[Dive4elements-commits] [PATCH] Removed XPath injection!

Wald Commits scm-commit at wald.intevation.org
Fri Jan 18 10:30:27 CET 2013 

# HG changeset patch
# User Sascha L. Teichmann <teichmann at intevation.de>
# Date 1358501409 -3600
# Node ID a06e443f159afc7ca24dc9ca76d16f25d2e4c6f4
# Parent  5ca2516ebef198d6e48579105ade91767907743c
Removed XPath injection!

diff -r 5ca2516ebef1 -r a06e443f159a flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java
--- a/flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java	Thu Jan 17 21:06:41 2013 +0100
+++ b/flys-artifacts/src/main/java/de/intevation/flys/artifacts/services/MapInfoService.java	Fri Jan 18 10:30:09 2013 +0100
@@ -35,13 +35,13 @@
     public static final String XPATH_MAPTYPE = "/mapinfo/maptype/text()";
 
     private static final String XPATH_RIVER_PROJECTION =
-        "/artifact-database/floodmap/river[@name=$river]/srid/@value";
+        "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/srid/@value";
 
     private static final String XPATH_RIVER_BACKGROUND =
-        "/artifact-database/floodmap/river[@name=$river]/background-wms";
+        "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/background-wms";
 
     private static final String XPATH_RIVER_WMS =
-        "/artifact-database/floodmap/river[@name=$river]/river-wms";
+        "/artifact-database/*[local-name()=$maptype]/river[@name=$river]/river-wms";
 
 
     /** The logger used in this service.*/
@@ -72,13 +72,6 @@
             null, variables);
     }
 
-    protected String xpathMaptypeSwitch(String maptype, String xpath) {
-        if (maptype != null) {
-            return xpath.replace("floodmap", maptype);
-        }
-        return xpath;
-    }
-
     @Override
     public Document processXML(
         Document      data,
@@ -93,13 +86,18 @@
         Element mapinfo = cr.create("mapinfo");
         result.appendChild(mapinfo);
 
-        String mapType = extractMaptype(data);
         String river = extractRiver(data);
         if (river == null || river.length() == 0) {
             logger.warn("Cannot generate information: river is empty!");
             return result;
         }
 
+        String mapType = extractMaptype(data);
+        if (mapType == null
+        || !(mapType.equals("floodmap") || mapType.equals("rivermap"))) {
+            mapType = "floodmap";
+        }
+
         Element root = cr.create("river");
         cr.addAttr(root, "name", river);
         mapinfo.appendChild(root);
@@ -107,7 +105,9 @@
         Envelope env = GeometryUtils.getRiverBoundary(river);
         if (env != null) {
             String bounds = GeometryUtils.jtsBoundsToOLBounds(env);
-            logger.debug("River '" + river + "' bounds: " + bounds);
+            if (logger.isDebugEnabled()) {
+                logger.debug("River '" + river + "' bounds: " + bounds);
+            }
 
             Element bbox = cr.create("bbox");
             cr.addAttr(bbox, "value", bounds);
@@ -115,10 +115,10 @@
         }
 
         Map<String, String> vars = new HashMap<String, String>();
+        vars.put("maptype", mapType);
         vars.put("river", river);
 
-        String sridStr = getStringXPath(
-                xpathMaptypeSwitch(mapType, XPATH_RIVER_PROJECTION), vars);
+        String sridStr = getStringXPath(XPATH_RIVER_PROJECTION, vars);
 
         if (sridStr != null && sridStr.length() > 0) {
             Element srid = cr.create("srid");
@@ -126,23 +126,27 @@
             root.appendChild(srid);
         }
 
-        logger.debug("processXML: " + XMLUtils.toString(root));
+        if (logger.isDebugEnabled()) {
+            logger.debug("processXML: " + XMLUtils.toString(root));
+        }
+
         root.appendChild(
-                createWMSElement("background-wms",
-                        xpathMaptypeSwitch(mapType, XPATH_RIVER_BACKGROUND), vars, cr));
+            createWMSElement("background-wms",
+                XPATH_RIVER_BACKGROUND, vars, cr));
+
         root.appendChild(
-                createWMSElement("river-wms",
-                        xpathMaptypeSwitch(mapType, XPATH_RIVER_WMS), vars, cr));
+            createWMSElement("river-wms",
+                XPATH_RIVER_WMS, vars, cr));
 
         return result;
     }
 
 
     protected Element createWMSElement(
-            String elementName,
-            String xpath,
-            Map<String, String> vars,
-            ElementCreator cr)
+        String elementName,
+        String xpath,
+        Map<String, String> vars,
+        ElementCreator cr)
     {
         logger.debug("createWMSElement()");
 
@@ -163,12 +167,12 @@
     }
 
 
-    protected String extractRiver(Document data) {
+    private static String extractRiver(Document data) {
         return XMLUtils.xpathString(
             data, XPATH_RIVER, ArtifactNamespaceContext.INSTANCE);
     }
 
-    protected String extractMaptype(Document data) {
+    private static String extractMaptype(Document data) {
         return XMLUtils.xpathString(
             data, XPATH_MAPTYPE, ArtifactNamespaceContext.INSTANCE);
     }

More information about the Dive4elements-commits mailing list