Code Review / aai / model-loader.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
[aai/model-loader.git] / src / main / java / org / onap / aai / modelloader / entity / model / ModelArtifact.java
diff --git a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
index 7c9b4c2..73709f6 100644 (file)
--- a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
+++ b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
@@ -287,6 +287,7 @@ public class ModelArtifact extends AbstractModelArtifact {
         StringWriter sw = new StringWriter();
         TransformerFactory transFact = TransformerFactory.newInstance();
         transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
         Transformer t = transFact.newTransformer();
         t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
         t.transform(new DOMSource(node), new StreamResult(sw));
Loads SDC Models into A&AI