source: icXML/icXML-devel/src/xercesc/util/SecurityManager.hpp @ 2722

Last change on this file since 2722 was 2722, checked in by cameron, 6 years ago

Original Xerces files with import mods for icxercesc

File size: 3.5 KB
Line 
1/*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements.  See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License.  You may obtain a copy of the License at
8 *
9 *      http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18/*
19 * $Id: SecurityManager.hpp 673960 2008-07-04 08:50:12Z borisk $
20 */
21
22#if !defined(XERCESC_INCLUDE_GUARD_SECURITYMANAGER_HPP)
23#define XERCESC_INCLUDE_GUARD_SECURITYMANAGER_HPP
24
25#include <xercesc/util/XercesDefs.hpp>
26
27XERCES_CPP_NAMESPACE_BEGIN
28
29/**
30  * Allow application to force the parser to behave in a security-conscious
31  * way.
32  *
33  * <p> There are cases in which an XML- or XmL-schema-
34  * conformant processor can be presented with documents the
35  * processing of which can involve the consumption of
36  * prohibitive amounts of system resources.  Applications can
37  * attach instances of this class to parsers that they've
38  * created, via the
39  * http://apache.org/xml/properties/security-manager property.
40  * </p>
41  *
42  * <p> Defaults will be provided for all known security holes.
43  * Setter methods will be provided on this class to ensure that
44  * an application can customize each limit as it chooses.
45  * Components that are vulnerable to any given hole need to be
46  * written to act appropriately when an instance of this class
47  * has been set on the calling parser.
48  * </p>
49  */
50
51class XMLUTIL_EXPORT SecurityManager
52{
53public:
54
55    enum { ENTITY_EXPANSION_LIMIT = 50000};
56
57    /** @name default Constructors */
58    //@{
59    /** Default constructor */
60    SecurityManager()
61        : fEntityExpansionLimit((XMLSize_t)ENTITY_EXPANSION_LIMIT)
62    {
63    }
64
65    /** Destructor */
66    virtual ~SecurityManager(){};
67    //@}
68
69    /** @name The Security Manager */
70    //@{
71   /**
72    * An application should call this method when it wishes to specify a particular
73    * limit to the number of entity expansions the parser will permit in a
74    * particular document.  The default behaviour should allow the parser
75    * to validate nearly all XML non-malicious XML documents; if an
76    * application knows that it is operating in a domain where entities are
77    * uncommon, for instance, it may wish to provide a limit lower than the
78    * parser's default.
79    *
80    * @param newLimit  the new entity expansion limit
81    *
82    */
83    virtual void setEntityExpansionLimit(XMLSize_t newLimit)
84    {
85        fEntityExpansionLimit = newLimit;
86    }
87
88   /**
89    * Permits the application or a parser component to query the current
90    * limit for entity expansions.
91    *
92    * @return   the current setting of the entity expansion limit
93    *
94    */
95    virtual XMLSize_t getEntityExpansionLimit() const
96    {
97        return fEntityExpansionLimit;
98    }
99    //@}
100
101protected:
102    XMLSize_t fEntityExpansionLimit;
103
104private:
105
106    /* Unimplemented Constructors and operators */
107    /* Copy constructor */
108    SecurityManager(const SecurityManager&);
109
110    /** Assignment operator */
111    SecurityManager& operator=(const SecurityManager&);
112};
113
114XERCES_CPP_NAMESPACE_END
115
116#endif
Note: See TracBrowser for help on using the repository browser.