Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ParserConfigurationException when using XpathUtils #3336

Closed
noropoly opened this issue Jun 23, 2023 · 2 comments
Closed

ParserConfigurationException when using XpathUtils #3336

noropoly opened this issue Jun 23, 2023 · 2 comments
Assignees
@tylerjroach
Labels
bug Something isn't working s3 Issues with the AWS Android SDK for Simple Storage Service (S3).

Comments

@noropoly
Copy link

Describe the bug
ParserConfigurationException when using XpathUtils

To Reproduce

  1. Shift the device time by one hour.
  2. Call AmazonS3Client#getObject().
  3. When parsing the response body, XpathUtils is accessed and an exception is raised.

Which AWS service(s) are affected?
Amazon S3

Expected behavior
Correctly parse the response body and correctly handle "RequestTimeTooSkewed" error.

Screenshots

XpathUtils.java

    private static DocumentBuilderFactory getDocumentBuilderFactory() {
        try {
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
            dbf.setXIncludeAware(false); // Default false for java 8. Disable XML Inclusions leading to SSRF - https://portswigger.net/web-security/xxe/lab-xinclude-attack
            dbf.setExpandEntityReferences(false);
            return dbf;
        }
        catch (ParserConfigurationException exception){
            return null;
        }
    }

PerserConfigurationException

Environment Information (please complete the following information):

  • AWS Android SDK Version: 2.71.0 (v2.59.1 or higher)
  • Device: Simulator
  • Android Version: 12
  • Specific to simulators: No

Additional context
This modification seems to have affected.
@eeatonaws eeatonaws added bug Something isn't working s3 Issues with the AWS Android SDK for Simple Storage Service (S3). labels Jun 26, 2023
@tylerjroach
Copy link
Member

@noropoly Thank you for the report. We have done further testing and confirmed a fix to revert the change.
#3353

@tylerjroach tylerjroach self-assigned this Jul 7, 2023
@eeatonaws
Copy link
Contributor

A fix has been released in AWS SDK for Android 2.72.0. Please let us know if you have any additional questions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tylerjroach tylerjroach

Labels
bug Something isn't working s3 Issues with the AWS Android SDK for Simple Storage Service (S3).
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tylerjroach @eeatonaws @noropoly