Javadoc
diff --git a/src/main/java/org/apache/commons/xml/HardeningXMLInputFactory.java b/src/main/java/org/apache/commons/xml/HardeningXMLInputFactory.java index 4b41d48..fe63e35 100644 --- a/src/main/java/org/apache/commons/xml/HardeningXMLInputFactory.java +++ b/src/main/java/org/apache/commons/xml/HardeningXMLInputFactory.java
@@ -82,8 +82,8 @@ public Object getProperty(final String name) { /** * Routes a caller-set resolver for the property {@code name} behind the floor currently installed on that hook. * - * @param name the resolver-valued property being set. - * @param resolver the caller's resolver, or their own {@link Resolvers.FallbackDenyXMLResolver} to take control. + * @param name The resolver-valued property being set. + * @param resolver The caller's resolver, or their own {@link Resolvers.FallbackDenyXMLResolver} to take control. */ private void setResolverProperty(final String name, final XMLResolver resolver) { if (resolver instanceof Resolvers.FallbackDenyXMLResolver) {
diff --git a/src/main/java/org/apache/commons/xml/Limits.java b/src/main/java/org/apache/commons/xml/Limits.java index 4829711..6cdf074 100644 --- a/src/main/java/org/apache/commons/xml/Limits.java +++ b/src/main/java/org/apache/commons/xml/Limits.java
@@ -247,7 +247,7 @@ final class Limits { /** * Sets every JDK-supported limit on a Xerces {@code org.apache.xerces.util.SecurityManager}. * - * @param securityManager an instance of {@code org.apache.xerces.util.SecurityManager}; if {@code null} the call is a no-op. + * @param securityManager An instance of {@code org.apache.xerces.util.SecurityManager}; if {@code null} the call is a no-op. */ static void applyToXerces(final Object securityManager) { if (securityManager == null) {
diff --git a/src/main/java/org/apache/commons/xml/Resolvers.java b/src/main/java/org/apache/commons/xml/Resolvers.java index 082a35a..fc38aae 100644 --- a/src/main/java/org/apache/commons/xml/Resolvers.java +++ b/src/main/java/org/apache/commons/xml/Resolvers.java
@@ -81,7 +81,7 @@ static class FallbackDenyResolver extends DefaultHandler2 { /** * Replaces the caller resolver consulted ahead of the floor; lets a single floor instance back successive {@code setEntityResolver} calls. * - * @param delegate the caller-supplied resolver, or {@code null} for a pure deny-all floor. + * @param delegate The caller-supplied resolver, or {@code null} for a pure deny-all floor. */ final void setDelegate(final EntityResolver delegate) { this.delegate = delegate; @@ -107,10 +107,10 @@ public final InputSource resolveEntity(final String name, final String publicId, * Outcome when neither the caller delegate nor this resolver provides the entity. Denies by default; a subclass may permit specific lookups (e.g. the * external DTD subset) by returning {@code null} or an {@link InputSource} instead of calling {@code super}. * - * @param name the entity name, or {@code null} on the 2-arg resolution path. - * @param publicId the public identifier, or {@code null} if none. - * @param baseURI the base URI for relative resolution, or {@code null}. - * @param systemId the system identifier of the unresolved entity. + * @param name The entity name, or {@code null} on the 2-arg resolution path. + * @param publicId The public identifier, or {@code null} if none. + * @param baseURI The base URI for relative resolution, or {@code null}. + * @param systemId The system identifier of the unresolved entity. * @return An {@link InputSource} to permit the lookup, or {@code null} to skip it silently; the default implementation never returns normally. * @throws SAXException to deny the lookup (the default behavior). * @throws IOException if a subclass opens a stream that fails. @@ -235,10 +235,10 @@ public final Object resolveEntity(final String publicID, final String systemID, * other {@link XMLResolver}-supported value (for example an empty input) instead of calling {@code super}, or {@code throw} * {@link #denied(String, String, String, String)} to deny only some lookups. * - * @param publicID the public identifier, or {@code null} if none. - * @param systemID the system identifier of the unresolved entity. - * @param baseURI the base URI for relative resolution, or {@code null}. - * @param namespace the namespace (or, for Woodstox, the entity name), or {@code null}. + * @param publicID The public identifier, or {@code null} if none. + * @param systemID The system identifier of the unresolved entity. + * @param baseURI The base URI for relative resolution, or {@code null}. + * @param namespace The namespace (or, for Woodstox, the entity name), or {@code null}. * @return The replacement input, or a value the caller's parser accepts; the default implementation never returns normally. * @throws XMLStreamException to deny the lookup (the default behavior). */ @@ -250,10 +250,10 @@ protected Object onUnresolved(final String publicID, final String systemID, fina * Builds the standard "forbidden by hardening" exception for a denied lookup, so a subclass with a mixed policy can reuse the deny outcome for the * lookups it refuses. * - * @param publicID the public identifier, or {@code null} if none. - * @param systemID the system identifier of the unresolved entity. - * @param baseURI the base URI for relative resolution, or {@code null}. - * @param namespace the namespace (or, for Woodstox, the entity name), or {@code null}. + * @param publicID The public identifier, or {@code null} if none. + * @param systemID The system identifier of the unresolved entity. + * @param baseURI The base URI for relative resolution, or {@code null}. + * @param namespace The namespace (or, for Woodstox, the entity name), or {@code null}. * @return The exception to throw. */ protected final XMLStreamException denied(final String publicID, final String systemID, final String baseURI, final String namespace) { @@ -287,8 +287,8 @@ protected Object onUnresolved(final String publicID, final String systemID, fina /** * Resolves {@code systemId} against {@code baseURI}. * - * @param baseURI the absolute base URI to resolve against, or {@code null} if none is available. - * @param systemId the system identifier, possibly relative to {@code baseURI}. + * @param baseURI The absolute base URI to resolve against, or {@code null} if none is available. + * @param systemId The system identifier, possibly relative to {@code baseURI}. * @return The absolutized system identifier, or {@code systemId} unchanged when it cannot or need not be resolved. */ private static String absolutize(final String baseURI, final String systemId) {
diff --git a/src/main/java/org/apache/commons/xml/SAXParserHardener.java b/src/main/java/org/apache/commons/xml/SAXParserHardener.java index 9491d20..499c5ab 100644 --- a/src/main/java/org/apache/commons/xml/SAXParserHardener.java +++ b/src/main/java/org/apache/commons/xml/SAXParserHardener.java
@@ -153,7 +153,7 @@ static SAXParserFactory harden(final SAXParserFactory factory) { /** * Hardens an existing {@link XMLReader}. * - * @param reader the reader to harden; never {@code null}. + * @param reader The reader to harden; never {@code null}. * @return A hardened reader. * @throws IllegalStateException if a required hardening setting cannot be applied to the underlying implementation. */
diff --git a/src/main/java/org/apache/commons/xml/XmlFactories.java b/src/main/java/org/apache/commons/xml/XmlFactories.java index aeb3aeb..8d8a62f 100644 --- a/src/main/java/org/apache/commons/xml/XmlFactories.java +++ b/src/main/java/org/apache/commons/xml/XmlFactories.java
@@ -81,7 +81,7 @@ public final class XmlFactories { * * <p>The reader is namespace-aware.</p> * - * @param source the source to harden; never {@code null}. + * @param source The source to harden; never {@code null}. * @return A hardened source. * @throws TransformerConfigurationException if a hardened reader cannot be obtained. */ @@ -103,7 +103,7 @@ public static Source harden(final Source source) throws TransformerConfiguration /** * Hardens an existing {@link XMLReader}. * - * @param reader the reader to harden; never {@code null}. + * @param reader The reader to harden; never {@code null}. * @return A hardened reader. * @throws IllegalStateException if a required hardening setting cannot be applied to the underlying implementation. */
diff --git a/src/test/java/org/apache/commons/xml/AttackTestSupport.java b/src/test/java/org/apache/commons/xml/AttackTestSupport.java index 6cb93f0..ba51e82 100644 --- a/src/test/java/org/apache/commons/xml/AttackTestSupport.java +++ b/src/test/java/org/apache/commons/xml/AttackTestSupport.java
@@ -211,9 +211,9 @@ static void assertDomParses(final String payload) { * omits {@link #LEAKED_MARKER}. A throw whose type does not match {@code expected} fails the test, so unrelated failures (for example, a {@link HardeningException} * because no recipe matched the JAXP implementation) cannot be silently accepted as a clean block.</p> * - * @param action the parse to execute, returning the captured output text checked for {@link #LEAKED_MARKER}. + * @param action The parse to execute, returning the captured output text checked for {@link #LEAKED_MARKER}. * @param description short label naming the JAXP surface under test. - * @param expected the exception types any of which the hardening layer may surface as a clean rejection. + * @param expected The exception types any of which the hardening layer may surface as a clean rejection. */ @SafeVarargs private static void assertNoLeakOrThrows(final ThrowingSupplier<String> action, final String description, final Class<? extends Throwable>... expected) { @@ -237,7 +237,7 @@ private static void assertNoLeakOrThrows(final ThrowingSupplier<String> action, * hardening contract guarantees "parses successfully without resolving the external resource"; use {@link #assertNoLeakOrThrows} when the contract is * "either blocks at parse or completes without leaked content".</p> * - * @param action the parse to execute, returning the captured output text checked for {@link #LEAKED_MARKER}. + * @param action The parse to execute, returning the captured output text checked for {@link #LEAKED_MARKER}. * @param description short label naming the JAXP surface under test. */ private static void assertNoLeakStrict(final ThrowingSupplier<String> action, final String description) { @@ -249,9 +249,9 @@ private static void assertNoLeakStrict(final ThrowingSupplier<String> action, fi /** * Asserts the supplied parsing action throws an exception of the {@code expected} type. * - * @param action the parse to execute. + * @param action The parse to execute. * @param description short label naming the JAXP surface under test. - * @param expected the exception type the hardening layer is expected to surface. + * @param expected The exception type the hardening layer is expected to surface. */ static void assertParseFails(final Executable action, final String description, final Class<? extends Throwable> expected) { assertThrows(expected, action, blockedDescription(description)); @@ -260,9 +260,9 @@ static void assertParseFails(final Executable action, final String description, /** * Asserts the supplied parsing action throws an exception that matches one of the {@code expected} types. * - * @param action the parse to execute. + * @param action The parse to execute. * @param description short label naming the JAXP surface under test. - * @param expected the exception types any of which the hardening layer may surface. + * @param expected The exception types any of which the hardening layer may surface. */ @SafeVarargs static void assertParseFails(final Executable action, final String description, final Class<? extends Throwable>... expected) { @@ -279,7 +279,7 @@ static void assertParseFails(final Executable action, final String description, * {@code assert*Validates(...)} helper (and their permissive {@code assertPermissive*} counterparts); exposed for tests that compose a non-standard * call.</p> * - * @param action the parse to execute. + * @param action The parse to execute. * @param description short label included in the failure message. */ static void assertParseSucceeds(final Executable action, final String description) {