Code Review
/
ccsdk
/
sli
/
plugins.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Disable external entities reference
[ccsdk/sli/plugins.git]
/
properties-node
/
provider
/
src
/
main
/
java
/
org
/
onap
/
ccsdk
/
sli
/
plugins
/
prop
/
XmlParser.java
diff --git
a/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
b/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
index
68b2f74
..
f48a21e
100644
(file)
--- a/
properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
+++ b/
properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
@@
-28,6
+28,7
@@
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
+import javax.xml.XMLConstants;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
@@
-57,6
+58,10
@@
public final class XmlParser {
Handler handler = new Handler(listNameList);
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
Handler handler = new Handler(listNameList);
try {
SAXParserFactory factory = SAXParserFactory.newInstance();
+
+ factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
SAXParser saxParser = factory.newSAXParser();
InputStream in = new ByteArrayInputStream(s.getBytes());
saxParser.parse(in, handler);
SAXParser saxParser = factory.newSAXParser();
InputStream in = new ByteArrayInputStream(s.getBytes());
saxParser.parse(in, handler);