org.apache.xml.security.utils.resolver.ResourceResolverSpi

org.apache.xml.security.utils.resolver.implementations.ResolverFragment

eu.europa.esig.dss.xades.EnforcedResolverFragment

public class EnforcedResolverFragment
extends org.apache.xml.security.utils.resolver.implementations.ResolverFragment

This class tests the xpath expression against injection. See https://www.owasp.org/index.php/XPATH_Injection_Java.

Field Summary

Fields inherited from class org.apache.xml.security.utils.resolver.ResourceResolverSpi
properties
Constructor Summary

Constructors

Constructor Description

EnforcedResolverFragment()

Method Summary

Modifier and Type	Method	Description
`boolean`	`checkValueForXpathInjection(String xpathString)`	This method tests the xpath expression against injection
`boolean`	`engineCanResolveURI(org.apache.xml.security.utils.resolver.ResourceResolverContext context)`

engineIsThreadSafe, engineResolveURI

engineAddProperies, engineGetProperty, engineGetPropertyKeys, engineSetProperty, fixURI, understandsProperty

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- EnforcedResolverFragment
  
  public EnforcedResolverFragment()
Method Details
- engineCanResolveURI
  
  public boolean engineCanResolveURI(org.apache.xml.security.utils.resolver.ResourceResolverContext context)
  
  Overrides:
  
  engineCanResolveURI in class org.apache.xml.security.utils.resolver.implementations.ResolverFragment
- checkValueForXpathInjection
  
  public boolean checkValueForXpathInjection(String xpathString)
  
  This method tests the xpath expression against injection
  
  Parameters:
  
  xpathString - the xpath expression to be tested
  
  Returns:
  
  false if the xpath contains forbidden character or if the xpath cannot be decoded

Class EnforcedResolverFragment