Package com.sdl.delivery.security.xml

Enum Class XmlRestriction

java.lang.Object
java.lang.Enum<XmlRestriction>
com.sdl.delivery.security.xml.XmlRestriction
All Implemented Interfaces:
Serializable, Comparable<XmlRestriction>, Constable
public enum XmlRestriction extends Enum<XmlRestriction>
Defines a restriction type (such as protocol name) for passing to XML stuff. list of java protocols may be found here: https://stackoverflow.com/questions/5742774/testing-with-java-protocol-notations-for-urlconnection

  • Enum Constant Details

    • ALLOW_EXTERNAL_DTD_NONE

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_NONE
      disables external DTD.

    • ALLOW_EXTERNAL_DTD_FILE

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_FILE
      enables external DTD only for files.

    • ALLOW_EXTERNAL_DTD_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_JAR
      enables external DTD only for jars.

    • ALLOW_EXTERNAL_DTD_FILE_IN_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_FILE_IN_JAR
      enables external DTD only for files in jars.

    • ALLOW_EXTERNAL_DTD_HTTP

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_HTTP
      enables external DTD only for http.

    • ALLOW_EXTERNAL_DTD_HTTPS

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_HTTPS
      enables external DTD only for https.

    • ALLOW_EXTERNAL_DTD_FTP

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_FTP
      enables external DTD only for ftp.

    • ALLOW_EXTERNAL_DTD_FTPS

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_FTPS
      enables external DTD only for ftps.

    • ALLOW_EXTERNAL_DTD_SFTP

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_SFTP
      enables external DTD only for sftp.

    • ALLOW_EXTERNAL_DTD_ALL

      public static final XmlRestriction ALLOW_EXTERNAL_DTD_ALL
      enables external DTD for all protocols.

    • ALLOW_EXTERNAL_SCHEMA_NONE

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_NONE
      disables external XSD.

    • ALLOW_EXTERNAL_SCHEMA_FILE

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_FILE
      enables external XSD only for files.

    • ALLOW_EXTERNAL_SCHEMA_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_JAR
      enables external XSD only for jars.

    • ALLOW_EXTERNAL_SCHEMA_FILE_IN_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_FILE_IN_JAR
      enables external XSD only for files in jar.

    • ALLOW_EXTERNAL_SCHEMA_HTTP

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_HTTP
      enables external XSD only for http.

    • ALLOW_EXTERNAL_SCHEMA_HTTPS

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_HTTPS
      enables external XSD only for https.

    • ALLOW_EXTERNAL_SCHEMA_FTP

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_FTP
      enables external XSD only for ftp.

    • ALLOW_EXTERNAL_SCHEMA_FTPS

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_FTPS
      enables external XSD only for ftp.

    • ALLOW_EXTERNAL_SCHEMA_SFTP

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_SFTP
      enables external XSD only for sftp.

    • ALLOW_EXTERNAL_SCHEMA_ALL

      public static final XmlRestriction ALLOW_EXTERNAL_SCHEMA_ALL
      enables external XSD for all protocols.

    • ALLOW_EXTERNAL_STYLESHEET_NONE

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_NONE
      disables external XSL.

    • ALLOW_EXTERNAL_STYLESHEET_FILE

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_FILE
      enables external XSL only for files.

    • ALLOW_EXTERNAL_STYLESHEET_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_JAR
      enables external XSL only for jars.

    • ALLOW_EXTERNAL_STYLESHEET_FILE_IN_JAR

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_FILE_IN_JAR
      enables external XSL only for files in jar.

    • ALLOW_EXTERNAL_STYLESHEET_HTTP

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_HTTP
      enables external XSL only for http.

    • ALLOW_EXTERNAL_STYLESHEET_HTTPS

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_HTTPS
      enables external XSL only for https.

    • ALLOW_EXTERNAL_STYLESHEET_FTP

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_FTP
      enables external XSL only for ftp.

    • ALLOW_EXTERNAL_STYLESHEET_FTPS

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_FTPS
      enables external XSL only for ftps.

    • ALLOW_EXTERNAL_STYLESHEET_SFTP

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_SFTP
      enables external XSL only for sftp.

    • ALLOW_EXTERNAL_STYLESHEET_ALL

      public static final XmlRestriction ALLOW_EXTERNAL_STYLESHEET_ALL
      enables external XSL.

  • Method Details

    • values

      public static XmlRestriction[] values()
      Returns an array containing the constants of this enum class, in the order they are declared.
      Returns:
      an array containing the constants of this enum class, in the order they are declared

    • valueOf

      public static XmlRestriction valueOf(String name)
      Returns the enum constant of this class with the specified name. The string must match exactly an identifier used to declare an enum constant in this class. (Extraneous whitespace characters are not permitted.)
      Parameters:
      name - the name of the enum constant to be returned.
      Returns:
      the enum constant with the specified name
      Throws:
      IllegalArgumentException - if this enum class has no constant with the specified name
      NullPointerException - if the argument is null

    • getProtocol

      public String getProtocol()

    • getResourceType

      public ResourceType getResourceType()

    • makeForLocalFiles

      public static XmlRestriction[] makeForLocalFiles()
      Provides a full list of possible allowance to enable XLST working with local files. To exploit the XXE vulnerability our XML/XSL/XSD have to be replaced with external links. It might be done only if access to file system is not restricted.
      Returns:
      array of restrictions which are allowed for XSLT

    • makeForRemoteFiles

      public static XmlRestriction[] makeForRemoteFiles()
      Provides a full list of possible allowance to enable XLST working with remote files. These allowed restrictions are dangerous (XXE vulnerability is based on possibility to use not allowed XSL/XSD and external entities in XML) so it needs to be used carefully.
      Returns:
      array of restrictions which are allowed for XSLT