diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml index f5259cf84..837461fcb 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml @@ -60,6 +60,7 @@ org.osgi.service.component, org.apache.commons.logging, javax.xml, + javax.xml.stream, javax.xml.bind.*, javax.sql, javax.xml.parsers; version=0.0.0, diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java index d3c42e923..60ff48725 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java @@ -47,6 +47,9 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; import java.io.StringReader; import java.io.StringWriter; import java.nio.charset.Charset; @@ -128,17 +131,21 @@ public class AndroidDeviceManager implements DeviceManager { MobileDeviceTypes.MOBILE_DEVICE_TYPE_ANDROID); resource = MobileDeviceManagementUtil.getRegistryResource(androidRegPath); if (resource != null) { - JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); - Unmarshaller unmarshaller = context.createUnmarshaller(); - return (PlatformConfiguration) unmarshaller.unmarshal( + XMLInputFactory factory = XMLInputFactory.newFactory(); + factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); + factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); + XMLStreamReader reader = factory.createXMLStreamReader( new StringReader(new String((byte[]) resource.getContent(), Charset. forName(AndroidPluginConstants.MobilePluginConstants.CHARSET_UTF8)))); + JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); + Unmarshaller unmarshaller = context.createUnmarshaller(); + return (PlatformConfiguration) unmarshaller.unmarshal(reader); } return null; } catch (AndroidDeviceMgtPluginException e) { throw new DeviceManagementException( "Error occurred while retrieving the Registry instance : " + e.getMessage(), e); - } catch (JAXBException e) { + } catch (JAXBException | XMLStreamException e) { throw new DeviceManagementException( "Error occurred while parsing the Android configuration : " + e.getMessage(), e); } catch (RegistryException e) { diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java index 210c73502..8ac7d9529 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java @@ -68,6 +68,7 @@ public class MobileDeviceManagementUtil { factory.setNamespaceAware(true); try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java index 558cd601b..e13cb60cb 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java @@ -231,6 +231,7 @@ public class EnrollmentServiceImpl implements EnrollmentService { DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder; builder = domFactory.newDocumentBuilder(); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java index f71aa52e2..24b5dc7ae 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java @@ -239,6 +239,8 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java index 72bf59ef2..bb5a7578b 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java @@ -68,6 +68,7 @@ public class MobileDeviceManagementUtil { factory.setNamespaceAware(true); try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) {