Package eu.europa.esig.dss.xades

Class EnforcedResolverFragment

java.lang.Object

org.apache.xml.security.utils.resolver.ResourceResolverSpi

org.apache.xml.security.utils.resolver.implementations.ResolverFragment

eu.europa.esig.dss.xades.EnforcedResolverFragment

public class EnforcedResolverFragment
extends org.apache.xml.security.utils.resolver.implementations.ResolverFragment

This class tests the xpath expression against injection. See https://www.owasp.org/index.php/XPATH_Injection_Java.

Constructor Summary

Constructors

Constructor	Description
EnforcedResolverFragment()	Default constructor

Method Summary

Modifier and Type	Method	Description
boolean	checkValueForXpathInjection(String xpathString)	This method tests the xpath expression against injection
boolean	engineCanResolveURI(org.apache.xml.security.utils.resolver.ResourceResolverContext context)

Methods inherited from class org.apache.xml.security.utils.resolver.implementations.ResolverFragment

engineResolveURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

EnforcedResolverFragment

public EnforcedResolverFragment()

Default constructor

Method Details

engineCanResolveURI

public boolean engineCanResolveURI(org.apache.xml.security.utils.resolver.ResourceResolverContext context)

Overrides:

engineCanResolveURI in class org.apache.xml.security.utils.resolver.implementations.ResolverFragment

checkValueForXpathInjection

public boolean checkValueForXpathInjection(String xpathString)

This method tests the xpath expression against injection

Parameters:

xpathString - the xpath expression to be tested

Returns:

false if the xpath contains forbidden character or if the xpath cannot be decoded