Merge pull request #81 from RUB-NDS/xmlParsing

Fixed XMLHelper.stringToDom()
RUB-NDS · Mar 19, 2018 · 02ae955 · 02ae955
2 parents 1d0a3b5 + e75181e
commit 02ae955
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 10 deletions.
diff --git a/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java b/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java
@@ -48,7 +48,6 @@ public class UISourceViewer extends JPanel implements ICodeListener{
     private CodeListenerController listeners = null;
     private JCheckBox checkBox;
     private RTextScrollPane sp;
-    private JLabel label;
 
     private IBurpExtenderCallbacks callbacks;
     private boolean wrapLines;
@@ -74,9 +73,6 @@ public UISourceViewer(IBurpExtenderCallbacks callbacks){
     }
 
     private void initComponent(){
-        label = new JLabel();
-        label.setText("Please note: External entities are processed!");
-        label.setForeground(Color.RED);
         textArea = new RSyntaxTextArea(20, 60);
         textArea.setSyntaxEditingStyle(codeStyle);
         textArea.setText(sourceCode);
@@ -103,16 +99,12 @@ public void actionPerformed(ActionEvent ae) {
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addComponent(sp)        
             .addGroup(layout.createSequentialGroup()
-                .addComponent(label)
-                .addGap(15)
                 .addComponent(checkBox))
         );
         layout.setVerticalGroup(
             layout.createSequentialGroup()
             .addComponent(sp)
             .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.CENTER)
-                .addComponent(label)
-                .addGap(15)
                 .addComponent(checkBox))
         );
     }

diff --git a/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java b/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java
@@ -60,6 +60,12 @@ public abstract class XMLHelper {
     */
 
     public static String format(String input, int indent) {
+        // javax.xml.transform.Transformer does not keep DTDs and always expands
+        // entity references defined in inline DTDs - so we do not pretty-print those
+        if (input.toUpperCase().contains("DOCTYPE")) {
+            Logging.getInstance().log(XMLHelper.class,"XML contains inline DTD, skip pretty printing", Logging.DEBUG);
+            return input;
+        }
         try {
             Source xmlInput = new StreamSource(new StringReader(input));
             StringWriter stringWriter = new StringWriter();
@@ -70,7 +76,7 @@ public static String format(String input, int indent) {
             transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,"");
             Transformer transformer = transformerFactory.newTransformer();
             transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
-            transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+            transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, input.startsWith("<?xml") ? "yes" : "no");
             transformer.setOutputProperty(OutputKeys.INDENT, "yes");
             transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", String.valueOf(indent));
             transformer.transform(xmlInput, xmlOutput);
@@ -92,7 +98,7 @@ public static Document stringToDom (String xmlString) {
             return dom;
         } catch (ParserConfigurationException | SAXException | IOException e) {
             Logging.getInstance().log(XMLHelper.class, e);
-            return null;
+            return stringToDom("<error>Failed to parse input XML</error>");
         }
     }