From: wr148d <wr148d@att.com>
Date: Tue, 20 Jul 2021 16:30:30 +0000 (-0400)
Subject: fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud
X-Git-Tag: 1.9.0~3
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=aai%2Fmodel-loader.git;a=commitdiff_plain;h=35e3de3f0d5b2b02fc6ef92ec577fe6b7cd05e3c;hp=e04245a22340f4b4e55182350dd4640547f98265

fix CRITICAL xxe (XML External Entity) issues identified in sonarcloud

Issue-ID: AAI-3346
Signed-off-by: wr148d <wr148d@att.com>
Change-Id: I76532cc11f348f9c267f5cd87e061b139ce4e7e0
---

diff --git a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
index 7c9b4c2..73709f6 100644
--- a/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
+++ b/src/main/java/org/onap/aai/modelloader/entity/model/ModelArtifact.java
@@ -287,6 +287,7 @@ public class ModelArtifact extends AbstractModelArtifact {
         StringWriter sw = new StringWriter();
         TransformerFactory transFact = TransformerFactory.newInstance();
         transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        transFact.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
         Transformer t = transFact.newTransformer();
         t.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
         t.transform(new DOMSource(node), new StreamResult(sw));