From e75181ed144b94782f30869076c16ecbd0042cf7 Mon Sep 17 00:00:00 2001 From: plokta Date: Mon, 19 Mar 2018 14:05:39 +0100 Subject: [PATCH] Do not process inline DTDs - skip pretty printing xml that contains DTDs - remove warning label --- .../nds/burp/espresso/editor/saml/UISourceViewer.java | 8 -------- src/main/java/de/rub/nds/burp/utilities/XMLHelper.java | 10 ++++++++-- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java b/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java index e5fd137..137264c 100644 --- a/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java +++ b/src/main/java/de/rub/nds/burp/espresso/editor/saml/UISourceViewer.java @@ -48,7 +48,6 @@ public class UISourceViewer extends JPanel implements ICodeListener{ private CodeListenerController listeners = null; private JCheckBox checkBox; private RTextScrollPane sp; - private JLabel label; private IBurpExtenderCallbacks callbacks; private boolean wrapLines; @@ -74,9 +73,6 @@ public UISourceViewer(IBurpExtenderCallbacks callbacks){ } private void initComponent(){ - label = new JLabel(); - label.setText("Please note: External entities are processed!"); - label.setForeground(Color.RED); textArea = new RSyntaxTextArea(20, 60); textArea.setSyntaxEditingStyle(codeStyle); textArea.setText(sourceCode); @@ -103,16 +99,12 @@ public void actionPerformed(ActionEvent ae) { layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addComponent(sp) .addGroup(layout.createSequentialGroup() - .addComponent(label) - .addGap(15) .addComponent(checkBox)) ); layout.setVerticalGroup( layout.createSequentialGroup() .addComponent(sp) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.CENTER) - .addComponent(label) - .addGap(15) .addComponent(checkBox)) ); } diff --git a/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java b/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java index 9dee3c6..f43ef42 100644 --- a/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java +++ b/src/main/java/de/rub/nds/burp/utilities/XMLHelper.java @@ -60,6 +60,12 @@ public abstract class XMLHelper { */ public static String format(String input, int indent) { + // javax.xml.transform.Transformer does not keep DTDs and always expands + // entity references defined in inline DTDs - so we do not pretty-print those + if (input.toUpperCase().contains("DOCTYPE")) { + Logging.getInstance().log(XMLHelper.class,"XML contains inline DTD, skip pretty printing", Logging.DEBUG); + return input; + } try { Source xmlInput = new StreamSource(new StringReader(input)); StringWriter stringWriter = new StringWriter(); @@ -70,7 +76,7 @@ public static String format(String input, int indent) { transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET,""); Transformer transformer = transformerFactory.newTransformer(); transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8"); - transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, input.startsWith("Failed to parse input XML"); } }