source: NonGTP/Xerces/xercesc/util/SecurityManager.hpp @ 188

Revision 188, 6.9 KB checked in by mattausch, 19 years ago (diff)

added xercesc to support

Line 
1/*
2 * The Apache Software License, Version 1.1
3 *
4 * Copyright (c) 2003 The Apache Software Foundation.  All rights
5 * reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in
16 *    the documentation and/or other materials provided with the
17 *    distribution.
18 *
19 * 3. The end-user documentation included with the redistribution,
20 *    if any, must include the following acknowledgment:
21 *       "This product includes software developed by the
22 *        Apache Software Foundation (http://www.apache.org/)."
23 *    Alternately, this acknowledgment may appear in the software itself,
24 *    if and wherever such third-party acknowledgments normally appear.
25 *
26 * 4. The names "Xerces" and "Apache Software Foundation" must
27 *    not be used to endorse or promote products derived from this
28 *    software without prior written permission. For written
29 *    permission, please contact apache\@apache.org.
30 *
31 * 5. Products derived from this software may not be called "Apache",
32 *    nor may "Apache" appear in their name, without prior written
33 *    permission of the Apache Software Foundation.
34 *
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 * SUCH DAMAGE.
47 * ====================================================================
48 *
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation, and was
51 * originally based on software copyright (c) 1999, International
52 * Business Machines, Inc., http://www.ibm.com .  For more information
53 * on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57/*
58 * $Log: SecurityManager.hpp,v $
59 * Revision 1.3  2004/01/29 11:48:46  cargilld
60 * Code cleanup changes to get rid of various compiler diagnostic messages.
61 *
62 * Revision 1.2  2003/04/22 12:53:38  neilg
63 * change const static member to an enum to make MSVC happy
64 *
65 * change ENTITY_EXPANSION_LIMIT from a static const data member to an enum
66 *
67 * Revision 1.1  2003/04/17 21:58:49  neilg
68 * Adding a new property,
69 * http://apache.org/xml/properties/security-manager, with
70 * appropriate getSecurityManager/setSecurityManager methods on DOM
71 * and SAX parsers.  Also adding a new SecurityManager class.
72 *
73 * The purpose of these modifications is to permit applications a
74 * means to have the parser reject documents whose processing would
75 * otherwise consume large amounts of system resources.  Malicious
76 * use of such documents could be used to launch a denial-of-service
77 * attack against a system running the parser.  Initially, the
78 * SecurityManager only knows about attacks that can result from
79 * exponential entity expansion; this is the only known attack that
80 * involves processing a single XML document.  Other, simlar attacks
81 * can be launched if arbitrary schemas may be parsed; there already
82 * exist means (via use of the EntityResolver interface) by which
83 * applications can deny processing of untrusted schemas.  In future,
84 * the SecurityManager will be expanded to take these other exploits
85 * into account.
86 *
87 * Initial checkin of SecurityManager
88 *
89 * $Id: SecurityManager.hpp,v 1.3 2004/01/29 11:48:46 cargilld Exp $
90 *
91 */
92
93#ifndef SECURITYMANAGER_HPP
94#define SECURITYMANAGER_HPP
95
96#include <xercesc/util/XercesDefs.hpp>
97
98XERCES_CPP_NAMESPACE_BEGIN
99
100/**
101  * Allow application to force the parser to behave in a security-conscious
102  * way.
103  *
104  * <p> There are cases in which an XML- or XmL-schema-
105  * conformant processor can be presented with documents the
106  * processing of which can involve the consumption of
107  * prohibitive amounts of system resources.  Applications can
108  * attach instances of this class to parsers that they've
109  * created, via the
110  * http://apache.org/xml/properties/security-manager property. 
111  * </p>
112  *
113  * <p> Defaults will be provided for all known security holes.
114  * Setter methods will be provided on this class to ensure that
115  * an application can customize each limit as it chooses.
116  * Components that are vulnerable to any given hole need to be
117  * written to act appropriately when an instance of this class
118  * has been set on the calling parser.
119  * </p>
120  */
121
122class XMLUTIL_EXPORT SecurityManager
123{
124public:
125
126    enum { ENTITY_EXPANSION_LIMIT = 50000};
127
128    /** @name default Constructors */
129    //@{
130    /** Default constructor */
131    SecurityManager()
132        : fEntityExpansionLimit(ENTITY_EXPANSION_LIMIT)
133    {       
134    }
135
136    /** Destructor */
137    virtual ~SecurityManager(){};   
138    //@}
139
140    /** @name The Security Manager */
141    //@{
142   /**
143    * An application should call this method when it wishes to specify a particular
144    * limit to the number of entity expansions the parser will permit in a
145    * particular document.  The default behaviour should allow the parser
146    * to validate nearly all XML non-malicious XML documents; if an
147    * application knows that it is operating in a domain where entities are
148    * uncommon, for instance, it may wish to provide a limit lower than the
149    * parser's default.
150    *
151    * @param newLimit  the new entity expansion limit
152    *
153    */
154    virtual void setEntityExpansionLimit(unsigned int newLimit)
155    {
156        fEntityExpansionLimit = newLimit;
157    }
158
159   /**
160    * Permits the application or a parser component to query the current
161    * limit for entity expansions.
162    *
163    * @return   the current setting of the entity expansion limit
164    *
165    */
166    virtual unsigned int getEntityExpansionLimit() const
167    {
168        return fEntityExpansionLimit;
169    }
170    //@}
171
172protected:
173    unsigned int fEntityExpansionLimit;
174
175private:
176
177    /* Unimplemented Constructors and operators */
178    /* Copy constructor */
179    SecurityManager(const SecurityManager&);
180   
181    /** Assignment operator */
182    SecurityManager& operator=(const SecurityManager&);
183};
184
185XERCES_CPP_NAMESPACE_END
186
187#endif
Note: See TracBrowser for help on using the repository browser.