From 74beadeaac0781393b3be28b62752f511d40c8bf Mon Sep 17 00:00:00 2001 From: "Stein.Codes" Date: Wed, 18 Oct 2023 05:38:35 +0000 Subject: [PATCH] refactor: Java Security Ultimate Security Repo Scanner 2023 Disclaimer: Automated Commit Alert Please be aware that this commit, generated through automated processes, may contain false alerts or not be precisely targeted. This automated commit is part of a large-scale effort to enhance software security over time. It is sent to various repositories to improve code quality and security. Exercise caution when reviewing the changes, and ensure that any necessary adjustments are made to maintain the integrity and functionality of the software. Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/TkgUEiqd7?organizationId=RWNsaXBzZSBGb3VuZGF0aW9u Co-authored-by: Moderne --- .../ecf/example/collab/share/GenericSharedObject.java | 3 ++- .../src/org/eclipse/ecf/provider/comm/tcp/Client.java | 3 ++- .../src/org/eclipse/ecf/provider/comm/tcp/SSLClient.java | 3 ++- .../rest/client/XMLRemoteResponseDeserializer.java | 8 ++++++++ .../src/org/eclipse/ecf/ipc/Utils.java | 3 ++- .../ethz/iks/r_osgi/impl/ChannelEndpointMultiplexer.java | 3 ++- .../main/java/ch/ethz/iks/r_osgi/types/Timestamp.java | 3 ++- .../protocol/bittorrent/internal/net/ConnectionPool.java | 3 ++- .../src/org/jivesoftware/smack/ReconnectionManager.java | 5 ++++- .../src/org/jivesoftware/smack/util/StringUtils.java | 3 ++- .../smackx/bytestreams/ibb/InBandBytestreamManager.java | 3 ++- .../bytestreams/socks5/Socks5BytestreamManager.java | 3 ++- .../jivesoftware/smackx/debugger/EnhancedDebugger.java | 4 ++++ .../smackx/filetransfer/FileTransferNegotiator.java | 3 ++- .../org/jivesoftware/smackx/provider/VCardProvider.java | 9 +++++++++ .../internal/irc/ui/wizards/IRCConnectWizardPage.java | 3 ++- .../jmdns/javax/jmdns/impl/JmDNSImpl.java | 3 ++- .../ecf/server/generic/app/ClientApplication.java | 3 ++- .../ecf/server/generic/app/ServerConfigParser.java | 7 +++++++ .../org/apache/commons/httpclient/TestPartsNoHost.java | 3 ++- .../ecf/tests/discovery/AbstractDiscoveryTest.java | 3 ++- .../eclipse/ecf/tests/discovery/RndStatsTestCase.java | 3 ++- .../org/eclipse/ecf/tests/filetransfer/FileSendTest.java | 5 +++-- .../ecf/tests/filetransfer/GetRemoteFileNameTest.java | 3 ++- .../eclipse/ecf/tests/filetransfer/URLCancelTest.java | 3 ++- .../eclipse/ecf/tests/filetransfer/URLRetrieveTest.java | 7 ++++--- .../tests/filetransfer/URLRetrieveTestWithCustomJob.java | 3 ++- .../tests/provider/filetransfer/efs/RetrieveTest.java | 3 ++- .../src/org/eclipse/ecf/tests/sync/SharedDocClient.java | 3 ++- 29 files changed, 83 insertions(+), 28 deletions(-) diff --git a/examples/bundles/org.eclipse.ecf.example.collab/src/org/eclipse/ecf/example/collab/share/GenericSharedObject.java b/examples/bundles/org.eclipse.ecf.example.collab/src/org/eclipse/ecf/example/collab/share/GenericSharedObject.java index 42d2e840ac..2a2d761d63 100644 --- a/examples/bundles/org.eclipse.ecf.example.collab/src/org/eclipse/ecf/example/collab/share/GenericSharedObject.java +++ b/examples/bundles/org.eclipse.ecf.example.collab/src/org/eclipse/ecf/example/collab/share/GenericSharedObject.java @@ -15,6 +15,7 @@ import java.io.IOException; import java.io.Serializable; +import java.security.SecureRandom; import java.util.Hashtable; import java.util.Random; @@ -424,6 +425,6 @@ public ID createObject(ID target, ReplicaSharedObjectDescription desc) } public String getUniqueString() { - return String.valueOf((new Random()).nextLong()); + return String.valueOf((new SecureRandom()).nextLong()); } } diff --git a/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/Client.java b/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/Client.java index d74264ea75..af38d04bb8 100644 --- a/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/Client.java +++ b/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/Client.java @@ -16,6 +16,7 @@ import java.net.*; import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.SecureRandom; import java.util.*; import org.eclipse.core.runtime.Assert; import org.eclipse.ecf.core.identity.ID; @@ -421,7 +422,7 @@ public void stop() { private Thread setupPing() { debug("setupPing()"); //$NON-NLS-1$ - final int pingStartWait = (new Random()).nextInt(keepAlive / 2); + final int pingStartWait = (new SecureRandom()).nextInt(keepAlive / 2); return new Thread(new Runnable() { public void run() { final Thread me = Thread.currentThread(); diff --git a/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/SSLClient.java b/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/SSLClient.java index 25c71d55c3..03d52da54f 100644 --- a/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/SSLClient.java +++ b/framework/bundles/org.eclipse.ecf.provider/src/org/eclipse/ecf/provider/comm/tcp/SSLClient.java @@ -16,6 +16,7 @@ import java.net.*; import java.security.AccessController; import java.security.PrivilegedAction; +import java.security.SecureRandom; import java.util.*; import javax.net.ssl.SSLSocketFactory; import org.eclipse.core.runtime.Assert; @@ -401,7 +402,7 @@ public void stop() { private Thread setupPing() { debug("setupPing()"); //$NON-NLS-1$ - final int pingStartWait = (new Random()).nextInt(keepAlive / 2); + final int pingStartWait = (new SecureRandom()).nextInt(keepAlive / 2); return new Thread(new Runnable() { public void run() { final Thread me = Thread.currentThread(); diff --git a/framework/bundles/org.eclipse.ecf.remoteservice.rest/src/org/eclipse/ecf/remoteservice/rest/client/XMLRemoteResponseDeserializer.java b/framework/bundles/org.eclipse.ecf.remoteservice.rest/src/org/eclipse/ecf/remoteservice/rest/client/XMLRemoteResponseDeserializer.java index 13367bb253..6ae2e4fe18 100644 --- a/framework/bundles/org.eclipse.ecf.remoteservice.rest/src/org/eclipse/ecf/remoteservice/rest/client/XMLRemoteResponseDeserializer.java +++ b/framework/bundles/org.eclipse.ecf.remoteservice.rest/src/org/eclipse/ecf/remoteservice/rest/client/XMLRemoteResponseDeserializer.java @@ -17,6 +17,7 @@ import java.util.Map; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import org.eclipse.ecf.remoteservice.IRemoteCall; import org.eclipse.ecf.remoteservice.client.IRemoteCallable; import org.eclipse.ecf.remoteservice.client.IRemoteResponseDeserializer; @@ -32,6 +33,13 @@ public class XMLRemoteResponseDeserializer implements IRemoteResponseDeserialize public Object deserializeResponse(String uri, IRemoteCall call, IRemoteCallable callable, Map responseHeaders, byte[] responseBody) throws NotSerializableException { DocumentBuilderFactory documentFactory = DocumentBuilderFactory.newInstance(); + String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + try { + documentFactory.setFeature(FEATURE, true); + } catch (ParserConfigurationException e) { + throw new IllegalStateException("ParserConfigurationException was thrown. The feature '" + + FEATURE + "' is not supported by your XML processor.", e); + } String errorMsg = "XML response can't be parsed: "; //$NON-NLS-1$ try { DocumentBuilder builder = documentFactory.newDocumentBuilder(); diff --git a/incubation/projects/org.eclipse.ecf.ipc/bundles/org.eclipse.ecf.ipc/src/org/eclipse/ecf/ipc/Utils.java b/incubation/projects/org.eclipse.ecf.ipc/bundles/org.eclipse.ecf.ipc/src/org/eclipse/ecf/ipc/Utils.java index 485224ad3a..c1d1a68f32 100644 --- a/incubation/projects/org.eclipse.ecf.ipc/bundles/org.eclipse.ecf.ipc/src/org/eclipse/ecf/ipc/Utils.java +++ b/incubation/projects/org.eclipse.ecf.ipc/bundles/org.eclipse.ecf.ipc/src/org/eclipse/ecf/ipc/Utils.java @@ -21,6 +21,7 @@ import java.io.PrintWriter; import java.io.Reader; import java.io.StringWriter; +import java.nio.file.Files; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -326,7 +327,7 @@ public static String readOrCreate(File file, String contents) throws IOException // create a temp file and write the contents to it. // File parent = file.getParentFile(); - File temp = File.createTempFile("tempfile", null, parent); + File temp = Files.createTempFile(parent.toPath(), "tempfile", null).toFile(); Utils.writeFile(temp, contents); // diff --git a/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/impl/ChannelEndpointMultiplexer.java b/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/impl/ChannelEndpointMultiplexer.java index 4624ce2dda..e4ab88c631 100644 --- a/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/impl/ChannelEndpointMultiplexer.java +++ b/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/impl/ChannelEndpointMultiplexer.java @@ -28,6 +28,7 @@ */ package ch.ethz.iks.r_osgi.impl; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Dictionary; import java.util.HashMap; @@ -232,7 +233,7 @@ public boolean isConnected() { */ private class Mapping { - private final Random random = new Random(System.currentTimeMillis()); + private final Random random = new SecureRandom(); private final List redundant = new ArrayList(0); private final Map uriMapping = new HashMap(0); diff --git a/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/types/Timestamp.java b/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/types/Timestamp.java index d11a514d05..d81dd607ef 100644 --- a/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/types/Timestamp.java +++ b/protocols/bundles/ch.ethz.iks.r_osgi.remote/src/main/java/ch/ethz/iks/r_osgi/types/Timestamp.java @@ -28,6 +28,7 @@ */ package ch.ethz.iks.r_osgi.types; +import java.security.SecureRandom; import java.util.Random; /** @@ -53,7 +54,7 @@ public final class Timestamp implements Comparable { * the offset of the logical clock. Initialized by a pseudo- random number * to simplify causal ordering among different peers. */ - private static int counter = new Random().nextInt(1000); + private static int counter = new SecureRandom().nextInt(1000); /** * the actual timestamp, stored as long. diff --git a/protocols/bundles/org.eclipse.ecf.protocol.bittorrent/src/org/eclipse/ecf/protocol/bittorrent/internal/net/ConnectionPool.java b/protocols/bundles/org.eclipse.ecf.protocol.bittorrent/src/org/eclipse/ecf/protocol/bittorrent/internal/net/ConnectionPool.java index aa6e842433..f3c3ed3b64 100644 --- a/protocols/bundles/org.eclipse.ecf.protocol.bittorrent/src/org/eclipse/ecf/protocol/bittorrent/internal/net/ConnectionPool.java +++ b/protocols/bundles/org.eclipse.ecf.protocol.bittorrent/src/org/eclipse/ecf/protocol/bittorrent/internal/net/ConnectionPool.java @@ -15,6 +15,7 @@ import java.io.UnsupportedEncodingException; import java.net.Socket; import java.nio.channels.SocketChannel; +import java.security.SecureRandom; import java.util.LinkedList; import java.util.Random; import java.util.Vector; @@ -29,7 +30,7 @@ class ConnectionPool { * A shared Random instance to randomly select a piece to * request from peers. */ - static final Random RANDOM = new Random(); + static final Random RANDOM = new SecureRandom(); /** * The number of seconds to wait before rotating optimistic unchokes. diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ReconnectionManager.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ReconnectionManager.java index 7e3c1dea38..5fd771de84 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ReconnectionManager.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/ReconnectionManager.java @@ -18,7 +18,10 @@ package org.jivesoftware.smack; import org.jivesoftware.smack.packet.StreamError; + +import java.security.SecureRandom; import java.util.Random; + /** * Handles the automatic reconnection process. Every time a connection is dropped without * the application explictly closing it, the manager automatically tries to reconnect to @@ -38,7 +41,7 @@ public class ReconnectionManager implements ConnectionListener { // Holds the connection to the server private Connection connection; private Thread reconnectionThread; - private int randomBase = new Random().nextInt(11) + 5; // between 5 and 15 seconds + private int randomBase = new SecureRandom().nextInt(11) + 5; // between 5 and 15 seconds // Holds the state of the reconnection boolean done = false; diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/util/StringUtils.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/util/StringUtils.java index a686cfa180..ffb826cc98 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/util/StringUtils.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smack/util/StringUtils.java @@ -23,6 +23,7 @@ import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -727,7 +728,7 @@ public static byte[] decodeBase64(String data) { * The Random class is not considered to be cryptographically secure, so * only use these random Strings for low to medium security applications. */ - private static Random randGen = new Random(); + private static Random randGen = new SecureRandom(); /** * Array of numbers and letters of mixed case. Numbers appear in the list diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/ibb/InBandBytestreamManager.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/ibb/InBandBytestreamManager.java index a4f3592e12..615d034836 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/ibb/InBandBytestreamManager.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/ibb/InBandBytestreamManager.java @@ -13,6 +13,7 @@ */ package org.jivesoftware.smackx.bytestreams.ibb; +import java.security.SecureRandom; import java.util.Collections; import java.util.HashMap; import java.util.LinkedList; @@ -126,7 +127,7 @@ public void connectionClosed() { private static final String SESSION_ID_PREFIX = "jibb_"; /* random generator to create session IDs */ - private final static Random randomGenerator = new Random(); + private final static Random randomGenerator = new SecureRandom(); /* stores one InBandBytestreamManager for each XMPP connection */ private final static Map managers = new HashMap(); diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/socks5/Socks5BytestreamManager.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/socks5/Socks5BytestreamManager.java index d78d5d1bc6..d868bd5e90 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/socks5/Socks5BytestreamManager.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/bytestreams/socks5/Socks5BytestreamManager.java @@ -15,6 +15,7 @@ import java.io.IOException; import java.net.Socket; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -115,7 +116,7 @@ public void connectionClosed() { private static final String SESSION_ID_PREFIX = "js5_"; /* random generator to create session IDs */ - private final static Random randomGenerator = new Random(); + private final static Random randomGenerator = new SecureRandom(); /* stores one Socks5BytestreamManager for each XMPP connection */ private final static Map managers = new HashMap(); diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/debugger/EnhancedDebugger.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/debugger/EnhancedDebugger.java index 3d6e7b6dbf..c353c97b54 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/debugger/EnhancedDebugger.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/debugger/EnhancedDebugger.java @@ -35,6 +35,7 @@ import javax.swing.event.ListSelectionListener; import javax.swing.table.DefaultTableModel; import javax.swing.text.BadLocationException; +import javax.xml.XMLConstants; import javax.xml.transform.*; import javax.xml.transform.stream.StreamResult; import javax.xml.transform.stream.StreamSource; @@ -872,6 +873,9 @@ private String formatXML(String str) { try { // Use a Transformer for output TransformerFactory tFactory = TransformerFactory.newInstance(); + tFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + tFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + tFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // Surround this setting in a try/catch for compatibility with Java 1.4. This setting is required // for Java 1.5 try { diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/filetransfer/FileTransferNegotiator.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/filetransfer/FileTransferNegotiator.java index 3b2b30d9d5..1f6498a98e 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/filetransfer/FileTransferNegotiator.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/filetransfer/FileTransferNegotiator.java @@ -20,6 +20,7 @@ package org.jivesoftware.smackx.filetransfer; import java.net.URLConnection; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; @@ -69,7 +70,7 @@ public class FileTransferNegotiator { protected static final String STREAM_DATA_FIELD_NAME = "stream-method"; - private static final Random randomGenerator = new Random(); + private static final Random randomGenerator = new SecureRandom(); /** * A static variable to use only offer IBB for file transfer. It is generally recommend to only diff --git a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/provider/VCardProvider.java b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/provider/VCardProvider.java index fd9e1d911e..7157542992 100644 --- a/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/provider/VCardProvider.java +++ b/protocols/bundles/org.jivesoftware.smack/src/org/jivesoftware/smackx/provider/VCardProvider.java @@ -30,6 +30,8 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.ArrayList; @@ -92,6 +94,13 @@ public static VCard createVCardFromXML(String xml) throws Exception { VCard vCard = new VCard(); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + try { + documentBuilderFactory.setFeature(FEATURE, true); + } catch (ParserConfigurationException e) { + throw new IllegalStateException("ParserConfigurationException was thrown. The feature '" + + FEATURE + "' is not supported by your XML processor.", e); + } DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); Document document = documentBuilder.parse( new ByteArrayInputStream(xml.getBytes(PREFERRED_ENCODING))); diff --git a/providers/bundles/org.eclipse.ecf.provider.irc.ui/src/org/eclipse/ecf/internal/irc/ui/wizards/IRCConnectWizardPage.java b/providers/bundles/org.eclipse.ecf.provider.irc.ui/src/org/eclipse/ecf/internal/irc/ui/wizards/IRCConnectWizardPage.java index f96927dbcb..485bdca7bc 100644 --- a/providers/bundles/org.eclipse.ecf.provider.irc.ui/src/org/eclipse/ecf/internal/irc/ui/wizards/IRCConnectWizardPage.java +++ b/providers/bundles/org.eclipse.ecf.provider.irc.ui/src/org/eclipse/ecf/internal/irc/ui/wizards/IRCConnectWizardPage.java @@ -13,6 +13,7 @@ *****************************************************************************/ package org.eclipse.ecf.internal.irc.ui.wizards; +import java.security.SecureRandom; import java.util.*; import java.util.List; import org.eclipse.ecf.internal.irc.ui.Activator; @@ -167,7 +168,7 @@ public void handleEvent(Event arg0) { } private String getRandomNumber() { - Random random = new Random(); + Random random = new SecureRandom(); return String.valueOf(random.nextInt(100000)); } diff --git a/providers/bundles/org.eclipse.ecf.provider.jmdns/jmdns/javax/jmdns/impl/JmDNSImpl.java b/providers/bundles/org.eclipse.ecf.provider.jmdns/jmdns/javax/jmdns/impl/JmDNSImpl.java index c10d2ab4d5..e90a6bdc08 100644 --- a/providers/bundles/org.eclipse.ecf.provider.jmdns/jmdns/javax/jmdns/impl/JmDNSImpl.java +++ b/providers/bundles/org.eclipse.ecf.provider.jmdns/jmdns/javax/jmdns/impl/JmDNSImpl.java @@ -6,6 +6,7 @@ import java.io.IOException; import java.net.*; +import java.security.SecureRandom; import java.util.*; import javax.jmdns.*; import javax.jmdns.impl.tasks.*; @@ -106,7 +107,7 @@ public class JmDNSImpl extends JmDNS { * The source for random values. This is used to introduce random delays in * responses. This reduces the potential for collisions on the network. */ - private final static Random random = new Random(); + private final static Random random = new SecureRandom(); /** * This lock is used to coordinate processing of incoming and outgoing diff --git a/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ClientApplication.java b/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ClientApplication.java index f9c7ecee28..02fcb4ad82 100644 --- a/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ClientApplication.java +++ b/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ClientApplication.java @@ -11,6 +11,7 @@ *****************************************************************************/ package org.eclipse.ecf.server.generic.app; +import java.security.SecureRandom; import java.util.HashMap; import java.util.Random; import org.eclipse.ecf.core.ContainerTypeDescription; @@ -56,7 +57,7 @@ public class ClientApplication { ID[] sharedObjects = null; static ContainerTypeDescription contd = null; - static Random aRan = new Random(); + static Random aRan = new SecureRandom(); public ClientApplication() { super(); diff --git a/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ServerConfigParser.java b/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ServerConfigParser.java index 6c4f61a4bf..a7b458e227 100644 --- a/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ServerConfigParser.java +++ b/server-side/bundles/org.eclipse.ecf.server.generic/src/org/eclipse/ecf/server/generic/app/ServerConfigParser.java @@ -116,6 +116,13 @@ protected String getAttributeValue(Node node, String attrName) { public List load(InputStream ins) throws ParserConfigurationException, SAXException, IOException { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + String FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; + try { + dbf.setFeature(FEATURE, true); + } catch (ParserConfigurationException e) { + throw new IllegalStateException("ParserConfigurationException was thrown. The feature '" + + FEATURE + "' is not supported by your XML processor.", e); + } DocumentBuilder db = dbf.newDocumentBuilder(); Document doc = db.parse(ins); return loadConnectors(doc); diff --git a/tests/bundles/org.eclipse.ecf.tests.apache.httpclient.server/src/org/apache/commons/httpclient/TestPartsNoHost.java b/tests/bundles/org.eclipse.ecf.tests.apache.httpclient.server/src/org/apache/commons/httpclient/TestPartsNoHost.java index 64250e0ff2..142f662ba2 100644 --- a/tests/bundles/org.eclipse.ecf.tests.apache.httpclient.server/src/org/apache/commons/httpclient/TestPartsNoHost.java +++ b/tests/bundles/org.eclipse.ecf.tests.apache.httpclient.server/src/org/apache/commons/httpclient/TestPartsNoHost.java @@ -35,6 +35,7 @@ import java.io.FileWriter; import java.io.IOException; import java.io.PrintWriter; +import java.nio.file.Files; import junit.framework.Test; import junit.framework.TestCase; @@ -108,7 +109,7 @@ public void testFilePartNullFileResendsData() throws Exception { * written to. */ private File createTempTestFile() throws IOException { - File file = File.createTempFile("FilePartTest", ".txt"); + File file = Files.createTempFile("FilePartTest", ".txt").toFile(); PrintWriter out = new PrintWriter(new FileWriter(file)); out.println(PART_DATA); out.flush(); diff --git a/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/AbstractDiscoveryTest.java b/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/AbstractDiscoveryTest.java index 36b309feb5..30e7e4c71e 100755 --- a/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/AbstractDiscoveryTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/AbstractDiscoveryTest.java @@ -13,6 +13,7 @@ package org.eclipse.ecf.tests.discovery; import java.net.URI; +import java.security.SecureRandom; import java.util.Comparator; import java.util.Properties; import java.util.Random; @@ -51,7 +52,7 @@ public abstract class AbstractDiscoveryTest extends TestCase { public AbstractDiscoveryTest(String name) { super(); this.containerUnderTest = name; - this.random = new Random(); + this.random = new SecureRandom(); } public String getTestId() { diff --git a/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/RndStatsTestCase.java b/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/RndStatsTestCase.java index 12712ddb19..32a4e8d640 100644 --- a/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/RndStatsTestCase.java +++ b/tests/bundles/org.eclipse.ecf.tests.discovery/src/org/eclipse/ecf/tests/discovery/RndStatsTestCase.java @@ -12,6 +12,7 @@ *****************************************************************************/ package org.eclipse.ecf.tests.discovery; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -80,7 +81,7 @@ public static Test suite(TestSuite suite) { // shuffle the list to create randomized test order System.out.println("Seed used for test ordering: " + SEED); - Collections.shuffle(tests, new Random(SEED)); + Collections.shuffle(tests, new SecureRandom()); // Create empty test suite and add tests in order of shuffeled list suite = new MyTestSuite(RndStatsTestCase.class.getName()); diff --git a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/FileSendTest.java b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/FileSendTest.java index 257e2b1943..1873e06dd5 100755 --- a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/FileSendTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/FileSendTest.java @@ -17,6 +17,7 @@ import java.io.FileOutputStream; import java.io.InputStream; import java.net.URL; +import java.nio.file.Files; /** * @@ -32,7 +33,7 @@ public class FileSendTest extends AbstractSendTestCase { protected void setUp() throws Exception { super.setUp(); URL url = this.getClass().getResource("/test.txt"); - inputFile = File.createTempFile("ECFTest", "input.txt"); + inputFile = Files.createTempFile("ECFTest", "input.txt").toFile(); FileOutputStream fos = new FileOutputStream(inputFile); InputStream ins = url.openStream(); byte [] buf = new byte[1024]; @@ -40,7 +41,7 @@ protected void setUp() throws Exception { while ((l = ins.read(buf)) != -1) fos.write(buf); fos.close(); ins.close(); - outputFile = File.createTempFile("ECFTest", "test.txt"); + outputFile = Files.createTempFile("ECFTest", "test.txt").toFile(); } /* (non-Javadoc) diff --git a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/GetRemoteFileNameTest.java b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/GetRemoteFileNameTest.java index bc66d26abd..b3a385933e 100644 --- a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/GetRemoteFileNameTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/GetRemoteFileNameTest.java @@ -16,6 +16,7 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.nio.file.Files; import org.eclipse.ecf.filetransfer.IFileTransferListener; import org.eclipse.ecf.filetransfer.events.IIncomingFileTransferReceiveDataEvent; @@ -36,7 +37,7 @@ public class GetRemoteFileNameTest extends AbstractRetrieveTestCase { */ protected void setUp() throws Exception { super.setUp(); - tmpFile = File.createTempFile("ECFTest", ""); + tmpFile = Files.createTempFile("ECFTest", "").toFile(); } /* diff --git a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLCancelTest.java b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLCancelTest.java index 301c515901..b3400b2332 100755 --- a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLCancelTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLCancelTest.java @@ -16,6 +16,7 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.nio.file.Files; import org.eclipse.ecf.filetransfer.IFileTransferListener; import org.eclipse.ecf.filetransfer.events.IIncomingFileTransferReceiveDataEvent; @@ -37,7 +38,7 @@ public class URLCancelTest extends AbstractRetrieveTestCase { */ protected void setUp() throws Exception { super.setUp(); - tmpFile = File.createTempFile("ECFTest", ""); + tmpFile = Files.createTempFile("ECFTest", "").toFile(); } /* diff --git a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTest.java b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTest.java index daabb09fd4..605c66fe36 100644 --- a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTest.java @@ -18,6 +18,7 @@ import java.net.ConnectException; import java.net.HttpURLConnection; import java.net.URL; +import java.nio.file.Files; import java.util.Map; import org.apache.commons.httpclient.server.HttpRequestHandler; @@ -60,7 +61,7 @@ public class URLRetrieveTest extends AbstractRetrieveTestCase { */ protected void setUp() throws Exception { super.setUp(); - tmpFile = File.createTempFile("ECFTest", ""); + tmpFile = Files.createTempFile("ECFTest", "").toFile(); server = new SimpleServer(getName()); SimpleHttpServer simple = server.getSimpleHttpServer(); simple.setRequestHandler(new HttpRequestHandler() { @@ -259,7 +260,7 @@ public void testReceiveGzip() throws Exception { public static final String HTTP_RETRIEVE_GZFILE_MIRROR = "http://mirrors.xmission.com/eclipse/eclipse/updates/3.4//plugins/javax.servlet.jsp_2.0.0.v200806031607.jar.pack.gz"; public void testReceiveGzipWithGZFile() throws Exception { - tmpFile = File.createTempFile("foo", "something.pack.gz"); + tmpFile = Files.createTempFile("foo", "something.pack.gz").toFile(); testReceive(HTTP_RETRIEVE_GZFILE); if (tmpFile != null) { System.out.println(tmpFile.length()); @@ -268,7 +269,7 @@ public void testReceiveGzipWithGZFile() throws Exception { } public void testReceiveGzipWithGZFileFromMirror() throws Exception { - tmpFile = File.createTempFile("foo", "something.pack.gz"); + tmpFile = Files.createTempFile("foo", "something.pack.gz").toFile(); testReceive(HTTP_RETRIEVE_GZFILE_MIRROR); if (tmpFile != null) { System.out.println(tmpFile.length()); diff --git a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTestWithCustomJob.java b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTestWithCustomJob.java index 95c106d9f7..30a3123935 100755 --- a/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTestWithCustomJob.java +++ b/tests/bundles/org.eclipse.ecf.tests.filetransfer/src/org/eclipse/ecf/tests/filetransfer/URLRetrieveTestWithCustomJob.java @@ -16,6 +16,7 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.nio.file.Files; import org.eclipse.core.runtime.IStatus; import org.eclipse.ecf.filetransfer.FileTransferJob; @@ -38,7 +39,7 @@ public class URLRetrieveTestWithCustomJob extends AbstractRetrieveTestCase { */ protected void setUp() throws Exception { super.setUp(); - tmpFile = File.createTempFile("ECFTest", ""); + tmpFile = Files.createTempFile("ECFTest", "").toFile(); } /* diff --git a/tests/bundles/org.eclipse.ecf.tests.provider.filetransfer.efs/src/org/eclipse/ecf/tests/provider/filetransfer/efs/RetrieveTest.java b/tests/bundles/org.eclipse.ecf.tests.provider.filetransfer.efs/src/org/eclipse/ecf/tests/provider/filetransfer/efs/RetrieveTest.java index 8b0ea1c53a..ffb7633830 100755 --- a/tests/bundles/org.eclipse.ecf.tests.provider.filetransfer.efs/src/org/eclipse/ecf/tests/provider/filetransfer/efs/RetrieveTest.java +++ b/tests/bundles/org.eclipse.ecf.tests.provider.filetransfer.efs/src/org/eclipse/ecf/tests/provider/filetransfer/efs/RetrieveTest.java @@ -16,6 +16,7 @@ import java.io.File; import java.io.IOException; import java.net.URL; +import java.nio.file.Files; import org.eclipse.ecf.filetransfer.events.IIncomingFileTransferReceiveDataEvent; import org.eclipse.ecf.filetransfer.events.IIncomingFileTransferReceiveDoneEvent; @@ -36,7 +37,7 @@ public class RetrieveTest extends AbstractRetrieveTestCase { */ protected void setUp() throws Exception { super.setUp(); - tmpFile = File.createTempFile("ECFTest", ""); + tmpFile = Files.createTempFile("ECFTest", "").toFile(); } protected void handleStartEvent(IIncomingFileTransferReceiveStartEvent event) { diff --git a/tests/bundles/org.eclipse.ecf.tests.sync/src/org/eclipse/ecf/tests/sync/SharedDocClient.java b/tests/bundles/org.eclipse.ecf.tests.sync/src/org/eclipse/ecf/tests/sync/SharedDocClient.java index cd9f92618f..cb3763a2fe 100644 --- a/tests/bundles/org.eclipse.ecf.tests.sync/src/org/eclipse/ecf/tests/sync/SharedDocClient.java +++ b/tests/bundles/org.eclipse.ecf.tests.sync/src/org/eclipse/ecf/tests/sync/SharedDocClient.java @@ -1,5 +1,6 @@ package org.eclipse.ecf.tests.sync; +import java.security.SecureRandom; import java.util.Random; import org.eclipse.ecf.sync.IModelChange; @@ -23,7 +24,7 @@ public class SharedDocClient extends Thread { private IModelSynchronizationStrategy syncStrategy; - private Random random = new Random(); + private Random random = new SecureRandom(); public SharedDocClient(String name, IModelSynchronizationStrategy syncStrategy, String startText) {