RAT-539: Update xml writer

apache-rat-core/pom.xml

@@ -26,6 +26,10 @@
   <packaging>jar</packaging>
   <name>Apache Creadur RAT::Core</name>
   <description>The core functionality of RAT that is used by all clients.</description>
+  <properties>
+    <!-- RAT-539: XMLChar.java is copied from Xerces codebase and so does no meet our sonar tests -->
+    <sonar.exclusions>src/main/java/org/apache/rat/report/xml/writer/XMLChar.java</sonar.exclusions>
+  </properties>
   <build>
     <resources>
       <resource>

apache-rat-core/src/main/java/org/apache/rat/Reporter.java

@@ -94,10 +94,9 @@ public ClaimStatistic execute() throws RatException  {
                         report.startReport();
                         configuration.getSources().build().run(report);
                         report.endReport();
-
-                        InputStream inputStream = new ByteArrayInputStream(outputStream.toByteArray());
-                        document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputStream);
                     }
+                    InputStream inputStream = new ByteArrayInputStream(outputStream.toByteArray());
+                    document = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputStream);
                 } else {
                     document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                     statistic = new ClaimStatistic();

apache-rat-core/src/main/java/org/apache/rat/report/xml/writer/IXmlWriter.java

@@ -21,6 +21,7 @@
 import java.io.IOException;
 
 import org.apache.rat.report.xml.XmlElements;
+import org.w3c.dom.Document;
 
 /**
  * Simple interface for creating basic XML documents.
@@ -147,4 +148,12 @@ default IXmlWriter openElement(XmlElements.Elements element) throws IOException
      * if called before any call to {@link #openElement(CharSequence)}
      */
     IXmlWriter closeDocument() throws IOException;
+
+    /**
+     * Append an XML document into this one.
+     * @param document the document to append
+     * @return this object
+     * @throws IOException on error.
+     */
+    IXmlWriter append(Document document) throws IOException;
 }

apache-rat-core/src/main/java/org/apache/rat/utils/StandardXmlFactory.java

@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rat.utils;
+
+import java.io.InputStream;
+
+import javax.xml.XMLConstants;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamSource;
+
+/**
+ * Factory to create standard XML objects. The intention of this class is to resolve in a consistent manner the
+ * XXE errors and similar XML IO errors.
+ */
+public final class StandardXmlFactory {
+
+    private StandardXmlFactory() {
+        // do not instantiate.
+    }
+    /**
+     * Create a transformer with no stylesheet.
+     * @return the transformer.
+     * @throws TransformerConfigurationException on error.
+     */
+    public static Transformer create() throws TransformerConfigurationException {
+        return create(null);
+    }
+
+    /**
+     * Create a transformer with the specified stylesheet.
+     * @param styleIn the stylesheet to use.
+     * @return the transformer.
+     * @throws TransformerConfigurationException on error.
+     */
+    public static Transformer create(final InputStream styleIn) throws TransformerConfigurationException {
+        TransformerFactory factory = TransformerFactory.newInstance();
+        factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+        Transformer transformer = styleIn == null ? factory.newTransformer() : factory.newTransformer(new StreamSource(styleIn));
+        transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+        transformer.setOutputProperty(OutputKeys.METHOD, "xml");
+        transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+        transformer.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
+        transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
+        return transformer;
+    }
+}