From fd3b12d903538511563c26b8b48c85390780b64f Mon Sep 17 00:00:00 2001
From: jpbelang <jpbelang@gmail.com>
Date: Mon, 23 Dec 2019 16:34:36 -0500
Subject: [PATCH] Fixing #676, or at least giving an option.

---
 .../commons/rule/XmlSchemaValidationRule.java | 21 +++--------
 .../v10/phase/ExampleValidationPhase.java     | 28 ++++----------
 .../v2/internal/utils/SchemaGenerator.java    |  3 +-
 .../internal/utils/xml/XMLLocalConstants.java | 37 +++++++++++++++++++
 4 files changed, 52 insertions(+), 37 deletions(-)
 create mode 100644 raml-parser-2/src/main/java/org/raml/v2/internal/utils/xml/XMLLocalConstants.java

diff --git a/raml-parser-2/src/main/java/org/raml/v2/internal/impl/commons/rule/XmlSchemaValidationRule.java b/raml-parser-2/src/main/java/org/raml/v2/internal/impl/commons/rule/XmlSchemaValidationRule.java
index b1927e3d..2230f252 100644
--- a/raml-parser-2/src/main/java/org/raml/v2/internal/impl/commons/rule/XmlSchemaValidationRule.java
+++ b/raml-parser-2/src/main/java/org/raml/v2/internal/impl/commons/rule/XmlSchemaValidationRule.java
@@ -17,6 +17,7 @@
 
 import com.google.common.collect.Lists;
 import org.raml.v2.api.loader.ResourceLoader;
+import org.raml.v2.internal.utils.xml.XMLLocalConstants;
 import org.raml.yagi.framework.grammar.rule.ErrorNodeFactory;
 import org.raml.yagi.framework.grammar.rule.Rule;
 import org.raml.yagi.framework.nodes.Node;
@@ -50,16 +51,6 @@
  */
 public class XmlSchemaValidationRule extends Rule
 {
-    public static final String EXTERNAL_ENTITIES_PROPERTY = "raml.xml.expandExternalEntities";
-    public static final String EXPAND_ENTITIES_PROPERTY = "raml.xml.expandInternalEntities";
-
-    public static final Boolean externalEntities =
-            Boolean.parseBoolean(System.getProperty(EXTERNAL_ENTITIES_PROPERTY, "false"));
-    public static final Boolean expandEntities =
-            Boolean.parseBoolean(System.getProperty(EXPAND_ENTITIES_PROPERTY, "false"));
-    public static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = "http://xml.org/sax/features/external-general-entities";
-    public static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities";
-    public static final String DISALLOW_DOCTYPE_DECL_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
 
     private Schema schema;
     private String type;
@@ -141,15 +132,15 @@ private void setFeatures(DocumentBuilderFactory dbf) throws ParserConfigurationE
         String feature = null;
 
         // If you can't completely disable DTDs, then at least do the following:
-        dbf.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, externalEntities);
+        dbf.setFeature(XMLLocalConstants.EXTERNAL_GENERAL_ENTITIES_FEATURE, XMLLocalConstants.externalEntities);
 
-        dbf.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, externalEntities);
+        dbf.setFeature(XMLLocalConstants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, XMLLocalConstants.externalEntities);
 
-        dbf.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, !expandEntities);
+        dbf.setFeature(XMLLocalConstants.DISALLOW_DOCTYPE_DECL_FEATURE, !XMLLocalConstants.expandEntities);
 
         // and these as well, per Timothy Morgan's 2014 paper: "XML Schema, DTD, and Entity Attacks" (see reference below)
-        dbf.setXIncludeAware(expandEntities);
-        dbf.setExpandEntityReferences(expandEntities);
+        dbf.setXIncludeAware(XMLLocalConstants.expandEntities);
+        dbf.setExpandEntityReferences(XMLLocalConstants.expandEntities);
         dbf.setNamespaceAware(true);
     }
 
diff --git a/raml-parser-2/src/main/java/org/raml/v2/internal/impl/v10/phase/ExampleValidationPhase.java b/raml-parser-2/src/main/java/org/raml/v2/internal/impl/v10/phase/ExampleValidationPhase.java
index 7e9f1f37..9ef7f6e1 100644
--- a/raml-parser-2/src/main/java/org/raml/v2/internal/impl/v10/phase/ExampleValidationPhase.java
+++ b/raml-parser-2/src/main/java/org/raml/v2/internal/impl/v10/phase/ExampleValidationPhase.java
@@ -15,30 +15,20 @@
  */
 package org.raml.v2.internal.impl.v10.phase;
 
-import com.fasterxml.jackson.core.JsonParser;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.google.common.base.Predicate;
-import com.google.common.collect.FluentIterable;
 import org.apache.ws.commons.schema.XmlSchema;
 import org.raml.v2.api.loader.ResourceLoader;
 import org.raml.v2.internal.impl.commons.model.factory.TypeDeclarationModelFactory;
-import org.raml.v2.internal.impl.commons.model.type.TypeDeclaration;
-import org.raml.v2.internal.impl.commons.model.type.UnionTypeDeclaration;
 import org.raml.v2.internal.impl.commons.nodes.ExampleDeclarationNode;
 import org.raml.v2.internal.impl.commons.nodes.TypeDeclarationNode;
-import org.raml.v2.internal.impl.commons.nodes.TypeExpressionNode;
 import org.raml.v2.internal.impl.commons.type.JsonSchemaExternalType;
 import org.raml.v2.internal.impl.commons.type.ResolvedType;
 import org.raml.v2.internal.impl.commons.type.XmlSchemaExternalType;
-import org.raml.v2.internal.impl.v10.nodes.NamedTypeExpressionNode;
-import org.raml.v2.internal.impl.v10.nodes.UnionTypeExpressionNode;
 import org.raml.v2.internal.impl.v10.type.*;
+import org.raml.v2.internal.utils.xml.XMLLocalConstants;
 import org.raml.yagi.framework.grammar.rule.ErrorNodeFactory;
 import org.raml.yagi.framework.grammar.rule.Rule;
 import org.raml.yagi.framework.nodes.*;
 import org.raml.yagi.framework.nodes.jackson.JNodeParser;
-import org.raml.yagi.framework.nodes.jackson.JsonUtils;
 import org.raml.yagi.framework.nodes.snakeyaml.NodeParser;
 import org.raml.yagi.framework.phase.Phase;
 import org.xml.sax.Attributes;
@@ -48,7 +38,6 @@
 import org.xml.sax.helpers.XMLFilterImpl;
 import org.xml.sax.helpers.XMLReaderFactory;
 
-import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.xml.XMLConstants;
 import javax.xml.transform.sax.SAXSource;
@@ -57,20 +46,17 @@
 import javax.xml.validation.SchemaFactory;
 import javax.xml.validation.Validator;
 import java.io.IOException;
-import java.io.Reader;
 import java.io.StringReader;
 import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 
 import static org.apache.commons.lang.StringUtils.isBlank;
-import static org.raml.v2.internal.impl.commons.rule.XmlSchemaValidationRule.DISALLOW_DOCTYPE_DECL_FEATURE;
-import static org.raml.v2.internal.impl.commons.rule.XmlSchemaValidationRule.EXTERNAL_GENERAL_ENTITIES_FEATURE;
-import static org.raml.v2.internal.impl.commons.rule.XmlSchemaValidationRule.EXTERNAL_PARAMETER_ENTITIES_FEATURE;
-import static org.raml.v2.internal.impl.commons.rule.XmlSchemaValidationRule.expandEntities;
-import static org.raml.v2.internal.impl.commons.rule.XmlSchemaValidationRule.externalEntities;
+import static org.raml.v2.internal.utils.xml.XMLLocalConstants.DISALLOW_DOCTYPE_DECL_FEATURE;
+import static org.raml.v2.internal.utils.xml.XMLLocalConstants.EXTERNAL_GENERAL_ENTITIES_FEATURE;
+import static org.raml.v2.internal.utils.xml.XMLLocalConstants.EXTERNAL_PARAMETER_ENTITIES_FEATURE;
+import static org.raml.v2.internal.utils.xml.XMLLocalConstants.expandEntities;
+import static org.raml.v2.internal.utils.xml.XMLLocalConstants.externalEntities;
 
 public class ExampleValidationPhase implements Phase
 {
@@ -237,7 +223,7 @@ protected Node validateXml(TypeDeclarationNode type, ResolvedType resolvedType,
         schema.write(xsd);
         try
         {
-            final SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+            final SchemaFactory factory = SchemaFactory.newInstance(XMLLocalConstants.XML_SCHEMA_VERSION);
             final Schema schema1 = factory.newSchema(new StreamSource(new StringReader(xsd.toString())));
             final Validator validator = schema1.newValidator();
 
diff --git a/raml-parser-2/src/main/java/org/raml/v2/internal/utils/SchemaGenerator.java b/raml-parser-2/src/main/java/org/raml/v2/internal/utils/SchemaGenerator.java
index 355131e6..6cac9933 100644
--- a/raml-parser-2/src/main/java/org/raml/v2/internal/utils/SchemaGenerator.java
+++ b/raml-parser-2/src/main/java/org/raml/v2/internal/utils/SchemaGenerator.java
@@ -34,6 +34,7 @@
 import org.raml.v2.internal.impl.commons.type.ResolvedType;
 import org.raml.v2.internal.impl.commons.type.XmlSchemaExternalType;
 import org.raml.v2.internal.impl.v10.nodes.NamedTypeExpressionNode;
+import org.raml.v2.internal.utils.xml.XMLLocalConstants;
 import org.raml.v2.internal.utils.xml.XsdResourceResolver;
 import org.raml.yagi.framework.util.NodeUtils;
 import org.xml.sax.SAXException;
@@ -67,7 +68,7 @@ public JsonSchema load(JsonSchemaExternalType jsonTypeDefinition) throws IOExcep
 
     public static Schema generateXmlSchema(ResourceLoader resourceLoader, XmlSchemaExternalType xmlTypeDefinition) throws SAXException
     {
-        SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        SchemaFactory factory = SchemaFactory.newInstance(XMLLocalConstants.XML_SCHEMA_VERSION);
         factory.setResourceResolver(new XsdResourceResolver(resourceLoader, xmlTypeDefinition.getSchemaPath()));
         String includedResourceUri = resolveResourceUriIfIncluded(xmlTypeDefinition);
         return factory.newSchema(new StreamSource(new StringReader(xmlTypeDefinition.getSchemaValue()), includedResourceUri));
diff --git a/raml-parser-2/src/main/java/org/raml/v2/internal/utils/xml/XMLLocalConstants.java b/raml-parser-2/src/main/java/org/raml/v2/internal/utils/xml/XMLLocalConstants.java
new file mode 100644
index 00000000..8a803584
--- /dev/null
+++ b/raml-parser-2/src/main/java/org/raml/v2/internal/utils/xml/XMLLocalConstants.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2013 (c) MuleSoft, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+package org.raml.v2.internal.utils.xml;
+
+import javax.xml.XMLConstants;
+
+/**
+ * Created. There, you have it.
+ */
+public class XMLLocalConstants
+{
+    public static final String EXTERNAL_ENTITIES_PROPERTY = "raml.xml.expandExternalEntities";
+    public static final Boolean externalEntities =
+            Boolean.parseBoolean(System.getProperty(EXTERNAL_ENTITIES_PROPERTY, "false"));
+    public static final String EXPAND_ENTITIES_PROPERTY = "raml.xml.expandInternalEntities";
+    public static final Boolean expandEntities =
+            Boolean.parseBoolean(System.getProperty(EXPAND_ENTITIES_PROPERTY, "false"));
+    public static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = "http://xml.org/sax/features/external-general-entities";
+    public static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities";
+    public static final String DISALLOW_DOCTYPE_DECL_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
+
+    public static final String XML_SCHEMA_VERSION = System.getProperty("raml.xml.schema.version", XMLConstants.W3C_XML_SCHEMA_NS_URI);
+
+}