generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 08:31:43 +02:00
Code Issues Projects Releases Wiki Activity

expose million laughs attack protection implemented by Expat 2.4

Browse Source
This commit is contained in:
Günter Obiltschnig
2021-05-23 21:23:28 +02:00
parent d95d9bd4a4
commit cd6422fde3
4 changed files with 157 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
XML/include/Poco/SAX/SAXParser.h
View File

@@ -28,7 +28,7 @@ namespace XML {
class XML_API SAXParser: public XMLReader
/// This class provides a SAX2 (Simple API for XML) interface to expat,
/// This class provides a SAX2 (Simple API for XML) interface to expat,
/// the XML parser toolkit.
/// The following SAX2 features and properties are supported:
/// * http://xml.org/sax/features/external-general-entities
@@ -41,6 +41,14 @@ class XML_API SAXParser: public XMLReader
/// The following proprietary extensions are supported:
/// * http://www.appinf.com/features/enable-partial-reads --
/// see ParserEngine::setEnablePartialReads()
/// * http://www.appinf.com/properties/bla-maximum-amplification
/// see ParserEngine::setBillionLaughsAttackProtectionMaximumAmplification();
/// argument must be a float >= 1.0 formatted as string;
/// property is set-only.
/// * http://www.appinf.com/properties/bla-activation-threshold
/// see ParserEngine::setBillionLaughsAttackProtectionActivationThreshold();
/// argument must be a 64-bit unsigned integer formatted as string;
/// property is set-only.
{
public:
SAXParser();
@@ -48,14 +56,14 @@ public:
SAXParser(const XMLString& encoding);
/// Creates an SAXParser with the given encoding.
~SAXParser();
/// Destroys the SAXParser.
void setEncoding(const XMLString& encoding);
/// Sets the encoding used by the parser if no
/// encoding is specified in the XML document.
const XMLString& getEncoding() const;
/// Returns the name of the encoding used by
/// the parser if no encoding is specified in
@@ -81,11 +89,13 @@ public:
void parse(InputSource* pSource);
void parse(const XMLString& systemId);
void parseMemoryNP(const char* xml, std::size_t size);
/// Extensions
void parseString(const std::string& xml);
static const XMLString FEATURE_PARTIAL_READS;
static const XMLString PROPERTY_BLA_MAXIMUM_AMPLIFICATION;
static const XMLString PROPERTY_BLA_ACTIVATION_THRESHOLD;
protected:
void setupParse();