forbid direct construction of xml SchemaValidator and Validator

Author: richard-dennehy

build-tools-internal/src/main/resources/forbidden/jdk-signatures.txt

@@ -120,3 +120,11 @@ javax.xml.parsers.SAXParserFactory#newInstance(java.lang.String, java.lang.Class
 javax.xml.parsers.SAXParserFactory#newDefaultNSInstance()
 javax.xml.parsers.SAXParserFactory#newNSInstance()
 javax.xml.parsers.SAXParserFactory#newNSInstance(java.lang.String, java.lang.ClassLoader)
+
+@defaultMessage SchemaValidator should not be used directly. Use XmlUtils#getHardenedSchemaValidator() instead
+javax.xml.validation.SchemaFactory#newDefaultInstance()
+javax.xml.validation.SchemaFactory#newInstance(java.lang.String)
+javax.xml.validation.SchemaFactory#newInstance(java.lang.String, java.lang.ClassLoader)
+
+@defaultMessage Validator should not be used directly. Use XmlUtils#getHardenedValidator() instead
+javax.xml.validation.Schema#newValidator()

x-pack/plugin/identity-provider/build.gradle

@@ -80,10 +80,6 @@ tasks.named("forbiddenPatterns").configure {
   exclude '**/*.zip'
 }
 
-tasks.named('forbiddenApisMain').configure {
-  signaturesFiles += files('forbidden/xml-signatures.txt')
-}
-
 // classes are missing, e.g. com.ibm.icu.lang.UCharacter
 tasks.named("thirdPartyAudit").configure {
     ignoreMissingClasses(

x-pack/plugin/identity-provider/forbidden/xml-signatures.txt

@@ -192,7 +192,6 @@ tasks.named("forbiddenPatterns").configure {
 tasks.named('forbiddenApisMain').configure {
   signaturesFiles += files(
     'forbidden/ldap-signatures.txt',
-    'forbidden/xml-signatures.txt',
     'forbidden/oidc-signatures.txt',
     project(':modules:transport-netty4').file('forbidden/netty-signatures.txt')
   )