Apply defect and Fortify fixes to config bundle code

[appc.git] / appc-config / appc-config-audit / provider / src / main / java / org / onap / sdnc / config / audit / node / CompareXmlData.java

diff --git a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
index e5e2b75..9f1e4c9 100644 (file)
--- a/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
+++ b/appc-config/appc-config-audit/provider/src/main/java/org/onap/sdnc/config/audit/node/CompareXmlData.java
@@ -29,6 +29,7 @@ package org.onap.sdnc.config.audit.node;
 import java.io.IOException;
 import java.io.StringReader;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -121,6 +122,10 @@ public class CompareXmlData implements CompareDataInterface
     public Document getCompareDoc(String inXml) throws ParserConfigurationException, SAXException, IOException
     {
         DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
+        dbFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        dbFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+        dbFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+
         DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
         StringReader reader = new StringReader(inXml);
         InputSource inputSource = new InputSource(reader);