Changeset 19114 in josm for trunk


Ignore:
Timestamp:
2024-06-18T23:29:43+02:00 (5 months ago)
Author:
taylor.smock
Message:

Fix an XPath injection issue

This isn't really an issue for JOSM, since we are only reading from public remote
sources.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/org/openstreetmap/josm/tools/Mediawiki.java

    r18208 r19114  
    77import java.util.List;
    88import java.util.Optional;
     9import java.util.concurrent.atomic.AtomicReference;
    910import java.util.function.BiConsumer;
    1011import java.util.stream.Collectors;
     
    6061        final Document document = getDocument(url);
    6162        final XPath xPath = XPathFactory.newInstance().newXPath();
    62         for (String page : distinctPages) {
    63             String normalized = xPath.evaluate("/api/query/normalized/n[@from='" + page + "']/@to", document);
    64             if (Utils.isEmpty(normalized)) {
    65                 normalized = page;
     63        AtomicReference<String> normalized = new AtomicReference<>();
     64        AtomicReference<String> page = new AtomicReference<>();
     65        xPath.setXPathVariableResolver(v -> {
     66            if ("page".equals(v.getLocalPart())) {
     67                return page.get();
     68            } else if ("normalized".equals(v.getLocalPart())) {
     69                return normalized.get();
    6670            }
    67             final Node node = (Node) xPath.evaluate("/api/query/pages/page[@title='" + normalized + "']", document, XPathConstants.NODE);
     71            throw new IllegalArgumentException();
     72        });
     73        for (String p : distinctPages) {
     74            page.set(p);
     75            normalized.set(xPath.evaluate("/api/query/normalized/n[@from=$page]/@to", document));
     76            if (Utils.isEmpty(normalized.get())) {
     77                normalized.set(page.get());
     78            }
     79            final Node node = (Node) xPath.evaluate("/api/query/pages/page[@title=$normalized]", document, XPathConstants.NODE);
    6880            if (node != null
    6981                    && node.getAttributes().getNamedItem("missing") == null
    7082                    && node.getAttributes().getNamedItem("invalid") == null) {
    71                 return Optional.of(page);
     83                return Optional.of(page.get());
    7284            }
    7385        }
     
    7587    }
    7688
    77     private Document getDocument(URL url) throws IOException, ParserConfigurationException, SAXException {
     89    private static Document getDocument(URL url) throws IOException, ParserConfigurationException, SAXException {
    7890        final HttpClient.Response conn = HttpClient.create(url).connect();
    7991        try (InputStream content = conn.getContent()) {
Note: See TracChangeset for help on using the changeset viewer.