Add security to XSLT class as reported by Fortify
Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b
Issue-ID: CLAMP-54
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
import java.io.StringReader;
import java.io.StringWriter;
import java.io.StringReader;
import java.io.StringWriter;
+import javax.xml.XMLConstants;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.Templates;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
TransformerFactory tfactory = TransformerFactory.newInstance();
public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
TransformerFactory tfactory = TransformerFactory.newInstance();
+ tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
}
templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
}