From: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
Date: Mon, 30 Oct 2017 17:49:26 +0000 (+0100)
Subject: More secure XSLT
X-Git-Tag: v1.1.0~12
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=clamp.git;a=commitdiff_plain;h=2e5ec6aaac811c9a0efd8f80eef39fd91a1ac9ea

More secure XSLT

Add security to XSLT class as reported by Fortify

Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b
Issue-ID: CLAMP-54
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
---

diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
index 684bae3f..59cc56a4 100644
--- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
+++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
@@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.Templates;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -45,6 +46,7 @@ public class XslTransformer {
 
     public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
         TransformerFactory tfactory = TransformerFactory.newInstance();
+        tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
     }