X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=properties-node%2Fprovider%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fccsdk%2Fsli%2Fplugins%2Fprop%2FXmlParser.java;fp=properties-node%2Fprovider%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fccsdk%2Fsli%2Fplugins%2Fprop%2FXmlParser.java;h=f48a21e9dc5605aedee2a695f70f214a43e66e6a;hb=1668af4b170153f07a103e5dfc23c0437629d13e;hp=68b2f74ece2dc0f433ada02e81a88e867d500c8f;hpb=c37395832b700f66f5087c59c2b0e73a4c34922a;p=ccsdk%2Fsli%2Fplugins.git

diff --git a/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java b/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
index 68b2f74e..f48a21e9 100644
--- a/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
+++ b/properties-node/provider/src/main/java/org/onap/ccsdk/sli/plugins/prop/XmlParser.java
@@ -28,6 +28,7 @@ import org.xml.sax.Attributes;
 import org.xml.sax.SAXException;
 import org.xml.sax.helpers.DefaultHandler;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
@@ -57,6 +58,10 @@ public final class XmlParser {
         Handler handler = new Handler(listNameList);
         try {
             SAXParserFactory factory = SAXParserFactory.newInstance();
+
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
             SAXParser saxParser = factory.newSAXParser();
             InputStream in = new ByteArrayInputStream(s.getBytes());
             saxParser.parse(in, handler);