Fortify scan reports vulnerability on

Fortify scan reports vulnerability on SDCRequestTasks.java. Recommends
to set following features on XML factory
factory.setFeature("http://xml.org/sax/features/external-general-entitie
s", false);
factory.setFeature("http://xml.org/sax/features/external-parameter-entit
ies", false);
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl
", true);

Issue-ID: SO-2465
Signed-off-by: Benjamin, Max (mb388a) <mb388a@att.com>
Change-Id: I33d9b16e8836af102523d7d6bc3fc7c2a09d5b64

diff --git a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
index 3383fde..e55fa9e 100644 (file)
--- a/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
+++ b/bpmn/so-bpmn-tasks/src/main/java/org/onap/so/bpmn/infrastructure/sdnc/tasks/SDNCRequestTasks.java
@@ -102,6 +102,9 @@ public class SDNCRequestTasks {
             String asyncRequest = (String) execution.getVariable(request.getCorrelationName() + MESSAGE);
 
             DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+            dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
+            dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
+            dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             DocumentBuilder db = dbf.newDocumentBuilder();
             Document doc = db.parse(new InputSource(new StringReader(asyncRequest)));