From 2e5ec6aaac811c9a0efd8f80eef39fd91a1ac9ea Mon Sep 17 00:00:00 2001
From: "Determe, Sebastien (sd378r)" <sd378r@intl.att.com>
Date: Mon, 30 Oct 2017 18:49:26 +0100
Subject: [PATCH] More secure XSLT

Add security to XSLT class as reported by Fortify

Change-Id: I90af6ad54aaf45a3d743638466f29492ca04841b
Issue-ID: CLAMP-54
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
---
 src/main/java/org/onap/clamp/clds/transform/XslTransformer.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
index 684bae3f..59cc56a4 100644
--- a/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
+++ b/src/main/java/org/onap/clamp/clds/transform/XslTransformer.java
@@ -26,6 +26,7 @@ package org.onap.clamp.clds.transform;
 import java.io.StringReader;
 import java.io.StringWriter;
 
+import javax.xml.XMLConstants;
 import javax.xml.transform.Templates;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerConfigurationException;
@@ -45,6 +46,7 @@ public class XslTransformer {
 
     public void setXslResourceName(String xslResourceName) throws TransformerConfigurationException {
         TransformerFactory tfactory = TransformerFactory.newInstance();
+        tfactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         templates = tfactory.newTemplates(new StreamSource(ResourceFileUtil.getResourceAsStream(xslResourceName)));
     }
 
-- 
2.16.6