Fixing classification of APIs and making XMLInputFactory safer

Author: shorea

codegen/src/main/java/software/amazon/awssdk/codegen/poet/client/AsyncClientClass.java

@@ -39,7 +39,7 @@
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.awscore.client.handler.AwsAsyncClientHandler;
 import software.amazon.awssdk.awscore.eventstream.EventStreamTaggedUnionJsonMarshaller;
-import software.amazon.awssdk.awscore.internal.client.handler.AwsClientHandlerUtils;
+import software.amazon.awssdk.awscore.client.handler.AwsClientHandlerUtils;
 import software.amazon.awssdk.codegen.emitters.GeneratorTaskParams;
 import software.amazon.awssdk.codegen.model.intermediate.IntermediateModel;
 import software.amazon.awssdk.codegen.model.intermediate.MemberModel;

codegen/src/main/java/software/amazon/awssdk/codegen/poet/client/specs/XmlProtocolSpec.java

@@ -22,7 +22,7 @@
 import software.amazon.awssdk.codegen.poet.PoetExtensions;
 import software.amazon.awssdk.core.http.HttpResponseHandler;
 import software.amazon.awssdk.protocols.xml.AwsXmlProtocolFactory;
-import software.amazon.awssdk.protocols.xml.internal.unmarshall.XmlOperationMetadata;
+import software.amazon.awssdk.protocols.xml.XmlOperationMetadata;
 
 public final class XmlProtocolSpec extends QueryProtocolSpec {
 

codegen/src/test/resources/software/amazon/awssdk/codegen/poet/client/test-async-client-class.java

@@ -20,7 +20,7 @@
 import software.amazon.awssdk.awscore.eventstream.EventStreamTaggedUnionPojoSupplier;
 import software.amazon.awssdk.awscore.eventstream.RestEventStreamAsyncResponseTransformer;
 import software.amazon.awssdk.awscore.exception.AwsServiceException;
-import software.amazon.awssdk.awscore.internal.client.handler.AwsClientHandlerUtils;
+import software.amazon.awssdk.awscore.client.handler.AwsClientHandlerUtils;
 import software.amazon.awssdk.core.ApiName;
 import software.amazon.awssdk.core.SdkResponse;
 import software.amazon.awssdk.core.async.AsyncRequestBody;

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/AsyncSigV4SubscriberAdapter.java

@@ -18,10 +18,9 @@
 import java.nio.ByteBuffer;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.concurrent.atomic.AtomicLong;
-
 import org.reactivestreams.Subscriber;
 import org.reactivestreams.Subscription;
-import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.annotations.SdkInternalApi;
 
 
 /**
@@ -31,7 +30,7 @@
  * <dd>The trailing empty frame is sent only if there is demand from the downstream subscriber</dd>
  * </dl>
  */
-@SdkProtectedApi
+@SdkInternalApi
 final class AsyncSigV4SubscriberAdapter implements Subscriber<ByteBuffer> {
     private final AtomicBoolean upstreamDone = new AtomicBoolean(false);
     private final AtomicLong downstreamDemand = new AtomicLong();

core/auth/src/main/java/software/amazon/awssdk/auth/signer/internal/Aws4SignerRequestParams.java

@@ -16,14 +16,14 @@
 package software.amazon.awssdk.auth.signer.internal;
 
 import java.time.Clock;
-import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.auth.signer.params.Aws4SignerParams;
 import software.amazon.awssdk.regions.Region;
 
 /**
  * Parameters that are used for computing a AWS 4 signature for a request.
  */
-@SdkProtectedApi
+@SdkInternalApi
 public final class Aws4SignerRequestParams {
 
     /**

core/aws-core/src/main/java/software/amazon/awssdk/awscore/client/handler/AwsAsyncClientHandler.java

@@ -20,7 +20,6 @@
 import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.annotations.ThreadSafe;
 import software.amazon.awssdk.awscore.internal.client.config.AwsClientOptionValidation;
-import software.amazon.awssdk.awscore.internal.client.handler.AwsClientHandlerUtils;
 import software.amazon.awssdk.core.SdkRequest;
 import software.amazon.awssdk.core.SdkResponse;
 import software.amazon.awssdk.core.async.AsyncResponseTransformer;

core/aws-core/src/main/java/software/amazon/awssdk/awscore/internal/client/handler/AwsClientHandlerUtils.java renamed to core/aws-core/src/main/java/software/amazon/awssdk/awscore/client/handler/AwsClientHandlerUtils.java

@@ -13,7 +13,7 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.awscore.internal.client.handler;
+package software.amazon.awssdk.awscore.client.handler;
 
 import static software.amazon.awssdk.utils.CollectionUtils.firstIfPresent;
 
@@ -22,7 +22,7 @@
 import java.nio.ByteBuffer;
 import java.util.Map;
 import java.util.stream.Collectors;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.auth.credentials.AwsCredentials;
 import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
 import software.amazon.awssdk.auth.signer.AwsSignerExecutionAttribute;
@@ -47,7 +47,7 @@
 import software.amazon.eventstream.HeaderValue;
 import software.amazon.eventstream.Message;
 
-@SdkInternalApi
+@SdkProtectedApi
 public final class AwsClientHandlerUtils {
 
     private AwsClientHandlerUtils() {

core/aws-core/src/main/java/software/amazon/awssdk/awscore/client/handler/AwsSyncClientHandler.java

@@ -20,7 +20,6 @@
 import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.annotations.ThreadSafe;
 import software.amazon.awssdk.awscore.internal.client.config.AwsClientOptionValidation;
-import software.amazon.awssdk.awscore.internal.client.handler.AwsClientHandlerUtils;
 import software.amazon.awssdk.core.SdkRequest;
 import software.amazon.awssdk.core.SdkResponse;
 import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
@@ -30,7 +29,7 @@
 import software.amazon.awssdk.core.http.ExecutionContext;
 import software.amazon.awssdk.core.http.HttpResponseHandler;
 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
-import software.amazon.awssdk.core.internal.http.Crc32Validation;
+import software.amazon.awssdk.core.http.Crc32Validation;
 import software.amazon.awssdk.core.sync.ResponseTransformer;
 import software.amazon.awssdk.http.SdkHttpFullResponse;
 

core/protocols/aws-ion-protocol/src/main/java/software/amazon/awssdk/protocols/ion/internal/SdkStructuredIonFactory.java

@@ -17,13 +17,13 @@
 
 import com.fasterxml.jackson.core.JsonFactory;
 import java.util.function.BiFunction;
-import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.protocols.json.StructuredJsonGenerator;
 import software.amazon.ion.IonSystem;
 import software.amazon.ion.system.IonSystemBuilder;
 import software.amazon.ion.system.IonWriterBuilder;
 
-@SdkProtectedApi
+@SdkInternalApi
 abstract class SdkStructuredIonFactory {
 
     protected static final IonSystem ION_SYSTEM = IonSystemBuilder.standard().build();

core/protocols/aws-query-protocol/src/main/java/software/amazon/awssdk/protocols/query/unmarshall/XmlDomParser.java

@@ -30,7 +30,7 @@
 @SdkProtectedApi
 public final class XmlDomParser {
 
-    private static final ThreadLocal<XMLInputFactory> FACTORY = ThreadLocal.withInitial(XMLInputFactory::newInstance);
+    private static final ThreadLocal<XMLInputFactory> FACTORY = ThreadLocal.withInitial(XmlDomParser::createXmlInputFactory);
 
     private XmlDomParser() {
     }
@@ -91,4 +91,16 @@ private static String readText(XMLEventReader eventReader, String firstChunk) th
         }
     }
 
+    /**
+     * Disables certain dangerous features that attempt to automatically fetch DTDs
+     *
+     * See <a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet">OWASP XXE Cheat Sheet</a>
+     */
+    private static XMLInputFactory createXmlInputFactory() {
+        XMLInputFactory factory = XMLInputFactory.newInstance();
+        factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
+        factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
+        return factory;
+    }
+
 }

core/protocols/aws-xml-protocol/src/main/java/software/amazon/awssdk/protocols/xml/AwsXmlProtocolFactory.java

@@ -38,7 +38,6 @@
 import software.amazon.awssdk.protocols.xml.internal.marshall.XmlGenerator;
 import software.amazon.awssdk.protocols.xml.internal.marshall.XmlProtocolMarshaller;
 import software.amazon.awssdk.protocols.xml.internal.unmarshall.AwsXmlResponseHandler;
-import software.amazon.awssdk.protocols.xml.internal.unmarshall.XmlOperationMetadata;
 import software.amazon.awssdk.protocols.xml.internal.unmarshall.XmlProtocolUnmarshaller;
 
 /**

core/protocols/aws-xml-protocol/src/main/java/software/amazon/awssdk/protocols/xml/internal/unmarshall/XmlOperationMetadata.java renamed to core/protocols/aws-xml-protocol/src/main/java/software/amazon/awssdk/protocols/xml/XmlOperationMetadata.java

@@ -13,10 +13,11 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.protocols.xml.internal.unmarshall;
+package software.amazon.awssdk.protocols.xml;
 
 import software.amazon.awssdk.annotations.NotThreadSafe;
 import software.amazon.awssdk.annotations.SdkProtectedApi;
+import software.amazon.awssdk.protocols.xml.internal.unmarshall.AwsXmlResponseHandler;
 
 /**
  * Contains information needed to create a {@link AwsXmlResponseHandler} for the client.

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/AbstractMarshallingRegistry.java

@@ -19,7 +19,7 @@
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.SdkPojo;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.protocol.MarshallLocation;
@@ -28,7 +28,7 @@
 /**
  * Base class for marshaller/unmarshaller registry implementations.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public abstract class AbstractMarshallingRegistry {
 
     private final Map<MarshallLocation, Map<MarshallingType, Object>> registry;

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/InstantToString.java

@@ -17,7 +17,7 @@
 
 import java.time.Instant;
 import java.util.Map;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.SdkField;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.protocol.MarshallLocation;
@@ -29,7 +29,7 @@
  * Implementation of {@link ValueToString} that converts and {@link Instant} to a string. * Respects the
  * {@link TimestampFormatTrait} if present.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public final class InstantToString implements ValueToString<Instant> {
 
     private final Map<MarshallLocation, TimestampFormatTrait.Format> defaultFormats;

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/Marshaller.java

@@ -15,13 +15,13 @@
 
 package software.amazon.awssdk.protocols.core;
 
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 
 /**
  * Marker interface for marshallers.
  *
  * @param <T> Type being marshalled.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public interface Marshaller<T> {
 }

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/StringToInstant.java

@@ -17,7 +17,7 @@
 
 import java.time.Instant;
 import java.util.Map;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.SdkField;
 import software.amazon.awssdk.core.exception.SdkClientException;
 import software.amazon.awssdk.core.protocol.MarshallLocation;
@@ -28,7 +28,7 @@
  * Implementation of {@link StringToValueConverter.StringToValue} that converts a string to an {@link Instant} type.
  * Respects the {@link TimestampFormatTrait} if present.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public final class StringToInstant implements StringToValueConverter.StringToValue<Instant> {
 
     /**

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/StringToValueConverter.java

@@ -16,15 +16,15 @@
 package software.amazon.awssdk.protocols.core;
 
 import java.math.BigDecimal;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.SdkBytes;
 import software.amazon.awssdk.core.SdkField;
 import software.amazon.awssdk.utils.BinaryUtils;
 
 /**
  * Converter implementations that transform a String to a specified type.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public final class StringToValueConverter {
 
     /**

core/protocols/protocol-core/src/main/java/software/amazon/awssdk/protocols/core/ValueToStringConverter.java

@@ -16,15 +16,15 @@
 package software.amazon.awssdk.protocols.core;
 
 import java.math.BigDecimal;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.SdkBytes;
 import software.amazon.awssdk.core.SdkField;
 import software.amazon.awssdk.utils.BinaryUtils;
 
 /**
  * Converts various types to Strings. Used for Query Param/Header/Path marshalling.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public final class ValueToStringConverter {
 
     /**

core/regions/src/main/java/software/amazon/awssdk/regions/MetadataLoader.java

@@ -22,7 +22,7 @@
  * metadata from. Currently only generated region metadata is supported.
  */
 @SdkInternalApi
-public class MetadataLoader {
+final class MetadataLoader {
 
     private static final RegionMetadataProvider REGION_METADATA_PROVIDER = new GeneratedRegionMetadataProvider();
 
@@ -32,15 +32,15 @@ public class MetadataLoader {
 
     private MetadataLoader() {}
 
-    public static PartitionMetadata partitionMetadata(Region region) {
+    static PartitionMetadata partitionMetadata(Region region) {
         return PARTITION_METADATA_PROVIDER.partitionMetadata(region);
     }
 
-    public static PartitionMetadata partitionMetadata(String partition) {
+    static PartitionMetadata partitionMetadata(String partition) {
         return PARTITION_METADATA_PROVIDER.partitionMetadata(partition);
     }
 
-    public static RegionMetadata regionMetadata(Region region) {
+    static RegionMetadata regionMetadata(Region region) {
         return REGION_METADATA_PROVIDER.regionMetadata(region);
     }
 

core/sdk-core/src/main/java/software/amazon/awssdk/core/client/handler/BaseAsyncClientHandler.java

@@ -31,7 +31,7 @@
 import software.amazon.awssdk.core.http.HttpResponseHandler;
 import software.amazon.awssdk.core.interceptor.InterceptorContext;
 import software.amazon.awssdk.core.internal.http.AmazonAsyncHttpClient;
-import software.amazon.awssdk.core.internal.http.Crc32Validation;
+import software.amazon.awssdk.core.http.Crc32Validation;
 import software.amazon.awssdk.core.internal.http.TransformingAsyncResponseHandler;
 import software.amazon.awssdk.core.internal.http.async.SyncResponseHandlerAdapter;
 import software.amazon.awssdk.core.internal.util.ThrowableUtils;

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/Crc32Validation.java renamed to core/sdk-core/src/main/java/software/amazon/awssdk/core/http/Crc32Validation.java

@@ -13,21 +13,21 @@
  * permissions and limitations under the License.
  */
 
-package software.amazon.awssdk.core.internal.http;
+package software.amazon.awssdk.core.http;
 
 import static software.amazon.awssdk.utils.FunctionalUtils.invokeSafely;
 
 import java.util.Optional;
 import java.util.zip.GZIPInputStream;
-import software.amazon.awssdk.annotations.SdkInternalApi;
+import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.internal.util.Crc32ChecksumValidatingInputStream;
 import software.amazon.awssdk.http.AbortableInputStream;
 import software.amazon.awssdk.http.SdkHttpFullResponse;
 
 /**
  * Validate and decompress input data if necessary.
  */
-@SdkInternalApi
+@SdkProtectedApi
 public final class Crc32Validation {
 
     private Crc32Validation() {

core/sdk-core/src/main/java/software/amazon/awssdk/core/internal/http/pipeline/stages/MoveParametersToBodyStage.java

@@ -22,7 +22,6 @@
 import java.nio.charset.StandardCharsets;
 import software.amazon.awssdk.annotations.ReviewBeforeRelease;
 import software.amazon.awssdk.annotations.SdkInternalApi;
-import software.amazon.awssdk.annotations.SdkProtectedApi;
 import software.amazon.awssdk.core.internal.http.RequestExecutionContext;
 import software.amazon.awssdk.core.internal.http.pipeline.MutableRequestToRequestPipeline;
 import software.amazon.awssdk.http.SdkHttpFullRequest;
@@ -48,8 +47,7 @@ private boolean shouldPutParamsInBody(SdkHttpFullRequest.Builder input) {
                !CollectionUtils.isNullOrEmpty(input.rawQueryParameters());
     }
 
-    @SdkProtectedApi
-    public static SdkHttpFullRequest.Builder changeQueryParametersToFormData(SdkHttpFullRequest.Builder input) {
+    private static SdkHttpFullRequest.Builder changeQueryParametersToFormData(SdkHttpFullRequest.Builder input) {
         byte[] params = SdkHttpUtils.encodeAndFlattenFormData(input.rawQueryParameters()).orElse("")
                                     .getBytes(StandardCharsets.UTF_8);
 

core/sdk-core/src/test/java/software/amazon/awssdk/core/http/Crc32ValidationTest.java

@@ -27,7 +27,6 @@
 import org.junit.runner.RunWith;
 import org.mockito.runners.MockitoJUnitRunner;
 import org.unitils.util.ReflectionUtils;
-import software.amazon.awssdk.core.internal.http.Crc32Validation;
 import software.amazon.awssdk.core.internal.util.Crc32ChecksumValidatingInputStream;
 import software.amazon.awssdk.http.AbortableInputStream;
 import software.amazon.awssdk.http.SdkHttpFullResponse;