Merge branch 'feature/permit-disable-namespace-awareness'

Author: jmurty

CHANGES.md

@@ -11,6 +11,14 @@ Fixes:
   are now only parsed if this feature is explicitly enabled by passing a boolean
   flag value to the #create and #parse methods.  
   WARNING: This will break code that expects external entities to be parsed.
+  
+Enhancements:
+
+* Permit users to disable namespace-awareness in the underlying
+  DocumentBuilderFactory when constructing the builder with extended `create()`
+  and `parse()` methods. Namespace awareness is enabled by default unless you
+  use the more explicit versions of these methods that take additional
+  `enableExternalEntities` and `isNamespaceAware` parameters. 
 
 Version 1.1 - 22 July 2014
 --------------------------

README.md

@@ -351,6 +351,22 @@ To produce:
 </Projects>
 ```
 
+### Configuring advanced features
+
+When creating or parsing a document you can enable and disable advanced
+features by using the more explicit versions of the `parse()` and `create()`
+constructors.
+
+You can:
+
+* use the `enableExternalEntities` flag to enable or disable external entities.  
+  NOTE: you should leave these disabled, as they are by default, unless you
+  really need them because they open you to XML External Entity (XXE) injection
+  attacks.
+* use the `isNamespaceAware` flag to enable or disable namespace awareness in
+  the underlying `DocumentBuilderFactory`.
+ 
+
 Release History
 ---------------
 

src/main/java/com/jamesmurty/utils/BaseXMLBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2014 James Murty (www.jamesmurty.com)
+ * Copyright 2008-2017 James Murty (www.jamesmurty.com)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -74,8 +74,6 @@ public abstract class BaseXMLBuilder {
      */
     private Node xmlNode = null;
 
-    private static boolean isNamespaceAware = true;
-
     /**
      * If true, the builder will raise an {@link XMLBuilderRuntimeException}
      * if external general and parameter entities cannot be explicitly enabled
@@ -199,14 +197,20 @@ protected static void enableOrDisableExternalEntityParsing(
      * the name of the document's root element.
      * @param namespaceURI
      * default namespace URI for document, ignored if null or empty.
+     * @param enableExternalEntities
+     * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * an XML Document.
      *
      * @throws FactoryConfigurationError
      * @throws ParserConfigurationException
      */
     protected static Document createDocumentImpl(
-        String name, String namespaceURI, boolean enableExternalEntities)
+        String name, String namespaceURI, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, FactoryConfigurationError
     {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
@@ -229,6 +233,11 @@ protected static Document createDocumentImpl(
      *
      * @param inputSource
      * an XML document input source that will be parsed into a DOM.
+     * @param enableExternalEntities
+     * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      * @throws ParserConfigurationException
@@ -239,7 +248,8 @@ protected static Document createDocumentImpl(
      * @throws SAXException
      */
     protected static Document parseDocumentImpl(
-        InputSource inputSource, boolean enableExternalEntities)
+        InputSource inputSource, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, SAXException, IOException
     {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

src/main/java/com/jamesmurty/utils/XMLBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2014 James Murty (www.jamesmurty.com)
+ * Copyright 2008-2017 James Murty (www.jamesmurty.com)
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -101,18 +101,22 @@ protected XMLBuilder(Node myNode, Node parentNode) {
      * default namespace URI for document, ignored if null or empty.
      * @param enableExternalEntities
      * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      *
      * @throws FactoryConfigurationError
      * @throws ParserConfigurationException
      */
     public static XMLBuilder create(String name, String namespaceURI,
-        boolean enableExternalEntities)
+        boolean enableExternalEntities, boolean isNamespaceAware)
         throws ParserConfigurationException, FactoryConfigurationError
     {
         return new XMLBuilder(
-            createDocumentImpl(name, namespaceURI, enableExternalEntities));
+            createDocumentImpl(
+                name, namespaceURI, enableExternalEntities, isNamespaceAware));
     }
 
     /**
@@ -124,16 +128,20 @@ public static XMLBuilder create(String name, String namespaceURI,
      * the name of the document's root element.
      * @param enableExternalEntities
      * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      *
      * @throws FactoryConfigurationError
      * @throws ParserConfigurationException
      */
-    public static XMLBuilder create(String name, boolean enableExternalEntities)
+    public static XMLBuilder create(String name, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, FactoryConfigurationError
     {
-        return create(name, null, enableExternalEntities);
+        return create(name, null, enableExternalEntities, isNamespaceAware);
     }
 
     /**
@@ -146,6 +154,7 @@ public static XMLBuilder create(String name, boolean enableExternalEntities)
      * the name of the document's root element.
      * @param namespaceURI
      * default namespace URI for document, ignored if null or empty.
+
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      *
@@ -155,7 +164,7 @@ public static XMLBuilder create(String name, boolean enableExternalEntities)
     public static XMLBuilder create(String name, String namespaceURI)
         throws ParserConfigurationException, FactoryConfigurationError
     {
-        return create(name, namespaceURI, false);
+        return create(name, namespaceURI, false, true);
     }
 
     /**
@@ -186,6 +195,9 @@ public static XMLBuilder create(String name)
      * an XML document input source that will be parsed into a DOM.
      * @param enableExternalEntities
      * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      * @throws ParserConfigurationException
@@ -196,11 +208,13 @@ public static XMLBuilder create(String name)
      * @throws SAXException
      */
     public static XMLBuilder parse(
-        InputSource inputSource, boolean enableExternalEntities)
+        InputSource inputSource, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, SAXException, IOException
     {
         return new XMLBuilder(
-            parseDocumentImpl(inputSource, enableExternalEntities));
+            parseDocumentImpl(
+                inputSource, enableExternalEntities, isNamespaceAware));
     }
 
     /**
@@ -212,6 +226,9 @@ public static XMLBuilder parse(
      * an XML document string that will be parsed into a DOM.
      * @param enableExternalEntities
      * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      *
@@ -222,12 +239,14 @@ public static XMLBuilder parse(
      * @throws SAXException
      */
     public static XMLBuilder parse(
-        String xmlString, boolean enableExternalEntities)
+        String xmlString, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, SAXException, IOException
     {
         return XMLBuilder.parse(
             new InputSource(new StringReader(xmlString)),
-            enableExternalEntities);
+            enableExternalEntities,
+            isNamespaceAware);
     }
 
     /**
@@ -239,6 +258,9 @@ public static XMLBuilder parse(
      * an XML document file that will be parsed into a DOM.
      * @param enableExternalEntities
      * enable external entities; beware of XML External Entity (XXE) injection.
+     * @param isNamespaceAware
+     * enable or disable namespace awareness in the underlying
+     * {@link DocumentBuilderFactory}
      * @return
      * a builder node that can be used to add more nodes to the XML document.
      *
@@ -248,11 +270,14 @@ public static XMLBuilder parse(
      * @throws IOException
      * @throws SAXException
      */
-    public static XMLBuilder parse(File xmlFile, boolean enableExternalEntities)
+    public static XMLBuilder parse(File xmlFile, boolean enableExternalEntities,
+        boolean isNamespaceAware)
         throws ParserConfigurationException, SAXException, IOException
     {
         return XMLBuilder.parse(
-            new InputSource(new FileReader(xmlFile)), enableExternalEntities);
+            new InputSource(new FileReader(xmlFile)),
+            enableExternalEntities,
+            isNamespaceAware);
     }
 
     /**
@@ -274,7 +299,7 @@ public static XMLBuilder parse(File xmlFile, boolean enableExternalEntities)
     public static XMLBuilder parse(InputSource inputSource)
         throws ParserConfigurationException, SAXException, IOException
     {
-        return XMLBuilder.parse(inputSource, false);
+        return XMLBuilder.parse(inputSource, false, true);
     }
 
     /**
@@ -296,7 +321,7 @@ public static XMLBuilder parse(InputSource inputSource)
     public static XMLBuilder parse(String xmlString)
         throws ParserConfigurationException, SAXException, IOException
     {
-        return XMLBuilder.parse(xmlString, false);
+        return XMLBuilder.parse(xmlString, false, true);
     }
 
     /**
@@ -318,7 +343,7 @@ public static XMLBuilder parse(String xmlString)
     public static XMLBuilder parse(File xmlFile)
         throws ParserConfigurationException, SAXException, IOException
     {
-        return XMLBuilder.parse(xmlFile, false);
+        return XMLBuilder.parse(xmlFile, false, true);
     }
 
     @Override