Skip to content

Commit

Permalink
rework diagrams.net XML files recognition (#179)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ahus1
ahus1 committed Nov 15, 2022
1 parent c15c892 commit 1b18660
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 23 deletions.
10 changes: 1 addition & 9 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,9 @@

## Unreleased

### Added

### Changed

### Deprecated

### Removed

### Fixed

### Security
- rework diagrams.net XML files recognition (#179)

## [0.1.13] - 2022-11-10

Expand Down
30 changes: 16 additions & 14 deletions src/main/kotlin/de/docs_as_co/intellij/plugin/drawio/DiagramsFileUtil.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,11 @@ class DiagramsFileUtil {
// prevent external content in SVGs. Even when working in a trusted project, resolving external context might slow down the UI
// https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
val factory = DocumentBuilderFactory.newInstance()
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
factory.setXIncludeAware(false);
factory.setExpandEntityReferences(false);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false)
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false)
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false)
factory.setXIncludeAware(false)
factory.setExpandEntityReferences(false)

val builder = factory.newDocumentBuilder()
// if the attribute "content" of element "svg" starts with "<mxfile ", this is a diagrams.net file
Expand All @@ -54,7 +54,7 @@ class DiagramsFileUtil {
} catch (ignored: SAXParseException) {
// might happen if:
// * XML is invalid
return false;
return false
}
}
}
Expand Down Expand Up @@ -90,11 +90,11 @@ class DiagramsFileUtil {
// prevent external content in SVGs. Even when working in a trusted project, resolving external context might slow down the UI
// https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
val factory = DocumentBuilderFactory.newInstance()
factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
factory.setXIncludeAware(false);
factory.setExpandEntityReferences(false);
factory.setFeature("http://xml.org/sax/features/external-general-entities", false)
factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false)
factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false)
factory.setXIncludeAware(false)
factory.setExpandEntityReferences(false)

val builder = factory.newDocumentBuilder()
// if the XML contains "<mxfile><diagram/></mxfile>", this is a diagrams.net file
Expand All @@ -104,12 +104,14 @@ class DiagramsFileUtil {
val xPathfactory = XPathFactory.newInstance()
val xpath = xPathfactory.newXPath()
val expr = xpath.compile("/mxfile/diagram")
val content = expr.evaluate(doc, XPathConstants.STRING)
return content != null
val content = expr.evaluate(doc, XPathConstants.NODESET)
if (content is NodeList) {
return content.length > 0
}
} catch (ignored: SAXParseException) {
// might happen if:
// * XML is invalid
return false;
return false
}
}
}
Expand Down

0 comments on commit 1b18660

Please sign in to comment.