Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spring fails to determine XML is XSD-based if DOCTYPE appears in a comment #27915

Closed
shooye opened this issue Jan 11, 2022 · 4 comments
Closed

Spring fails to determine XML is XSD-based if DOCTYPE appears in a comment #27915

shooye opened this issue Jan 11, 2022 · 4 comments
Assignees
@sbrannen
Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: bug A general bug
Milestone
5.3.16

Comments

@shooye
Copy link

shooye commented Jan 11, 2022
edited
Loading

Affects: 5.3.14 and earlier

If you want to load a DTD configuration file, <! -- Different positions from --> will affect the loading of spring.

If my profile is written like this:

<?xml version="1.0" encoding="UTF-8"?>

<!--

DOCTYPE -->  <!--  -->
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

</beans>

Then, when Spring is used to load the configuration file, an exception will appear.

This is because there is a bug when determining the profile validation pattern.

In org.springframework.util.xml.XmlValidationModeDetector,Spring analyzes programs one line at a time.

However, each analysis focuses only on the first <!-- in each line. Spring will put <!-- The previous content is not considered as a comment.
Thus, the situation in the above example is ignored.

I think that can result in org.springframework.util.xml.XmlValidationModeDetector#consumeCommentTokens(String line) return to add the following code before:

@Nullable
private String consumeCommentTokens(String line) {
    int indexOfStartComment = line.indexOf(START_COMMENT);
    if (indexOfStartComment == -1 && !line.contains(END_COMMENT)) {
        return line;
    }

    String result = "";
    String currLine = line;
    if (indexOfStartComment >= 0) {
        result = line.substring(0, indexOfStartComment);
        currLine = line.substring(indexOfStartComment);
    }

    while ((currLine = consume(currLine)) != null) {
        if (!this.inComment && !currLine.trim().startsWith(START_COMMENT)) {
            int index = result.indexOf(END_COMMENT);
            if(index != -1) result = result.substring(index + END_COMMENT.length());
            return result + currLine;
        }
    }
    return null;
}

It can be removed in front of '-->'.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 11, 2022
@sbrannen
Copy link
Member

This is closely related to:

Thanks for raising the issue. We'll look into it.

@sbrannen sbrannen added the in: core Issues in core modules (aop, beans, core, context, expression) label Jan 11, 2022
@sbrannen sbrannen changed the title It may be a bug. Different comment positions may affect Spring's loading of DTD configuration files. Spring fails to determine XML is XSD-based if DOCTYPE appears in a comment Jan 11, 2022
@sbrannen sbrannen added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 11, 2022
@sbrannen sbrannen self-assigned this Jan 11, 2022
@sbrannen sbrannen added this to the 5.3.15 milestone Jan 11, 2022
@sbrannen
Copy link
Member

The proposed change results in a StringIndexOutOfBoundsException for an existing test in XmlValidationModeDetectorTests. So we'll investigate an alternative solution.

@shooye
Copy link
Author

shooye commented Jan 12, 2022
edited
Loading

The proposed change results in a StringIndexOutOfBoundsException for an existing test in XmlValidationModeDetectorTests. So we'll investigate an alternative solution.

@sbrannen

Sorry, my carelessness caused StringIndexOutOfBoundsException.
I tried to modify the org.springframework.util.xml.XmlValidationModeDetector.Probably changed two or three methods:

I created 15 XML files and generated several random XML files using the program.

These files even contain the following extreme cases:

<!DOC<!-- comment -->TYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "https://www.springframework.org/dtd/spring-beans-2.0.dtd">

All files passed the test.

I package and upload the modified code and these test files.I hope my method can solve this problem.

XmlValidationModeDetector.zip

@sbrannen
Copy link
Member

Hi @shooye,

Thanks for working on it and providing the ZIP file.

I took a look at it, and it appears to fix the issue; however, I noticed that you introduced a second boolean flag to track whether we're "in a comment", and I thought we would still only need a single flag for that.

In any case, the proper way to submit a fix is via a PR so that we can be sure you have signed the contributor agreement.

If you have time to submit a PR, that would be great. Otherwise, I will likely attempt to fix the issue myself.

Cheers,

Sam

@shooye shooye mentioned this issue Jan 12, 2022
Closed
@sbrannen sbrannen modified the milestones: 5.3.15, 5.3.16 Jan 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbrannen sbrannen

Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: bug A general bug
Projects
None yet
Milestone
5.3.16
3 participants
@sbrannen @spring-projects-issues @shooye