JAXP0801002 - FEATURE_SECURE_PROCESSING

Question

JAXP0801002 - FEATURE_SECURE_PROCESSING

atehrani opened this issue 2 years ago · 2 comments

This tool had worked in the past, but seems it may have broken with a new version of the JDK (perhaps some XML security settings have been enabled)

Running on Java version

openjdk version "1.8.0_332"
OpenJDK Runtime Environment Corretto-8.332.08.1 (build 1.8.0_332-b08)
OpenJDK 64-Bit Server VM Corretto-8.332.08.1 (build 25.332-b08, mixed mode)

I am getting the following error

[ERROR] c.p.s.p.e.LoggingPSErrorHandler - EXT_descriptive.sch - PSAssertReport - Failed to compile XPath expression in <assert>: '(./@id = //bpmn:task/@id or ./@id = //bpmn:sendTask/@id or ./@id = //bpmn:receiveTask/@id or ./@id = //bpmn:serviceTask/@id or ./@id = //bpmn:userTask/@id or ./@id = //bpmn:manualTask/@id or ./@id = //bpmn:scriptTask/@id or ./@id = //bpmn:businessRuleTask/@id or ./@id = //bpmn:subProcess/@id or ./@id = //bpmn:transaction/@id or ./@id = //bpmn:adHocSubProcess/@id or ./@id = //bpmn:callActivity/@id or ./@id = //bpmn:startEvent/@id or ./@id = //bpmn:boundaryEvent/@id or ./@id = //bpmn:intermediateCatchEvent/@id or ./@id = //bpmn:intermediateThrowEvent/@id or ./@id = //bpmn:endEvent/@id or ./@id = //bpmn:exclusiveGateway/@id or ./@id = //bpmn:parallelGateway/@id or ./@id = //bpmn:inclusiveGateway/@id or ./@id = //bpmn:complexGateway/@id or ./@id = //bpmn:eventBasedGateway/@id) and not(./@id = //bpmn:subProcess[@triggeredByEvent = 'true']/@id)' com.phloc.schematron.pure.binding.xpath.PSXPathVariables@5e57643e
javax.xml.xpath.XPathExpressionException: javax.xml.transform.TransformerException: JAXP0801002: the compiler encountered an XPath expression containing '101' operators that exceeds the '100' limit set by 'FEATURE_SECURE_PROCESSING'.
	at com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(XPathImpl.java:402)
	at com.phloc.schematron.pure.bound.xpath.PSXPathBoundSchema._createBoundPatterns(PSXPathBoundSchema.java:237)
	at com.phloc.schematron.pure.bound.xpath.PSXPathBoundSchema.<init>(PSXPathBoundSchema.java:353)
	at com.phloc.schematron.pure.binding.xpath.PSXPathQueryBinding.bind(PSXPathQueryBinding.java:139)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCacheKey.createBoundSchema(PSBoundSchemaCacheKey.java:198)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCache.getValueToCache(PSBoundSchemaCache.java:74)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCache.getValueToCache(PSBoundSchemaCache.java:37)
	at com.phloc.commons.cache.AbstractNotifyingCache.getFromCache(AbstractNotifyingCache.java:79)
	at com.phloc.schematron.pure.SchematronResourcePure.getBoundSchema(SchematronResourcePure.java:82)
	at com.phloc.schematron.pure.SchematronResourcePure.isValidSchematron(SchematronResourcePure.java:87)
	at de.uniba.dsg.bpmnspector.schematron.SchematronBPMNValidator.loadAndValidateSchematronFiles(SchematronBPMNValidator.java:135)
	at de.uniba.dsg.bpmnspector.schematron.SchematronBPMNValidator.validate(SchematronBPMNValidator.java:93)
	at de.uniba.dsg.bpmnspector.BPMNspector.inspectFile(BPMNspector.java:61)
	at de.uniba.dsg.bpmnspector.BPMNspectorMain.main(BPMNspectorMain.java:53)
Caused by: javax.xml.transform.TransformerException: JAXP0801002: the compiler encountered an XPath expression containing '101' operators that exceeds the '100' limit set by 'FEATURE_SECURE_PROCESSING'.
	at com.sun.org.apache.xpath.internal.compiler.Lexer.tokenize(Lexer.java:408)
	at com.sun.org.apache.xpath.internal.compiler.Lexer.tokenize(Lexer.java:129)
	at com.sun.org.apache.xpath.internal.compiler.XPathParser.initXPath(XPathParser.java:124)
	at com.sun.org.apache.xpath.internal.XPath.<init>(XPath.java:207)
	at com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(XPathImpl.java:394)
	... 13 common frames omitted
Exception in thread "main" java.lang.RuntimeException: com.phloc.schematron.pure.binding.SchematronBindException: Failed to precompile the supplied schema. Check the log for XPath errors!
	at com.phloc.schematron.pure.bound.PSBoundSchemaCache.getValueToCache(PSBoundSchemaCache.java:79)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCache.getValueToCache(PSBoundSchemaCache.java:37)
	at com.phloc.commons.cache.AbstractNotifyingCache.getFromCache(AbstractNotifyingCache.java:79)
	at com.phloc.schematron.pure.SchematronResourcePure.getBoundSchema(SchematronResourcePure.java:82)
	at com.phloc.schematron.pure.SchematronResourcePure.isValidSchematron(SchematronResourcePure.java:87)
	at de.uniba.dsg.bpmnspector.schematron.SchematronBPMNValidator.loadAndValidateSchematronFiles(SchematronBPMNValidator.java:135)
	at de.uniba.dsg.bpmnspector.schematron.SchematronBPMNValidator.validate(SchematronBPMNValidator.java:93)
	at de.uniba.dsg.bpmnspector.BPMNspector.inspectFile(BPMNspector.java:61)
	at de.uniba.dsg.bpmnspector.BPMNspectorMain.main(BPMNspectorMain.java:53)
Caused by: com.phloc.schematron.pure.binding.SchematronBindException: Failed to precompile the supplied schema. Check the log for XPath errors!
	at com.phloc.schematron.pure.bound.xpath.PSXPathBoundSchema.<init>(PSXPathBoundSchema.java:355)
	at com.phloc.schematron.pure.binding.xpath.PSXPathQueryBinding.bind(PSXPathQueryBinding.java:139)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCacheKey.createBoundSchema(PSBoundSchemaCacheKey.java:198)
	at com.phloc.schematron.pure.bound.PSBoundSchemaCache.getValueToCache(PSBoundSchemaCache.java:74)
	... 8 more

Answer 1 · 2022-04-21T18:33:24.000Z

I was able to workaround this by passing in the following arbitrary values for the following properties

-Djdk.xml.xpathExprGrpLimit=100 -Djdk.xml.xpathExprOpLimit=2000

I had to look at the source code for reference (couldn't find much in documentation)
https://github.com/openjdk/jdk/blob/master/src/java.xml/share/classes/jdk/xml/internal/JdkConstants.java

Answer 2 · 2022-04-21T18:41:22.000Z

Found documentation that seems to be the root cause of the breaking change
https://www.oracle.com/java/technologies/javase/8u331-relnotes.html