Project

Profile

Help

Bug #5938

closed

Trying to compile XSLT from file after setting set_configuration_property('http://saxon.sf.net/feature/allowedProtocols', 'http,https') gives java.lang.NullPointerException

Added by Martin Honnen about 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Category:
Saxon-C Internals
Start date:
2023-03-24
Due date:
% Done:

100%

Estimated time:
Found in version:
12.1
Fixed in version:
12.2
Platforms:

Description

I am used to set the processor to only allow http and https as the allowed protocols if I tend to deploy Saxon with Java or .NET or Python to a server, the intent (which worked fine for me so far) is to disallow user code in XSLT/XPath/XQuery to access the file system with e.g. the doc, collection, unparsed-text, json-doc functions.

However, with SaxonC HE 12.1, that approach now gives me a NullPointerException when simply trying to compile some XSLT (from file):

from saxonche import *

with PySaxonProcessor(license=False) as proc:
    print(proc.version)

    proc.set_configuration_property('http://saxon.sf.net/feature/allowedProtocols', 'http,https')

    xslt30_processor = proc.new_xslt30_processor()

    xslt30_executable = xslt30_processor.compile_stylesheet(stylesheet_file='pipeline-for-svrl.xsl.SaxonEE12CompiledForHE.sef')

Output:

SaxonC-HE 12.1 from Saxonica
Traceback (most recent call last):
  File "C:\Users\marti\PycharmProjects\SaxonHEC12ProtocolRestrictionTest1\XSLTCompilationTest1.py", line 10, in <module>
    xslt30_executable = xslt30_processor.compile_stylesheet(stylesheet_file='pipeline-for-svrl.xsl.SaxonEE12CompiledForHE.sef')
  File "python_saxon\saxonc.pyx", line 1150, in saxonche.PyXslt30Processor.compile_stylesheet
RuntimeError: NullPointer exception found: java.lang.NullPointerException
	at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$2(ProtocolRestrictor.java:55)
	at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$3(ProtocolRestrictor.java:60)
	at net.sf.saxon.lib.ProtocolRestrictor.test(ProtocolRestrictor.java:70)
	at net.sf.saxon.lib.DirectResourceResolver.resolve(DirectResourceResolver.java:58)
	at net.sf.saxon.lib.ResourceRequest.resolve(ResourceRequest.java:130)
	at net.sf.saxon.option.cpp.SaxonCAPI.resolveFileToSource(SaxonCAPI.java:1186)
	at net.sf.saxon.option.cpp.Xslt30Processor.compileFromFile(Xslt30Processor.java:318)
. Line number: -1

I guess the NullPointerException is a bug in any case, I don't know whether subjecting the XSLT compilation to protocol restrictions is intended, I don't think this happened in 12.0.

For it's worth, I tried some similar Java code with Saxon HE 12.1

        Processor processor = new Processor(false);

        processor.setConfigurationProperty(Feature.ALLOWED_PROTOCOLS, "http,https");

        XsltCompiler xsltCompiler = processor.newXsltCompiler();

        XsltExecutable xsltExecutable = xsltCompiler.compile(new File("pipeline-for-svrl.xsl.SaxonEE12CompiledForHE.sef"));

and there I don't get any error or protocol exceptions.


Files

saxon-compile-xslt-with-prot-restr1.py (369 Bytes) saxon-compile-xslt-with-prot-restr1.py Martin Honnen, 2023-03-24 11:10
identity1.xsl (263 Bytes) identity1.xsl Martin Honnen, 2023-03-24 11:10
Actions #1

Updated by Martin Honnen about 1 year ago

Event if I set e.g. proc.set_configuration_property('http://saxon.sf.net/feature/allowedProtocols', 'file,http,https') I get the NullPointerException.

Actions #2

Updated by O'Neil Delpratt about 1 year ago

Do you have a repo that you can add to this issue please or send via email?

Actions #3

Updated by Martin Honnen about 1 year ago

The relevant Python code is in the issue already, while it shows a particular XSLT I don't think that matters, so any XSLT will trigger the null pointer exception; I will attach two files that give the exception.

SaxonC-HE 12.1 from Saxonica
Traceback (most recent call last):
  File "/home/mh/saxon-compile-xslt-with-prot-restr1.py", line 10, in <module>
    xslt30_executable = xslt30_processor.compile_stylesheet(stylesheet_file='identity1.xsl')
  File "python_saxon/saxonc.pyx", line 1150, in saxonche.PyXslt30Processor.compile_stylesheet
saxonche.PySaxonApiError: NullPointer exception found: java.lang.NullPointerException
        at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$2(ProtocolRestrictor.java:55)
        at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$3(ProtocolRestrictor.java:60)
        at net.sf.saxon.lib.ProtocolRestrictor.test(ProtocolRestrictor.java:70)
        at net.sf.saxon.lib.DirectResourceResolver.resolve(DirectResourceResolver.java:58)
        at net.sf.saxon.lib.ResourceRequest.resolve(ResourceRequest.java:130)
        at net.sf.saxon.option.cpp.SaxonCAPI.resolveFileToSource(SaxonCAPI.java:1186)
        at net.sf.saxon.option.cpp.Xslt30Processor.compileFromFile(Xslt30Processor.java:318)
. Line number: -1
Actions #4

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Thanks. I have managed to reproduce it and patched a fix in the SaxonCAPI class.

Running the python script again gives the following error:

saxoncee.PySaxonApiError: URIs using protocol file are not permitted. Line number: -1
Actions #5

Updated by Martin Honnen about 1 year ago

O'Neil Delpratt wrote in #note-4:

Thanks. I have managed to reproduce it and patched a fix in the SaxonCAPI class.

Running the python script again gives the following error:

saxoncee.PySaxonApiError: URIs using protocol file are not permitted. Line number: -1

Is that the intended behaviour with SaxonC 12 and the Python API and the setting processor.setConfigurationProperty(Feature.ALLOWED_PROTOCOLS, "http,https");?

For Java https://www.saxonica.com/html/documentation12/javadoc/net/sf/saxon/lib/Feature.html#ALLOWED_PROTOCOLS I am used to have the setting (http,https) block XSLT file access from XSLT code for e.g. xsl:import or xsl:include or doc, unparsed-text, collection, uri-collection, json-doc but certainly not for my Java code trying to compile an XSLT stylesheet with the Java API.

Actions #6

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from Resolved to In Progress

Due to how we resolve files before compiling them this rule is being applied. This is an interesting problem that I will have to investigate further and decide what the best thing is to do.

Actions #7

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from In Progress to Resolved

I have added a further fix to do what Java does. I have put back in the fallback mechanism which creates a Source object from a File.

Actions #8

Updated by Martin Honnen about 1 year ago

Even with current, intermediate 12.2 Windows build I continue to get a NullPointerException:

SaxonC-HE 12.2 from Saxonica
Traceback (most recent call last):
  File "C:\Users\marti\PycharmProjects\SaxonCHE122ProtResCompileXslTest\compile-with-prot-restr1.py", line 10, in <module>
    xslt30_executable = xslt30_processor.compile_stylesheet(stylesheet_file='identity1.xsl')
  File "python_saxon\saxonc.pyx", line 1157, in saxonche.PyXslt30Processor.compile_stylesheet
    if isinstance(value, str):
saxonche.PySaxonApiError: NullPointer exception found: java.lang.NullPointerException
	at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$2(ProtocolRestrictor.java:55)
	at net.sf.saxon.lib.ProtocolRestrictor.lambda$new$3(ProtocolRestrictor.java:60)
	at net.sf.saxon.lib.ProtocolRestrictor.test(ProtocolRestrictor.java:70)
	at net.sf.saxon.lib.DirectResourceResolver.resolve(DirectResourceResolver.java:58)
	at net.sf.saxon.lib.ResourceRequest.resolve(ResourceRequest.java:130)
	at net.sf.saxon.option.cpp.SaxonCAPI.resolveFileToSource(SaxonCAPI.java:1211)
	at net.sf.saxon.option.cpp.Xslt30Processor.compileFromFile(Xslt30Processor.java:318)
. Line number: -1

Process finished with exit code 1
Actions #9

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from Resolved to In Progress
Actions #10

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from In Progress to Resolved

I have added a patch in the SaxonCAPI.java file to use the fallback mechanism. Similar to comment #7 but to also catch the NullPointerException.

Actions #11

Updated by O'Neil Delpratt about 1 year ago

  • Status changed from Resolved to Closed
  • Fixed in version set to 12.2

Bug fix applied in the SaxonC 12.2 maintenance release.

Please register to edit this issue

Also available in: Atom PDF