[cxf] branch 3.3.x-fixes updated (090e741 -> 5cc82c4b)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[cxf] branch 3.3.x-fixes updated (090e741 -> 5cc82c4b)

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.


    from 090e741  Recording .gitmergeinfo Changes
     new 4d290b4  [CXF-8025]: Fix Wrapper Style for multilevel xsd:extension elements
     new 5cc82c4b CXF-8025 - Specify a max stack depth to prevent recursion attacks

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/cxf/tools/common/ToolConstants.java |  3 +-
 .../tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml |  9 ++
 .../jaxws/processor/internal/ProcessorUtil.java    | 62 +++++++++-----
 .../apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java | 40 +++++++++
 .../hello_world_multilevel_extension_wrapped.wsdl  | 96 ++++++++++++++++++++++
 5 files changed, 189 insertions(+), 21 deletions(-)
 create mode 100644 tools/wsdlto/test/src/test/resources/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl

Reply | Threaded
Open this post in threaded view
|

[cxf] 01/02: [CXF-8025]: Fix Wrapper Style for multilevel xsd:extension elements

coheigea
Administrator
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 4d290b40dfe4703df446d2c523071a125189a308
Author: jpoje-gtri <[hidden email]>
AuthorDate: Wed Apr 17 16:46:57 2019 -0400

    [CXF-8025]: Fix Wrapper Style for multilevel xsd:extension elements
   
    Original support was added in [CXF-2193].  This allows for multiple
    levels of xsd:extension in elements while still using wrapper style.
   
    (cherry picked from commit ef41e00f34c0c42987acf34543055fee5f84bd68)
---
 .../jaxws/processor/internal/ProcessorUtil.java    | 52 +++++++-----
 .../apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java | 21 +++++
 .../hello_world_multilevel_extension_wrapped.wsdl  | 96 ++++++++++++++++++++++
 3 files changed, 149 insertions(+), 20 deletions(-)

diff --git a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
index 878d2ec..3c5a174 100644
--- a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
+++ b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
@@ -357,8 +357,6 @@ public final class ProcessorUtil {
     }
 
     public static List<WrapperElement> getWrappedElement(ToolContext context, QName partElement) {
-        List<WrapperElement> qnames = new ArrayList<>();
-
         ServiceInfo serviceInfo = context.get(ServiceInfo.class);
         SchemaCollection schema = serviceInfo.getXmlSchemaCollection();
 
@@ -368,32 +366,46 @@ public final class ProcessorUtil {
 
         XmlSchemaSequence seq = (XmlSchemaSequence)type.getParticle();
 
-        qnames.addAll(createWrappedElements(seq));
+        List<WrapperElement> qnames = createWrappedElements(seq);
 
         //If it's extension
         if (seq == null && type.getContentModel() != null) {
+            qnames.addAll(createWrappedElementsFromExtension(schema, type));
+        }
 
-            XmlSchemaContent xmlSchemaConent = type.getContentModel().getContent();
-            if (xmlSchemaConent instanceof XmlSchemaComplexContentExtension) {
-                XmlSchemaComplexContentExtension extension = (XmlSchemaComplexContentExtension)type
-                    .getContentModel().getContent();
-                QName baseTypeName = extension.getBaseTypeName();
-                XmlSchemaType schemaType = schema.getTypeByQName(baseTypeName);
-                if (schemaType instanceof XmlSchemaComplexType) {
-                    XmlSchemaComplexType complexType = (XmlSchemaComplexType)schemaType;
-                    if (complexType.getParticle() instanceof XmlSchemaSequence) {
-                        seq = (XmlSchemaSequence)complexType.getParticle();
-                        qnames.addAll(createWrappedElements(seq));
-                    }
-                }
+        return qnames;
+    }
 
-                if (extension.getParticle() instanceof XmlSchemaSequence) {
-                    XmlSchemaSequence xmlSchemaSeq = (XmlSchemaSequence)extension.getParticle();
-                    qnames.addAll(createWrappedElements(xmlSchemaSeq));
-                }
+    private static List<WrapperElement> createWrappedElementsFromExtension(SchemaCollection schema,
+                                                                           XmlSchemaComplexType type) {
+        List<WrapperElement> qnames = new ArrayList<>();
+
+        XmlSchemaContent schemaContent = type.getContentModel().getContent();
+        if (!(schemaContent instanceof XmlSchemaComplexContentExtension)) {
+            return qnames;
+        }
+
+        XmlSchemaComplexContentExtension extension = (XmlSchemaComplexContentExtension)schemaContent;
+        QName baseTypeName = extension.getBaseTypeName();
+        XmlSchemaType baseType = schema.getTypeByQName(baseTypeName);
+
+        if (baseType instanceof XmlSchemaComplexType) {
+            XmlSchemaComplexType complexBaseType = (XmlSchemaComplexType)baseType;
+
+            if (complexBaseType.getParticle() == null && complexBaseType.getContentModel() != null) {
+                // continue up the extension ladder
+                qnames.addAll(createWrappedElementsFromExtension(schema, complexBaseType));
+            } else if (complexBaseType.getParticle() instanceof XmlSchemaSequence) {
+                XmlSchemaSequence seq = (XmlSchemaSequence)complexBaseType.getParticle();
+                qnames.addAll(createWrappedElements(seq));
             }
+        }
 
+        if (extension.getParticle() instanceof XmlSchemaSequence) {
+            XmlSchemaSequence xmlSchemaSeq = (XmlSchemaSequence)extension.getParticle();
+            qnames.addAll(createWrappedElements(xmlSchemaSeq));
         }
+
         return qnames;
     }
 
diff --git a/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java b/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
index bca57cc..89e2c1e 100644
--- a/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
+++ b/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
@@ -1645,6 +1645,27 @@ public class CodeGenTest extends AbstractCodeGenTest {
         RequestWrapper reqWrapper = method.getAnnotation(RequestWrapper.class);
         assertNotNull("@RequestWrapper is expected", reqWrapper);
     }
+
+    @Test
+    public void testMultilevelExtensionWrapper() throws Exception {
+        env.put(ToolConstants.CFG_WSDLURL,
+                getLocation("/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl"));
+        processor.setContext(env);
+        processor.execute();
+
+        File infFile = new File(output, "org/apache/cxf/w2j/multilevel_extension_wrapped/Greeter.java");
+        assertTrue(infFile.exists());
+
+        Class<?> interfaceClass = classLoader.loadClass("org.apache.cxf.w2j.multilevel_extension_wrapped.Greeter");
+
+        Method method = interfaceClass.getMethod("greetMeMultilevelExtension", new Class[] {
+            String.class, String.class, String.class, String.class
+        });
+        assertNotNull("greetMeMultilevelExtension operation is NOT generated correctly as excepted", method);
+        RequestWrapper reqWrapper = method.getAnnotation(RequestWrapper.class);
+        assertNotNull("@RequestWrapper is expected on greetMeMultilevelExtension", reqWrapper);
+    }
+
     @Test
     public void testJavaDoc() throws Exception {
         env.put(ToolConstants.CFG_WSDLURL, getLocation("/wsdl2java_wsdl/hello_world.wsdl"));
diff --git a/tools/wsdlto/test/src/test/resources/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl b/tools/wsdlto/test/src/test/resources/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl
new file mode 100644
index 0000000..28b775d
--- /dev/null
+++ b/tools/wsdlto/test/src/test/resources/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+        license agreements. See the NOTICE file distributed with this work for additional
+        information regarding copyright ownership. The ASF licenses this file to
+        you under the Apache License, Version 2.0 (the "License"); you may not use
+        this file except in compliance with the License. You may obtain a copy of
+        the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+        by applicable law or agreed to in writing, software distributed under the
+        License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+        OF ANY KIND, either express or implied. See the License for the specific
+        language governing permissions and limitations under the License. -->
+<wsdl:definitions xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/w2j/multilevel_extension_wrapped" xmlns:x1="http://cxf.apache.org/w2j/multilevel_extension_wrapped/types" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://cxf.apache.org/w2j/multilevel_extension_wrapped" name="HelloWorld">
+    <wsdl:types>
+        <schema xmlns="http://www.w3.org/2001/XMLSchema" xmlns:x1="http://cxf.apache.org/w2j/multilevel_extension_wrapped/types" targetNamespace="http://cxf.apache.org/w2j/multilevel_extension_wrapped/types" elementFormDefault="qualified">
+            <!-- request has multiple extension levels, some with elements and some with nothing -->
+            <element name="greetMeMultilevelExtension" type="x1:greetMeType"/>
+            <complexType name="greetMeType">
+                <complexContent>
+                    <extension base="x1:EmptyComplexContextParentType">
+                        <sequence>
+                            <element name="id" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                            <element name="name" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                        </sequence>
+                    </extension>
+                </complexContent>
+            </complexType>
+            <complexType name="EmptyComplexContextParentType">
+                <complexContent>
+                    <extension base="x1:ComplexContextParentType"/>
+                </complexContent>
+            </complexType>
+            <complexType name="ComplexContextParentType">
+                <complexContent>
+                    <extension base="x1:EmptyComplexContextGrandParentType1">
+                        <sequence>
+                            <element name="parentId" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                        </sequence>
+                    </extension>
+                </complexContent>
+            </complexType>
+            <complexType name="EmptyComplexContextGrandParentType1">
+                <complexContent>
+                    <extension base="x1:EmptyComplexContextGrandParentType2"/>
+                </complexContent>
+            </complexType>
+            <complexType name="EmptyComplexContextGrandParentType2">
+                <complexContent>
+                    <extension base="x1:ComplexContextGreatGrandParentType"/>
+                </complexContent>
+            </complexType>
+            <complexType name="ComplexContextGreatGrandParentType">
+                <sequence>
+                    <element name="greatGrandParentId" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                </sequence>
+            </complexType>
+
+            <!-- basic response -->
+            <element name="greetMeResponse" type="x1:greetMeResponseType"/>
+            <complexType name="greetMeResponseType">
+                <sequence>
+                    <element name="responseValue" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+                </sequence>
+            </complexType>
+        </schema>
+    </wsdl:types>
+    <wsdl:message name="greetMeRequest">
+        <wsdl:part name="in" element="x1:greetMeMultilevelExtension"/>
+    </wsdl:message>
+    <wsdl:message name="greetMeResponse">
+        <wsdl:part name="out" element="x1:greetMeResponse"/>
+    </wsdl:message>
+    <wsdl:portType name="Greeter">
+        <wsdl:operation name="greetMeMultilevelExtension">
+            <wsdl:input name="greetMeRequest" message="tns:greetMeRequest"/>
+            <wsdl:output name="greetMeResponse" message="tns:greetMeResponse"/>
+        </wsdl:operation>
+    </wsdl:portType>
+    <wsdl:binding name="Greeter_SOAPBinding" type="tns:Greeter">
+        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+        <wsdl:operation name="greetMeMultilevelExtension">
+            <soap:operation style="document"/>
+            <wsdl:input>
+                <soap:body use="literal"/>
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal"/>
+            </wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:service name="SOAPService">
+        <wsdl:port name="SoapPort" binding="tns:Greeter_SOAPBinding">
+            <soap:address location="http://localhost:9000/SoapContext/SoapPort"/>
+            <wswa:UsingAddressing xmlns:wswa="http://www.w3.org/2005/02/addressing/wsdl"/>
+        </wsdl:port>
+    </wsdl:service>
+</wsdl:definitions>

Reply | Threaded
Open this post in threaded view
|

[cxf] 02/02: CXF-8025 - Specify a max stack depth to prevent recursion attacks

coheigea
Administrator
In reply to this post by coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 5cc82c4b232336d173db39f99d1c4a6bebd28963
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Tue Oct 8 17:10:53 2019 +0100

    CXF-8025 - Specify a max stack depth to prevent recursion attacks
   
    (cherry picked from commit af2c8ec3ea20d84504a8a7026a3b99ec1b1b081b)
---
 .../org/apache/cxf/tools/common/ToolConstants.java    |  3 ++-
 .../tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml    |  9 +++++++++
 .../jaxws/processor/internal/ProcessorUtil.java       | 18 ++++++++++++++----
 .../apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java    | 19 +++++++++++++++++++
 4 files changed, 44 insertions(+), 5 deletions(-)

diff --git a/tools/common/src/main/java/org/apache/cxf/tools/common/ToolConstants.java b/tools/common/src/main/java/org/apache/cxf/tools/common/ToolConstants.java
index 9e15c43..3ffcd98 100644
--- a/tools/common/src/main/java/org/apache/cxf/tools/common/ToolConstants.java
+++ b/tools/common/src/main/java/org/apache/cxf/tools/common/ToolConstants.java
@@ -102,9 +102,10 @@ public final class ToolConstants {
     public static final String CFG_SEI_SUPER = "seiSuper";
     public static final String CFG_MARK_GENERATED = "markGenerated";
     public static final String CFG_SUPPRESS_GENERATED_DATE = "suppressGeneratedDate";
-    
+
     public static final String CFG_MARK_GENERATED_OPTION = "mark-generated";
     public static final String CFG_SUPPRESS_GENERATED_DATE_OPTION = "suppress-generated-date";
+    public static final String CFG_MAX_EXTENSION_STACK_DEPTH = "maxExtensionStackDepth";
 
     //Internal Flag to generate
     public static final String CFG_IMPL_CLASS = "implClass";
diff --git a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml
index d5cda21..b5d524b 100644
--- a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml
+++ b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/jaxws-toolspec.xml
@@ -375,6 +375,15 @@ Examples:
                 </annotation>
                 <switch>suppress-generated-date</switch>
             </option>
+            <option id="maxExtensionStackDepth" maxOccurs="1">
+                <annotation>
+                    The maximum stack depth allowed when parsing schema extensions. The default is 5.
+                </annotation>
+                <switch>maxExtensionStackDepth</switch>
+                <associatedArgument placement="afterSpace">
+                    <annotation>maxExtensionStackDepth</annotation>
+                </associatedArgument>
+            </option>
         </optionGroup>
         <optionGroup id="common_options">
             <option id="help" maxOccurs="1">
diff --git a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
index 3c5a174..ea3fd34 100644
--- a/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
+++ b/tools/wsdlto/frontend/jaxws/src/main/java/org/apache/cxf/tools/wsdlto/frontend/jaxws/processor/internal/ProcessorUtil.java
@@ -41,6 +41,7 @@ import org.apache.cxf.common.xmlschema.SchemaCollection;
 import org.apache.cxf.helpers.JavaUtils;
 import org.apache.cxf.service.model.MessagePartInfo;
 import org.apache.cxf.service.model.ServiceInfo;
+import org.apache.cxf.tools.common.ToolConstants;
 import org.apache.cxf.tools.common.ToolContext;
 import org.apache.cxf.tools.common.model.DefaultValueWriter;
 import org.apache.cxf.tools.util.ClassCollector;
@@ -370,18 +371,27 @@ public final class ProcessorUtil {
 
         //If it's extension
         if (seq == null && type.getContentModel() != null) {
-            qnames.addAll(createWrappedElementsFromExtension(schema, type));
+            Object configuredMaxStackDepth = context.get(ToolConstants.CFG_MAX_EXTENSION_STACK_DEPTH);
+            Integer maxStackDepth = Integer.valueOf(5);
+            if (configuredMaxStackDepth instanceof Integer) {
+                maxStackDepth = (Integer)configuredMaxStackDepth;
+            } else if (configuredMaxStackDepth instanceof String) {
+                maxStackDepth = Integer.valueOf((String)configuredMaxStackDepth);
+            }
+            qnames.addAll(createWrappedElementsFromExtension(schema, type, maxStackDepth));
+
         }
 
         return qnames;
     }
 
     private static List<WrapperElement> createWrappedElementsFromExtension(SchemaCollection schema,
-                                                                           XmlSchemaComplexType type) {
+                                                                           XmlSchemaComplexType type,
+                                                                           int maxStackDepth) {
         List<WrapperElement> qnames = new ArrayList<>();
 
         XmlSchemaContent schemaContent = type.getContentModel().getContent();
-        if (!(schemaContent instanceof XmlSchemaComplexContentExtension)) {
+        if (!(schemaContent instanceof XmlSchemaComplexContentExtension) || maxStackDepth == 0) {
             return qnames;
         }
 
@@ -394,7 +404,7 @@ public final class ProcessorUtil {
 
             if (complexBaseType.getParticle() == null && complexBaseType.getContentModel() != null) {
                 // continue up the extension ladder
-                qnames.addAll(createWrappedElementsFromExtension(schema, complexBaseType));
+                qnames.addAll(createWrappedElementsFromExtension(schema, complexBaseType, maxStackDepth - 1));
             } else if (complexBaseType.getParticle() instanceof XmlSchemaSequence) {
                 XmlSchemaSequence seq = (XmlSchemaSequence)complexBaseType.getParticle();
                 qnames.addAll(createWrappedElements(seq));
diff --git a/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java b/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
index 89e2c1e..6434448 100644
--- a/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
+++ b/tools/wsdlto/test/src/test/java/org/apache/cxf/tools/wsdlto/jaxws/CodeGenTest.java
@@ -1667,6 +1667,25 @@ public class CodeGenTest extends AbstractCodeGenTest {
     }
 
     @Test
+    public void testMultilevelExtensionWrapperStackDepth() throws Exception {
+        env.put(ToolConstants.CFG_WSDLURL,
+                getLocation("/wsdl2java_wsdl/cxf8025/hello_world_multilevel_extension_wrapped.wsdl"));
+        env.put(ToolConstants.CFG_MAX_EXTENSION_STACK_DEPTH, Integer.valueOf(3));
+        processor.setContext(env);
+        processor.execute();
+
+        File infFile = new File(output, "org/apache/cxf/w2j/multilevel_extension_wrapped/Greeter.java");
+        assertTrue(infFile.exists());
+
+        Class<?> interfaceClass = classLoader.loadClass("org.apache.cxf.w2j.multilevel_extension_wrapped.Greeter");
+
+        Method method = interfaceClass.getMethod("greetMeMultilevelExtension", new Class[] {
+            String.class, String.class, String.class
+        });
+        assertNotNull("greetMeMultilevelExtension operation is NOT generated correctly as excepted", method);
+    }
+
+    @Test
     public void testJavaDoc() throws Exception {
         env.put(ToolConstants.CFG_WSDLURL, getLocation("/wsdl2java_wsdl/hello_world.wsdl"));
         processor.setContext(env);