File jdom2-CVE-2021-33813.patch of Package jdom2.20227

Overview Repositories Revisions Requests Users Attributes Meta

File jdom2-CVE-2021-33813.patch of Package jdom2.20227

From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001
From: Esti <esther.burs@gmail.com>
Date: Thu, 18 Feb 2021 16:40:01 +0200
Subject: [PATCH] fix setFeature bug and add test case

---
 core/src/java/org/jdom2/input/SAXBuilder.java | 10 ++++------
 .../test/cases/input/TestSAXBuilder.java      | 20 +++++++++++++++++++
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/core/src/java/org/jdom2/input/SAXBuilder.java b/core/src/java/org/jdom2/input/SAXBuilder.java
index d7105ec6..a1462334 100644
--- a/core/src/java/org/jdom2/input/SAXBuilder.java
+++ b/core/src/java/org/jdom2/input/SAXBuilder.java
@@ -971,11 +971,6 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH
 			}
 		}
 
-		// Set any user-specified features on the parser.
-		for (final Map.Entry<String, Boolean> me : features.entrySet()) {
-			internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
-		}
-
 		// Set any user-specified properties on the parser.
 		for (final Map.Entry<String, Object> me : properties.entrySet()) {
 			internalSetProperty(parser, me.getKey(), me.getValue(), me.getKey());
@@ -1007,7 +1002,10 @@ protected void configureParser(final XMLReader parser, final SAXHandler contentH
 				// No lexical reporting available
 			}
 		}
-
+		// Set any user-specified features on the parser.
+		for (final Map.Entry<String, Boolean> me : features.entrySet()) {
+			internalSetFeature(parser, me.getKey(), me.getValue().booleanValue(), me.getKey());
+		}
 	}
 
 	/**
diff --git a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
index 4ef34834..a69380ba 100644
--- a/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
+++ b/test/src/java/org/jdom2/test/cases/input/TestSAXBuilder.java
@@ -600,6 +600,26 @@ public void testSetFeature() {
 		}
 	}
 
+	@Test
+	public void testSetExternalFeature() {
+		String feature = "http://xml.org/sax/features/external-general-entities";
+		MySAXBuilder sb = new MySAXBuilder();
+		try {
+			sb.setFeature(feature, true);
+			XMLReader reader = sb.createParser();
+			assertNotNull(reader);
+			assertTrue(reader.getFeature(feature));
+			sb.setFeature(feature, false);
+			reader = sb.createParser();
+			assertNotNull(reader);
+			assertFalse(reader.getFeature(feature));
+
+		} catch (Exception e) {
+			e.printStackTrace();
+			fail("Could not create parser: " + e.getMessage());
+		}
+	}
+
 	@Test
 	public void testSetProperty() {
 		LexicalHandler lh = new LexicalHandler() {

Places

File jdom2-CVE-2021-33813.patch of Package jdom2.20227

Places