Merge pull request #369 from diffplug/eclipse-wtp-prevent-external-uri

WTP - Ignore external URIs by default

Author: nedtwigg

Diff for: _ext/eclipse-wtp/CHANGES.md

@@ -1,6 +1,8 @@
 # spotless-eclipse-wtp
 
-### Versioni 3.10.0 - TBD
+### Version 3.9.8 - TBD
+
+* XML formatter ignores external URIs per default. ([#369](https://github.com/diffplug/spotless/issues/369)). Add `resolveExternalURI=true` property to switch to previous behavior.
 
 ### Version 3.9.7 - February 25th 2018 ([artifact]([jcenter](https://bintray.com/diffplug/opensource/spotless-eclipse-wtp)))
 

Diff for: _ext/eclipse-wtp/build.gradle

@@ -74,6 +74,12 @@ dependencies {
 	compile "org.eclipse.xsd:org.eclipse.xsd:${VER_ECLISPE_XSD}"
 }
 
+jar {
+	manifest {
+		from 'src/main/resources/META-INF/MANIFEST.MF'
+	}
+}
+
 //////////
 // Test //
 //////////

Diff for: _ext/eclipse-wtp/gradle.properties

@@ -1,7 +1,7 @@
 # Versions correspond to the Eclipse-WTP version used for the fat-JAR.
 # See https://www.eclipse.org/webtools/ for further information about Eclipse-WTP versions.
 # Patch version can be incremented independently for backward compatible patches of this library. 
-ext_version=3.9.7
+ext_version=3.9.8
 ext_artifactId=spotless-eclipse-wtp
 ext_description=Eclipse's WTP formatters bundled for Spotless
 

Diff for: _ext/eclipse-wtp/src/main/java/com/diffplug/spotless/extra/eclipse/wtp/EclipseHtmlFormatterStepImpl.java

@@ -67,6 +67,8 @@ public EclipseHtmlFormatterStepImpl(Properties properties) throws Exception {
 			additionalPlugins.add(new org.eclipse.core.internal.filesystem.Activator());
 			additionalPlugins.add(new JavaScriptCore());
 			additionalPlugins.add(new HTMLCorePlugin());
+			//The HTML formatter only uses the DOCTYPE/SCHEMA for content model selection.
+			additionalPlugins.add(new PreventExternalURIResolverExtension());
 		});
 		/*
 		 * The cleanup processor tries to load DTDs into the cache (which we have not setup).

Diff for: _ext/eclipse-wtp/src/main/java/com/diffplug/spotless/extra/eclipse/wtp/EclipseXmlFormatterStepImpl.java

@@ -58,14 +58,14 @@ public class EclipseXmlFormatterStepImpl {
 	private final INodeAdapterFactory xmlAdapterFactory;
 
 	public EclipseXmlFormatterStepImpl(Properties properties) throws Exception {
-		setupFramework();
+		setupFramework(SpotlessPreferences.doResolveExternalURI(properties));
 		preferences = PREFERENCE_FACTORY.create(properties);
 		formatter = new DefaultXMLPartitionFormatter();
 		//The adapter factory maintains the common CMDocumentCache
 		xmlAdapterFactory = new ModelQueryAdapterFactoryForXML();
 	}
 
-	private static void setupFramework() throws BundleException {
+	private static void setupFramework(boolean resolveExternalURI) throws BundleException {
 		if (SpotlessEclipseFramework.setup(
 				plugins -> {
 					plugins.applyDefault();
@@ -77,6 +77,9 @@ private static void setupFramework() throws BundleException {
 					plugins.add(new DTDCorePlugin());
 					//Support formatting based on XSD restrictions
 					plugins.add(new XSDCorePlugin());
+					if (!resolveExternalURI) {
+						plugins.add(new PreventExternalURIResolverExtension());
+					}
 				})) {
 			PREFERENCE_FACTORY = new XmlFormattingPreferencesFactory();
 			//Register required EMF factories
@@ -104,7 +107,6 @@ public String format(String raw, String baseLocation) throws Exception {
 	}
 
 	private static class XmlFormattingPreferencesFactory {
-
 		private final static Set<String> SUPPORTED_XML_FORMAT_PREFS = new HashSet<String>(Arrays.asList(
 				FORMAT_COMMENT_TEXT,
 				FORMAT_COMMENT_JOIN_LINES,

Diff for: _ext/eclipse-wtp/src/main/java/com/diffplug/spotless/extra/eclipse/wtp/PreventExternalURIResolverExtension.java

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2016 DiffPlug
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.diffplug.spotless.extra.eclipse.wtp;
+
+import org.eclipse.core.resources.IFile;
+import org.eclipse.emf.common.util.URI;
+import org.eclipse.wst.common.uriresolver.internal.provisional.URIResolverExtension;
+import org.osgi.framework.BundleActivator;
+import org.osgi.framework.BundleContext;
+
+/**
+ * The URI resolver extension
+ */
+public class PreventExternalURIResolverExtension implements URIResolverExtension, BundleActivator {
+
+	private static final String REFUSE_EXTERNAL_URI = "file://refused.external.uri";
+
+	/**
+	 * @param file the in-workspace base resource, if one exists
+	 * @param baseLocation - the location of the resource that contains the uri
+	 * @param publicId - an optional public identifier (i.e. namespace name), or null if none
+	 * @param systemId - an absolute or relative URI, or null if none
+	 *
+	 * @return an absolute URI or null if this extension can not resolve this reference
+	 */
+	@Override
+	public String resolve(IFile file, String baseLocation, String publicId, String systemId) {
+		if (null != systemId) {
+			try {
+				URI proposalByPreviousResolver = org.eclipse.emf.common.util.URI.createURI(systemId);
+				String host = proposalByPreviousResolver.host();
+				/*
+				 * The host is empty (not null)
+				 */
+				if (!(null == host || host.isEmpty())) {
+					return REFUSE_EXTERNAL_URI;
+				}
+			} catch (IllegalArgumentException ignore) {
+				//If it is no a valid URI, there is nothing to do here.
+			}
+		}
+		return null; //Don't alter the proposal of previous resolver extensions by proposing something else
+	}
+
+	@Override
+	public void start(BundleContext context) throws Exception {
+		//Nothing to do. The bundle-activator interface only allows to load this extension as a stand-alone plugin.
+	}
+
+	@Override
+	public void stop(BundleContext context) throws Exception {
+		//Nothing to do. The bundle-activator interface only allows to load this extension as a stand-alone plugin.
+	}
+
+}

Diff for: _ext/eclipse-wtp/src/main/java/com/diffplug/spotless/extra/eclipse/wtp/sse/SpotlessPreferences.java

@@ -41,6 +41,16 @@ public class SpotlessPreferences {
 	 */
 	public static final String USER_CATALOG = "userCatalog";
 
+	/**
+	 * Indicates if external URIs (location hints) should be resolved
+	 * and the referenced DTD/XSD shall be applied. Per default
+	 * external URIs are ignored.
+	 * <p>
+	 * Value is of type <code>Boolean</code>.
+	 * </p>
+	 */
+	public static final String RESOLVE_EXTERNAL_URI = "resolveExternalURI";
+
 	/** Configures the Eclipse properties for a Plugin and returns its previous values. */
 	public static Properties configurePluginPreferences(Plugin plugin, Properties newValues) {
 		IEclipsePreferences globalPreferences = DefaultScope.INSTANCE.getNode(plugin.getBundle().getSymbolicName());
@@ -55,6 +65,19 @@ public static Properties configurePluginPreferences(Plugin plugin, Properties ne
 		return oldValues;
 	}
 
+	public static boolean doResolveExternalURI(Properties properties) {
+		Object obj = properties.get(RESOLVE_EXTERNAL_URI);
+		if (null != obj) {
+			if (obj instanceof Boolean) {
+				return (Boolean) obj;
+			}
+			if (obj instanceof String) {
+				return ((String) obj).equalsIgnoreCase("true");
+			}
+		}
+		return false;
+	}
+
 	public static void configureCatalog(final Properties config) {
 		Optional<File> catalog = getCatalogConfig(config);
 		Catalog defaultCatalog = getDefaultCatalog();

Diff for: _ext/eclipse-wtp/src/main/resources/META-INF/MANIFEST.MF

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Bundle-ManifestVersion: 2
+Bundle-SymbolicName: com.diffplug.gradle.spotless.eclipse.wtp; singleton:=true

Diff for: _ext/eclipse-wtp/src/main/resources/plugin.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<?eclipse version="3.0"?>
+<plugin>
+  <!-- Prevents resolution of external URIs by redirecting them to invalid external URI. -->
+  <!-- The low priority assures that the org.eclipse.wst.common.uriresolver.internal.ExtensibleURIResolver -->
+  <!-- ask this resolver extension at the end and let it override all previous results. Hence the term -->
+  <!-- "low priority' might be missleading. In fact the result of this extension overrules all other -->
+  <!-- physical resolvers with higher priority. -->
+  <extension point="org.eclipse.wst.common.uriresolver.resolverExtensions">
+    <resolverExtension stage="physical" priority="low" class="com.diffplug.spotless.extra.eclipse.wtp.PreventExternalURIResolverExtension">
+    </resolverExtension>
+  </extension>
+</plugin>

Diff for: _ext/eclipse-wtp/src/test/java/com/diffplug/spotless/extra/eclipse/wtp/EclipseXmlFormatterStepImplAllowExternalURIsTest.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2016 DiffPlug
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.diffplug.spotless.extra.eclipse.wtp;
+
+import static org.junit.Assert.*;
+
+import java.util.Properties;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import com.diffplug.spotless.extra.eclipse.wtp.sse.SpotlessPreferences;
+
+/** Test configuration allowExternalURI=false */
+public class EclipseXmlFormatterStepImplAllowExternalURIsTest {
+	private static TestData TEST_DATA = null;
+
+	@BeforeClass
+	public static void initializeStatic() throws Exception {
+		TEST_DATA = TestData.getTestDataOnFileSystem("xml");
+	}
+
+	@Test
+	public void dtdExternalPath() throws Throwable {
+		String output = format(TEST_DATA.input("dtd_external.test"));
+		assertEquals("External DTD not resolved. Restrictions are not applied by formatter.",
+				TEST_DATA.expected("dtd_external.test"), output);
+	}
+
+	@Test
+	public void xsdExternalPath() throws Throwable {
+		String output = format(TEST_DATA.input("xsd_external.test"));
+		assertEquals("External XSD not resolved. Restrictions are not applied by formatter.",
+				TEST_DATA.expected("xsd_external.test"), output);
+	}
+
+	private static String format(final String[] input) throws Exception {
+		return format(input[0], input[1]);
+	}
+
+	private static String format(final String input, final String location) throws Exception {
+		Properties properties = new Properties();
+		properties.put(SpotlessPreferences.RESOLVE_EXTERNAL_URI, "TRUE");
+		EclipseXmlFormatterStepImpl formatter = new EclipseXmlFormatterStepImpl(properties);
+		return formatter.format(input, location);
+	}
+}

Diff for: _ext/eclipse-wtp/src/test/java/com/diffplug/spotless/extra/eclipse/wtp/EclipseXmlFormatterStepImplTest.java

@@ -100,13 +100,27 @@ public void dtdRelativePath() throws Throwable {
 				TEST_DATA.expected("dtd_relative.test"), output);
 	}
 
+	@Test
+	public void dtdExternalPath() throws Throwable {
+		String output = format(TEST_DATA.input("dtd_external.test"), config -> {});
+		assertNotEquals("External DTD resolved by default. Restrictions are applied by formatter.",
+				TEST_DATA.expected("dtd_external.test"), output);
+	}
+
 	@Test
 	public void xsdRelativePath() throws Throwable {
 		String output = format(TEST_DATA.input("xsd_relative.test"), config -> {});
 		assertEquals("Relative XSD not resolved. Restrictions are not applied by formatter.",
 				TEST_DATA.expected("xsd_relative.test"), output);
 	}
 
+	@Test
+	public void xsdExternalPath() throws Throwable {
+		String output = format(TEST_DATA.input("xsd_external.test"), config -> {});
+		assertNotEquals("External XSD resolved per default. Restrictions are applied by formatter.",
+				TEST_DATA.expected("xsd_external.test"), output);
+	}
+
 	@Test
 	public void xsdNotFound() throws Throwable {
 		String output = format(TEST_DATA.input("xsd_not_found.test"), config -> {});

Diff for: _ext/eclipse-wtp/src/test/resources/xml/expected/dtd_external.test

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE r SYSTEM "https://raw.githubusercontent.com/diffplug/spotless/master/_ext/eclipse-wtp/src/test/resources/xml/restrictions/test.dtd">
+<r>
+	<x>indent
+		this text</x>
+	<y>preserve 
+  spaces</y>
+</r>

Diff for: _ext/eclipse-wtp/src/test/resources/xml/expected/xsd_external.test

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<t:r xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:t="http://foo.bar/test"
+	xsi:schemaLocation="http://foo.bar/test https://raw.githubusercontent.com/diffplug/spotless/master/_ext/eclipse-wtp/src/test/resources/xml/restrictions/test.xsd">
+	<t:x>remove spaces</t:x>
+	<t:y> preserve spaces </t:y>
+</t:r>

Diff for: _ext/eclipse-wtp/src/test/resources/xml/input/dtd_external.test

@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE r SYSTEM "https://raw.githubusercontent.com/diffplug/spotless/master/_ext/eclipse-wtp/src/test/resources/xml/restrictions/test.dtd">
+<r>
+	<x>indent
+  this text</x>
+	<y>preserve 
+  spaces</y>
+</r>

Diff for: _ext/eclipse-wtp/src/test/resources/xml/input/xsd_external.test

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<t:r xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:t="http://foo.bar/test" xsi:schemaLocation="http://foo.bar/test https://raw.githubusercontent.com/diffplug/spotless/master/_ext/eclipse-wtp/src/test/resources/xml/restrictions/test.xsd">
+<t:x> remove spaces </t:x><t:y> preserve spaces </t:y>
+</t:r>

Diff for: plugin-gradle/README.md

@@ -495,18 +495,26 @@ The WTP formatter accept multiple configuration files. All Eclipse configuration
 
 | Type | Configuration       | File location
 | ---- | ------------------- | -------------
-| CSS  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
-|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
-| HTML | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.html.core.prefs
-|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.html.core.prefs
-|      | embedded CSS        | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
+| CSS  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
+|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
+| HTML | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.html.core.prefs
+|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.html.core.prefs
+|      | embedded CSS        | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
 |      | embedded JS         | Use the export in the Eclipse editor configuration dialog
 | JS   | editor preferences  | Use the export in the Eclipse editor configuration dialog
 | JSON | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.json.core.prefs
-| XML  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.xml.core.prefs
+| XML  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.xml.core.prefs
 
 Note that `HTML` should be used for `X-HTML` sources instead of `XML`.
 
+The Eclipse XML catalog cannot be configured for the Spotless WTP formatter, instead a
+user defined catalog file can be specified using the property `userCatalog`. Catalog versions
+1.0 and 1.1 are supported by Spotless.
+
+Unlike Eclipse, Spotless WTP ignores per default external URIs in schema location hints and
+external entities. To allow the access of external URIs, set the property `resolveExternalURI`
+to true.
+
 <a name="license-header"></a>
 
 ## License header options

Diff for: plugin-maven/README.md

@@ -287,18 +287,26 @@ The WTP formatter accept multiple configuration files. All Eclipse configuration
 
 | Type | Configuration       | File location
 | ---- | ------------------- | -------------
-| CSS  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
-|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
-| HTML | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.html.core.prefs
-|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.html.core.prefs
-|      | embedded CSS        | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.css.core.prefs
+| CSS  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
+|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
+| HTML | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.html.core.prefs
+|      | cleanup preferences | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.html.core.prefs
+|      | embedded CSS        | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.css.core.prefs
 |      | embedded JS         | Use the export in the Eclipse editor configuration dialog
 | JS   | editor preferences  | Use the export in the Eclipse editor configuration dialog
 | JSON | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.json.core.prefs
-| XML  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/org.eclipse.wst.xml.core.prefs
+| XML  | editor preferences  | .metadata/.plugins/org.eclipse.core.runtime/.settings/org.eclipse.wst.xml.core.prefs
 
 Note that `HTML` should be used for `X-HTML` sources instead of `XML`.
 
+The Eclipse XML catalog cannot be configured for the Spotless WTP formatter, instead a
+user defined catalog file can be specified using the property `userCatalog`. Catalog versions
+1.0 and 1.1 are supported by Spotless.
+
+Unlike Eclipse, Spotless WTP ignores per default external URIs in schema location hints and
+external entities. To allow the access of external URIs, set the property `resolveExternalURI`
+to true.
+
 <a name="invisible"></a>
 
 ## Line endings and encodings (invisible stuff)