuilder = XmlDocumentBuilderFactory
+					.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
 			newDocumentBuilder.setErrorHandler(new PDEErrorHandler());
 			Document doc = newDocumentBuilder.parse(PDEProject.getPluginXml(fProject).getContents());
 			XPath xpath = XPathFactory.newInstance().newXPath();
@@ -707,7 +708,8 @@ private void validateFragmentContributions(IBuildEntry binIncludes) {
 	// if we're defining an application, make sure it has entries in plugin.xml
 	private void validateApplicationContributions(IBuildEntry binIncludes) {
 		try {
-			DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			DocumentBuilder newDocumentBuilder = XmlDocumentBuilderFactory
+					.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder();
 			newDocumentBuilder.setErrorHandler(new PDEErrorHandler());
 			Document doc = newDocumentBuilder.parse(PDEProject.getPluginXml(fProject).getContents());
 			XPath xpath = XPathFactory.newInstance().newXPath();

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/builders/XMLErrorReporter.java

@@ -39,6 +39,7 @@
 import org.eclipse.pde.internal.core.PDECoreMessages;
 import org.eclipse.pde.internal.core.TargetPlatformHelper;
 import org.eclipse.pde.internal.core.builders.IncrementalErrorReporter.VirtualMarker;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -201,7 +202,7 @@ public void warning(SAXParseException exception) throws SAXException {
 
 	@Override
 	public void startDocument() throws SAXException {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 		try {
 			fXMLDocument = factory.newDocumentBuilder().newDocument();
 		} catch (ParserConfigurationException e) {

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/exports/FeatureExportOperation.java

@@ -102,6 +102,7 @@
 import org.eclipse.pde.internal.core.project.PDEProject;
 import org.eclipse.pde.internal.core.target.TargetMetadataCollector;
 import org.eclipse.pde.internal.core.util.CoreUtility;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.osgi.framework.InvalidSyntaxException;
 import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
@@ -886,7 +887,7 @@ protected void cleanup(IProgressMonitor monitor) {
 		File scriptFile = null;
 		try {
 			scriptFile = createScriptFile("zip.xml"); //$NON-NLS-1$
-			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+			DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 			Document doc = factory.newDocumentBuilder().newDocument();
 
 			Element root = doc.createElement("project"); //$NON-NLS-1$
@@ -958,7 +959,8 @@ private String logName(String[] config) {
 	private void createFeature(String featureID, String featureLocation, Object[] featuresExported, Document doc, Element root, Properties prop) throws IOException {
 		try {
 			if (doc == null) {
-				DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+				DocumentBuilderFactory factory = XmlDocumentBuilderFactory
+						.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 				doc = factory.newDocumentBuilder().newDocument();
 				root = doc.createElement("feature"); //$NON-NLS-1$
 				root.setAttribute("id", featureID); //$NON-NLS-1$
@@ -1064,7 +1066,7 @@ protected void createFeature(String featureID, String featureLocation, String[][
 		}
 
 		try {
-			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+			DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 			Document doc = factory.newDocumentBuilder().newDocument();
 			Element root = doc.createElement("feature"); //$NON-NLS-1$
 			root.setAttribute("id", featureID); //$NON-NLS-1$

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/plugin/PluginHandler.java

@@ -23,6 +23,7 @@
 
 import org.eclipse.pde.internal.core.TargetPlatformHelper;
 import org.eclipse.pde.internal.core.util.IdUtil;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.w3c.dom.DOMException;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -99,7 +100,7 @@ public void setDocumentLocator(Locator locator) {
 
 	@Override
 	public void startDocument() throws SAXException {
-		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+		DocumentBuilderFactory factory = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
 		try {
 			fDocument = factory.newDocumentBuilder().newDocument();
 		} catch (ParserConfigurationException e) {

ui/org.eclipse.pde.core/src/org/eclipse/pde/internal/core/target/IUBundleContainer.java

@@ -36,7 +36,6 @@
 import java.util.stream.IntStream;
 
 import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
@@ -69,6 +68,7 @@
 import org.eclipse.pde.core.target.TargetBundle;
 import org.eclipse.pde.core.target.TargetFeature;
 import org.eclipse.pde.internal.core.PDECore;
+import org.eclipse.pde.internal.core.util.XmlDocumentBuilderFactory;
 import org.eclipse.pde.internal.core.util.XmlTransformerFactory;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -701,7 +701,8 @@ public String serialize() {
 		Element containerElement;
 		Document document;
 		try {
-			DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+			DocumentBuilder docBuilder = XmlDocumentBuilderFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE()
+					.newDocumentBuilder();
 			document = docBuilder.newDocument();
 		} catch (Exception e) {
 			PDECore.log(e);