Weird Entity Expansion Case



I am currently dealing with a rather weird case of entity expansion problem.



SAXParserFactory spf = SAXParserFactory.newInstance();
    spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    XMLReader xmlReader = spf.newSAXParser().getXMLReader();
    InputSource inputSource = new InputSource(new FileReader("input.xml"));
    SAXSource source = new SAXSource(xmlReader, inputSource);

    Unmarshaller unmarshaller = jc.createUnmarshaller();
    Foo foo = (Foo) unmarshaller.unmarshal(source);


Code is taken from http://ift.tt/1xfjFML. I am using similar code in my application. Now when I feed xml like



<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>


I get "The parser has encountered more than "64,000" entity expansions in this document; this is the limit imposed by the application. Exception in thread "main" javax.xml.bind.UnmarshalException" which is expected behavior. I catch it and handle gracefully. However, our testing team produced this example



    <!DOCTYPE lolz [
<!ENTITY lul "lulllullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullullul">
  ]>

 <someTag>&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;&lul;  </someTag>


well the original lines are much longer :) Anyway, when I feed this type of xml, the app does not crash, but the CPU usage becomes unacceptably high and no exception is thrown. Is there any way I can prevent this? Setting certain limits?


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)