source: NonGTP/Xerces/xerces/include/xercesc/util/SecurityManager.hpp @ 358

Revision 358, 5.0 KB checked in by bittner, 19 years ago (diff)

xerces added

Line 
1/*
2 * Copyright 2003,2004 The Apache Software Foundation.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/*
18 * $Log: SecurityManager.hpp,v $
19 * Revision 1.4  2004/09/08 13:56:23  peiyongz
20 * Apache License Version 2.0
21 *
22 * Revision 1.3  2004/01/29 11:48:46  cargilld
23 * Code cleanup changes to get rid of various compiler diagnostic messages.
24 *
25 * Revision 1.2  2003/04/22 12:53:38  neilg
26 * change const static member to an enum to make MSVC happy
27 *
28 * change ENTITY_EXPANSION_LIMIT from a static const data member to an enum
29 *
30 * Revision 1.1  2003/04/17 21:58:49  neilg
31 * Adding a new property,
32 * http://apache.org/xml/properties/security-manager, with
33 * appropriate getSecurityManager/setSecurityManager methods on DOM
34 * and SAX parsers.  Also adding a new SecurityManager class.
35 *
36 * The purpose of these modifications is to permit applications a
37 * means to have the parser reject documents whose processing would
38 * otherwise consume large amounts of system resources.  Malicious
39 * use of such documents could be used to launch a denial-of-service
40 * attack against a system running the parser.  Initially, the
41 * SecurityManager only knows about attacks that can result from
42 * exponential entity expansion; this is the only known attack that
43 * involves processing a single XML document.  Other, simlar attacks
44 * can be launched if arbitrary schemas may be parsed; there already
45 * exist means (via use of the EntityResolver interface) by which
46 * applications can deny processing of untrusted schemas.  In future,
47 * the SecurityManager will be expanded to take these other exploits
48 * into account.
49 *
50 * Initial checkin of SecurityManager
51 *
52 * $Id: SecurityManager.hpp,v 1.4 2004/09/08 13:56:23 peiyongz Exp $
53 *
54 */
55
56#ifndef SECURITYMANAGER_HPP
57#define SECURITYMANAGER_HPP
58
59#include <xercesc/util/XercesDefs.hpp>
60
61XERCES_CPP_NAMESPACE_BEGIN
62
63/**
64  * Allow application to force the parser to behave in a security-conscious
65  * way.
66  *
67  * <p> There are cases in which an XML- or XmL-schema-
68  * conformant processor can be presented with documents the
69  * processing of which can involve the consumption of
70  * prohibitive amounts of system resources.  Applications can
71  * attach instances of this class to parsers that they've
72  * created, via the
73  * http://apache.org/xml/properties/security-manager property. 
74  * </p>
75  *
76  * <p> Defaults will be provided for all known security holes.
77  * Setter methods will be provided on this class to ensure that
78  * an application can customize each limit as it chooses.
79  * Components that are vulnerable to any given hole need to be
80  * written to act appropriately when an instance of this class
81  * has been set on the calling parser.
82  * </p>
83  */
84
85class XMLUTIL_EXPORT SecurityManager
86{
87public:
88
89    enum { ENTITY_EXPANSION_LIMIT = 50000};
90
91    /** @name default Constructors */
92    //@{
93    /** Default constructor */
94    SecurityManager()
95        : fEntityExpansionLimit(ENTITY_EXPANSION_LIMIT)
96    {       
97    }
98
99    /** Destructor */
100    virtual ~SecurityManager(){};   
101    //@}
102
103    /** @name The Security Manager */
104    //@{
105   /**
106    * An application should call this method when it wishes to specify a particular
107    * limit to the number of entity expansions the parser will permit in a
108    * particular document.  The default behaviour should allow the parser
109    * to validate nearly all XML non-malicious XML documents; if an
110    * application knows that it is operating in a domain where entities are
111    * uncommon, for instance, it may wish to provide a limit lower than the
112    * parser's default.
113    *
114    * @param newLimit  the new entity expansion limit
115    *
116    */
117    virtual void setEntityExpansionLimit(unsigned int newLimit)
118    {
119        fEntityExpansionLimit = newLimit;
120    }
121
122   /**
123    * Permits the application or a parser component to query the current
124    * limit for entity expansions.
125    *
126    * @return   the current setting of the entity expansion limit
127    *
128    */
129    virtual unsigned int getEntityExpansionLimit() const
130    {
131        return fEntityExpansionLimit;
132    }
133    //@}
134
135protected:
136    unsigned int fEntityExpansionLimit;
137
138private:
139
140    /* Unimplemented Constructors and operators */
141    /* Copy constructor */
142    SecurityManager(const SecurityManager&);
143   
144    /** Assignment operator */
145    SecurityManager& operator=(const SecurityManager&);
146};
147
148XERCES_CPP_NAMESPACE_END
149
150#endif
Note: See TracBrowser for help on using the repository browser.