Merge pull request #258 from 3dcitydb/hotfix-prevent-xxe-vulnerabilities

Prevent XXE vulnerabilities
3dcitydb · Jun 21, 2022 · 2be6ff6 · 2be6ff6
2 parents fed0306 + 124b0bd
commit 2be6ff6
Show file tree

Hide file tree

Showing 60 changed files with 262 additions and 178 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,6 +1,11 @@
 Change Log
 ==========
 
+### 5.2.1 -tba
+
+#### Fixes
+*  Fixed XXE vulnerabilities when parsing XML files. [#258](https://github.com/3dcitydb/importer-exporter/pull/258)
+
 ### 5.2.0 - 2022-05-23
 
 ##### Additions

diff --git a/build.gradle b/build.gradle
@@ -6,7 +6,7 @@ plugins {
 
 apply from: 'properties.gradle'
 
-version '5.2.0'
+version '5.2.1-SNAPSHOT'
 
 subprojects {
     apply plugin: 'java-library'
@@ -35,6 +35,9 @@ subprojects {
         maven {
             url 'https://citydb.jfrog.io/artifactory/maven'
         }
+        maven {
+            url 'https://oss.sonatype.org/content/repositories/snapshots/'
+        }
         mavenCentral()
     }
 

diff --git a/impexp-client-cli/src/main/java/org/citydb/cli/ImpExpCli.java b/impexp-client-cli/src/main/java/org/citydb/cli/ImpExpCli.java
@@ -38,7 +38,7 @@
 import org.citydb.cli.util.CliConstants;
 import org.citydb.cli.util.PidFile;
 import org.citydb.config.Config;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.ProjectConfig;
 import org.citydb.config.i18n.Language;
 import org.citydb.config.project.global.LanguageType;

diff --git a/impexp-client-cli/src/main/java/org/citydb/cli/option/XMLQueryOption.java b/impexp-client-cli/src/main/java/org/citydb/cli/option/XMLQueryOption.java
@@ -28,9 +28,10 @@
 
 package org.citydb.cli.option;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.project.query.QueryConfig;
-import org.citydb.config.util.QueryWrapper;
+import org.citydb.config.util.ConfigConstants;
+import org.citydb.config.project.query.QueryWrapper;
 import org.citygml4j.model.module.Module;
 import org.citygml4j.model.module.ModuleContext;
 import org.citygml4j.model.module.citygml.CityGMLVersion;
@@ -86,7 +87,7 @@ public void preprocess(CommandLine commandLine) throws Exception {
 
     private String wrapQuery(String query) {
         StringBuilder wrapper = new StringBuilder("<wrapper xmlns=\"")
-                .append(ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI)
+                .append(ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI)
                 .append("\" ");
 
         ModuleContext context = new ModuleContext(CityGMLVersion.v2_0_0);

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/GuiCommand.java b/impexp-client-gui/src/main/java/org/citydb/gui/GuiCommand.java
@@ -35,7 +35,7 @@
 import org.citydb.cli.option.StartupProgressListener;
 import org.citydb.cli.util.CliConstants;
 import org.citydb.config.Config;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.gui.GuiConfig;
 import org.citydb.config.gui.style.Theme;
 import org.citydb.core.database.DatabaseController;

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/ImpExpGui.java b/impexp-client-gui/src/main/java/org/citydb/gui/ImpExpGui.java
@@ -33,7 +33,7 @@
 import com.formdev.flatlaf.ui.FlatTabbedPaneUI;
 import org.citydb.cli.util.CliConstants;
 import org.citydb.config.Config;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.gui.style.Theme;
 import org.citydb.config.gui.window.MainWindow;
 import org.citydb.config.gui.window.WindowSize;

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/map/geocoder/service/GoogleGeocoder.java b/impexp-client-gui/src/main/java/org/citydb/gui/map/geocoder/service/GoogleGeocoder.java
@@ -32,12 +32,12 @@
 import org.citydb.gui.map.geocoder.GeocoderResult;
 import org.citydb.gui.map.geocoder.Location;
 import org.citydb.gui.map.geocoder.LocationType;
+import org.citydb.util.xml.SecureXMLProcessors;
 import org.jdesktop.swingx.mapviewer.GeoPosition;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 
-import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathFactory;
@@ -84,9 +84,11 @@ private GeocoderResult geocode(String operation, String requestString) throws Ge
         }
 
         try (InputStream stream = new URL(serviceCall).openStream()) {
-            Document response = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(stream);
-            XPath xpath = XPathFactory.newInstance().newXPath();
+            Document response = SecureXMLProcessors.newDocumentBuilderFactory()
+                    .newDocumentBuilder()
+                    .parse(stream);
 
+            XPath xpath = XPathFactory.newInstance().newXPath();
             GeocoderResult geocodingResult = new GeocoderResult();
 
             // check the response status

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/menu/MenuFile.java b/impexp-client-gui/src/main/java/org/citydb/gui/menu/MenuFile.java
@@ -29,7 +29,7 @@
 
 import com.formdev.flatlaf.extras.FlatSVGIcon;
 import org.citydb.config.Config;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.ProjectConfig;
 import org.citydb.config.i18n.Language;
 import org.citydb.config.project.global.Logging;

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/operation/common/filter/XMLQueryView.java b/impexp-client-gui/src/main/java/org/citydb/gui/operation/common/filter/XMLQueryView.java
@@ -31,7 +31,7 @@
 import com.formdev.flatlaf.extras.FlatSVGIcon;
 import com.github.vertical_blank.sqlformatter.SqlFormatter;
 import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.geometry.BoundingBox;
 import org.citydb.config.i18n.Language;
 import org.citydb.config.project.database.DatabaseSrs;
@@ -54,7 +54,8 @@
 import org.citydb.config.project.query.filter.type.FeatureTypeFilter;
 import org.citydb.config.project.query.simple.SimpleAttributeFilter;
 import org.citydb.config.project.query.simple.SimpleFeatureVersionFilter;
-import org.citydb.config.util.QueryWrapper;
+import org.citydb.config.util.ConfigConstants;
+import org.citydb.config.project.query.QueryWrapper;
 import org.citydb.core.database.DatabaseController;
 import org.citydb.core.database.adapter.AbstractSQLAdapter;
 import org.citydb.core.database.schema.mapping.FeatureType;
@@ -197,7 +198,7 @@ private void setEmptyQuery() {
 
         CityGMLNamespaceContext namespaceContext = new CityGMLNamespaceContext();
         namespaceContext.setPrefixes(new ModuleContext(CityGMLVersion.v2_0_0));
-        namespaceContext.setDefaultNamespace(ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI);
+        namespaceContext.setDefaultNamespace(ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI);
 
         xmlText.setText(marshalQuery(query, namespaceContext));
     }
@@ -324,7 +325,7 @@ private void setSimpleSettings() {
 
         CityGMLNamespaceContext namespaceContext = new CityGMLNamespaceContext();
         namespaceContext.setPrefixes(new ModuleContext(version));
-        namespaceContext.setDefaultNamespace(ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI);
+        namespaceContext.setDefaultNamespace(ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI);
 
         xmlText.setText(marshalQuery(query, namespaceContext));
     }
@@ -437,7 +438,7 @@ public String getPreferredPrefix(String namespaceUri, String suggestion, boolean
 
     private String wrapQuery(String query) {
         StringBuilder wrapper = new StringBuilder("<wrapper xmlns=\"")
-                .append(ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI).append("\" ");
+                .append(ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI).append("\" ");
 
         ModuleContext context = new ModuleContext(CityGMLVersion.v2_0_0);
         for (Module module : context.getModules()) {

diff --git a/impexp-client-gui/src/main/java/org/citydb/gui/operation/database/preferences/SrsPanel.java b/impexp-client-gui/src/main/java/org/citydb/gui/operation/database/preferences/SrsPanel.java
@@ -29,7 +29,7 @@
 
 import org.citydb.cli.util.CliConstants;
 import org.citydb.config.Config;
-import org.citydb.config.ConfigUtil;
+import org.citydb.util.config.ConfigUtil;
 import org.citydb.config.i18n.Language;
 import org.citydb.config.project.database.DatabaseSrs;
 import org.citydb.config.project.database.DatabaseSrsList;

diff --git a/impexp-config/build.gradle b/impexp-config/build.gradle
@@ -1,3 +1,3 @@
 dependencies {
-    api 'org.citygml4j:citygml4j:2.12.0'
+    api 'org.citygml4j:citygml4j:2.12.1'
 }
diff --git a/impexp-config/src/main/java/org/citydb/config/ProjectConfig.java b/impexp-config/src/main/java/org/citydb/config/ProjectConfig.java
@@ -186,7 +186,7 @@ ConfigNamespaceFilter getNamespaceFilter() {
         return namespaceFilter;
     }
 
-    void setNamespaceFilter(ConfigNamespaceFilter namespaceFilter) {
+    public void setNamespaceFilter(ConfigNamespaceFilter namespaceFilter) {
         this.namespaceFilter = namespaceFilter;
     }
 }
diff --git a/impexp-config/src/main/java/org/citydb/config/geometry/package-info.java b/impexp-config/src/main/java/org/citydb/config/geometry/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.geometry;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/components/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/components/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.components;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/database/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/database/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.database;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/exporter/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/exporter/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.exporter;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/importer/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/importer/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.importer;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/preferences/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/preferences/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.preferences;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/style/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/style/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.style;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/visExporter/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/visExporter/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.visExporter;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/gui/window/package-info.java b/impexp-config/src/main/java/org/citydb/config/gui/window/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.gui.window;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/package-info.java b/impexp-config/src/main/java/org/citydb/config/package-info.java
@@ -27,8 +27,9 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
-		xmlns = {@javax.xml.bind.annotation.XmlNs(prefix = "", namespaceURI = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI)},
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
+		xmlns = {@javax.xml.bind.annotation.XmlNs(prefix = "", namespaceURI = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI)},
 		elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config;
 
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/project/common/package-info.java b/impexp-config/src/main/java/org/citydb/config/project/common/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.project.common;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/project/database/package-info.java b/impexp-config/src/main/java/org/citydb/config/project/database/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.project.database;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/project/deleter/package-info.java b/impexp-config/src/main/java/org/citydb/config/project/deleter/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.project.deleter;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/project/exporter/package-info.java b/impexp-config/src/main/java/org/citydb/config/project/exporter/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.project.exporter;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;
diff --git a/impexp-config/src/main/java/org/citydb/config/project/global/package-info.java b/impexp-config/src/main/java/org/citydb/config/project/global/package-info.java
@@ -27,8 +27,8 @@
  */
 
 @javax.xml.bind.annotation.XmlAccessorType(javax.xml.bind.annotation.XmlAccessType.FIELD)
-@javax.xml.bind.annotation.XmlSchema(namespace = ConfigUtil.CITYDB_CONFIG_NAMESPACE_URI,
+@javax.xml.bind.annotation.XmlSchema(namespace = ConfigConstants.CITYDB_CONFIG_NAMESPACE_URI,
         elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED)
 package org.citydb.config.project.global;
 
-import org.citydb.config.ConfigUtil;
+import org.citydb.config.util.ConfigConstants;