Improve security of the DocumentBuilder

[MaximPlusov]

Summary by CodeRabbit

• Bug Fixes
  • Improved XML parsing implementation for PDF form dynamic content validation.
  • Updated XML parsing for dictionary entries validation during PDF processing.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ae480c29-b247-4f02-aa90-719cbe45e0b2

📥 Commits

Reviewing files that changed from the base of the PR and between b5b97d8 and 77b74a8.

📒 Files selected for processing (2)

• validation-model/src/main/java/org/verapdf/gf/model/impl/pd/GFPDAcroForm.java
• validation-model/src/main/java/org/verapdf/gf/model/tools/DictionaryKeysHelper.java

---

📝 Walkthrough

Walkthrough

Two PDF parsing classes migrate from unsafe DocumentBuilder instantiation to SecureXML.newSafeDocumentBuilder(). GFPDAcroForm hardens XFA dynamic-render XML parsing, and DictionaryKeysHelper hardens rich-text entry parsing, both removing explicit error handler configurations and updating imports.

Changes

XML Parser Security Hardening

Layer / File(s)	Summary
XFA XML parsing security hardening validation-model/src/main/java/org/verapdf/gf/model/impl/pd/GFPDAcroForm.java	GFPDAcroForm replaces unsafe DocumentBuilderFactory.newInstance().newDocumentBuilder() with SecureXML.newSafeDocumentBuilder() for extracting dynamicRender values from XFA XML, removes the error handler null configuration, and imports SecureXML.
Rich-text XML parsing security hardening validation-model/src/main/java/org/verapdf/gf/model/tools/DictionaryKeysHelper.java	DictionaryKeysHelper replaces unsafe DocumentBuilderFactory construction with SecureXML.newSafeDocumentBuilder() for parsing rich-text dictionary entries, removes the error handler null-setting and unused factory import, and imports SecureXML.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 XML once wild and prone to attack,
Now wrapped in SecureXML's shield so black,
Two parsing paths hardened with care,
Safe builders replace the old snare.
Security hops forward without a fright!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title 'Improve security of the DocumentBuilder' directly and clearly summarizes the main change—replacing unsafe XML parsing with secure DocumentBuilder construction across two files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch document_builder

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0