More secure XSLT

Add security to XSLT class as reported by Fortify

Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b
Issue-ID: CLAMP-54
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>

diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
index 684bae3..59cc56a 100644 (file)
--- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
+++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
@@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.Templates;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -45,6 +46,7 @@ public class XslTransformer {
 
     public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
         TransformerFactory tfactory = TransformerFactory.newInstance();
+        tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
     }