Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DetectVMInstallationsJob open network connection #323

Closed
nitind opened this issue Oct 13, 2023 · 4 comments
Closed

DetectVMInstallationsJob open network connection #323

nitind opened this issue Oct 13, 2023 · 4 comments
Assignees
@nitind
Milestone
4.30 M2

Comments

@nitind
Copy link
Contributor

nitind commented Oct 13, 2023

On Eclipse 2023-09 (4.29), Temurin OpenJDK 17.0.4.1, macOS

In spite of the parser settings applied, the DetectVMInstallationsJob attempts to retrieve the DTD, which means opening a network connection to retrieve http://www.apple.com/DTDs/PropertyList-1.0.dtd for no benefit.

Thread [Worker-18: Look up for installed JVMs] (Suspended (breakpoint at line 1051 in HttpURLConnection))
HttpURLConnection.connect() line: 1051
HttpURLConnection.getInputStream0() line: 1665
HttpURLConnection.getInputStream() line: 1589
XMLEntityManager.setupCurrentEntity(boolean, String, XMLInputSource, boolean, boolean) line: 677
XMLEntityManager.startEntity(boolean, String, XMLInputSource, boolean, boolean) line: 1397
XMLEntityManager.startDTDEntity(XMLInputSource) line: 1363
XMLDTDScannerImpl.setInputSource(XMLInputSource) line: 257
XMLDocumentScannerImpl$DTDDriver.dispatch(boolean) line: 1152
XMLDocumentScannerImpl$DTDDriver.next() line: 1040
XMLDocumentScannerImpl$PrologDriver.next() line: 943
XMLDocumentScannerImpl.next() line: 605
XMLDocumentScannerImpl(XMLDocumentFragmentScannerImpl).scanDocument(boolean) line: 542
XIncludeAwareParserConfiguration(XML11Configuration).parse(boolean) line: 889
XIncludeAwareParserConfiguration(XML11Configuration).parse(XMLInputSource) line: 825
DOMParser(XMLParser).parse(XMLInputSource) line: 141
DOMParser.parse(InputSource) line: 247
DocumentBuilderImpl.parse(InputSource) line: 342
PListParser.parseXML(InputStream) line: 104
PListParser.parse(InputStream) line: 67
MacInstalledJREs.parseJREInfo(InputStream, IProgressMonitor) line: 160
MacInstalledJREs.parseJREInfo(IProcess, IProgressMonitor) line: 143
MacInstalledJREs.getInstalledJREs(IProgressMonitor) line: 113
DetectVMInstallationsJob.run(IProgressMonitor) line: 67
Worker.run() line: 63
@nitind nitind mentioned this issue Oct 13, 2023
Merged
@iloveeclipse iloveeclipse added this to the 4.30 M2 milestone Oct 14, 2023
@jukzi
Copy link
Contributor

jukzi commented Oct 16, 2023
edited
Loading

Would you please extend the junit test org.eclipse.pde.core.tests.internal.PDEXmlProcessorFactoryTest.testDocumentBuilderIgnoringDoctypeMalcious() / createMalciousXml with testdata that shows the error. If createDocumentBuilderIgnoringDOCTYPE still can be missused other usages might also need a fix.

@jukzi
Copy link
Contributor

jukzi commented Oct 23, 2023

@nitind can you please provide an example xml which opens a network connection?

@jukzi
Copy link
Contributor

jukzi commented Oct 23, 2023

i found an example here: https://developer.apple.com/forums/thread/6846

@nitind
Copy link
Contributor Author

nitind commented Oct 24, 2023
edited
Loading

From an actual system:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<dict>
		<key>JVMArch</key>
		<string>x86_64</string>
		<key>JVMBundleID</key>
		<string>net.java.openjdk.jdk</string>
		<key>JVMEnabled</key>
		<true/>
		<key>JVMHomePath</key>
		<string>/Library/Java/JavaVirtualMachines/temurin-17.jdk/Contents/Home</string>
		<key>JVMName</key>
		<string>OpenJDK 17.0.4.1</string>
		<key>JVMPlatformVersion</key>
		<string>17.0.4.1</string>
		<key>JVMVendor</key>
		<string>Eclipse Adoptium</string>
		<key>JVMVersion</key>
		<string>17.0.4.1</string>
	</dict>
</array>
</plist>

jukzi pushed a commit to jukzi/eclipse.platform.releng.buildtools that referenced this issue Oct 24, 2023
@EcljpseB0T
do not load remote DTD
58acf0f 
see eclipse-jdt/eclipse.jdt.debug#323
@jukzi jukzi mentioned this issue Oct 24, 2023
Merged
jukzi pushed a commit to jukzi/eclipse.platform.releng.buildtools that referenced this issue Oct 24, 2023
@EcljpseB0T
do not load remote DTD
d47a494 
see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to jukzi/eclipse.platform.releng.buildtools that referenced this issue Oct 24, 2023
@EcljpseB0T
do not load remote DTD
217d2a1 
see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to jukzi/eclipse.platform that referenced this issue Oct 24, 2023
@EcljpseB0T
Add XmlProcessorFactoryTest
1027060 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to jukzi/eclipse.platform that referenced this issue Oct 25, 2023
@EcljpseB0T
Add XmlProcessorFactoryTest
ba91a07 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to jukzi/eclipse.platform that referenced this issue Oct 25, 2023
@EcljpseB0T
Add XmlProcessorFactoryTest
270a60e 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to jukzi/eclipse.platform that referenced this issue Oct 25, 2023
@EcljpseB0T @jukzi
Add XmlProcessorFactoryTest
1ec5c07 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
HannesWell pushed a commit to jukzi/eclipse.platform that referenced this issue Oct 27, 2023
@EcljpseB0T @HannesWell
Add XmlProcessorFactoryTest
c4aa439 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
jukzi pushed a commit to eclipse-platform/eclipse.platform that referenced this issue Nov 2, 2023
@EcljpseB0T @jukzi
Add XmlProcessorFactoryTest
d0ec0a8 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
jukzi added a commit to eclipse-platform/eclipse.platform.releng.buildtools that referenced this issue Nov 6, 2023
@jukzi
do not load remote DTD (#45)
fd387ab 
see eclipse-jdt/eclipse.jdt.debug#323
Michael5601 pushed a commit to CodeLtDave/eclipse.platform that referenced this issue Feb 12, 2024
@EcljpseB0T @Michael5601
Add XmlProcessorFactoryTest
b5c614b 
And createDocumentBuilderIgnoringDOCTYPE() does not load remote DTDs.

see eclipse-jdt/eclipse.jdt.debug#323
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nitind nitind

Labels
None yet
Projects
None yet
Milestone
4.30 M2
Development

No branches or pull requests
3 participants
@iloveeclipse @nitind @jukzi