fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud

Issue-ID: AAI-3346
Signed-off-by: wr148d <wr148d@att.com>
Change-Id: I76532cc11f348f9c267f5cd87e061b139ce4e7e0

diff --git a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
index 7c9b4c2..73709f6 100644 (file)
--- a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
+++ b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
@@ -287,6 +287,7 @@ public class ModelArtifact extends AbstractModelArtifact {
         StringWriter sw = new StringWriter();
         TransformerFactory transFact = TransformerFactory.newInstance();
         transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
         Transformer t = transFact.newTransformer();
         t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
         t.transform(new DOMSource(node), new StreamResult(sw));