Release version 1.1.0 of sli/plugins

[ccsdk/sli/plugins.git] / restapi-call-node / provider / src / main / java / org / onap / ccsdk / sli / plugins / restapicall / XmlParser.java

diff --git a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/XmlParser.java b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/XmlParser.java
index 7ef776d..42e9e57 100644 (file)
--- a/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/XmlParser.java
+++ b/restapi-call-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/restapicall/XmlParser.java
@@ -4,6 +4,7 @@
  * ================================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights
  *                     reserved.
+ *     Modifications Copyright © 2018 IBM
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,6 +35,7 @@ import java.util.Set;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
+import javax.xml.XMLConstants;
 
 import org.onap.ccsdk.sli.core.sli.SvcLogicException;
 import org.slf4j.Logger;
@@ -41,6 +43,7 @@ import org.slf4j.LoggerFactory;
 import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
+import org.xml.sax.XMLReader;
 
 public final class XmlParser {
 
@@ -57,11 +60,16 @@ public final class XmlParser {
 
         Handler handler = new Handler(listNameList);
         try {
-            SAXParserFactory factory = SAXParserFactory.newInstance();
-            SAXParser saxParser = factory.newSAXParser();
+            SAXParserFactory spf = SAXParserFactory.newInstance();
+            spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            spf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            spf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            spf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);  
             InputStream in = new ByteArrayInputStream(s.getBytes());
+            SAXParser saxParser = spf.newSAXParser();
             saxParser.parse(in, handler);
-        } catch (ParserConfigurationException | IOException | SAXException e) {
+            
+        } catch (ParserConfigurationException | IOException | SAXException | NumberFormatException e) {
             throw new SvcLogicException("Unable to convert XML to properties" + e.getLocalizedMessage(), e);
         }
         return handler.getProperties();
@@ -73,9 +81,8 @@ public final class XmlParser {
 
         private Map<String, String> properties = new HashMap<>();
 
-        public Map<String, String> getProperties() {
-            return properties;
-        }
+        StringBuilder currentName = new StringBuilder();
+        StringBuilder currentValue = new StringBuilder();
 
         public Handler(Set<String> listNameList) {
             super();
@@ -84,8 +91,9 @@ public final class XmlParser {
                 this.listNameList = new HashSet<>();
         }
 
-        StringBuilder currentName = new StringBuilder();
-        StringBuilder currentValue = new StringBuilder();
+        public Map<String, String> getProperties() {
+            return properties;
+        }
 
         @Override
         public void startElement(String uri, String localName, String qName, Attributes attributes)