* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights
* reserved.
+ * Modifications Copyright © 2018 IBM
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
+import javax.xml.XMLConstants;
import org.onap.ccsdk.sli.core.sli.SvcLogicException;
import org.slf4j.Logger;
import org.xml.sax.Attributes;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
+import org.xml.sax.XMLReader;
public final class XmlParser {
Handler handler = new Handler(listNameList);
try {
- SAXParserFactory factory = SAXParserFactory.newInstance();
- SAXParser saxParser = factory.newSAXParser();
+ SAXParserFactory spf = SAXParserFactory.newInstance();
+ spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+ spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+ spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+ spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
InputStream in = new ByteArrayInputStream(s.getBytes());
+ SAXParser saxParser = spf.newSAXParser();
saxParser.parse(in, handler);
- } catch (ParserConfigurationException | IOException | SAXException e) {
+
+ } catch (ParserConfigurationException | IOException | SAXException | NumberFormatException e) {
throw new SvcLogicException("Unable to convert XML to properties" + e.getLocalizedMessage(), e);
}
return handler.getProperties();
private Map<String, String> properties = new HashMap<>();
- public Map<String, String> getProperties() {
- return properties;
- }
+ StringBuilder currentName = new StringBuilder();
+ StringBuilder currentValue = new StringBuilder();
public Handler(Set<String> listNameList) {
super();
this.listNameList = new HashSet<>();
}
- StringBuilder currentName = new StringBuilder();
- StringBuilder currentValue = new StringBuilder();
+ public Map<String, String> getProperties() {
+ return properties;
+ }
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes)