Code Review / cps.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: d3e791d)
Local DocBuilderFactory fix XEE 76/132876/1
authormpriyank <priyank.maheshwari@est.tech>
Fri, 6 Jan 2023 10:12:59 +0000 (10:12 +0000)
committermpriyank <priyank.maheshwari@est.tech>
Fri, 6 Jan 2023 10:13:05 +0000 (10:13 +0000)
- local DocumentBuilderFactory fix for prevention of XML External Entity

Issue-ID: CPS-1435
Change-Id: Ib88268edc5975bf0fe4e3e56bc704f266280af4b
Signed-off-by: mpriyank <priyank.maheshwari@est.tech>
cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java patch | blob | history

diff --git a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
index 096487f..a0d7701 100644 (file)
--- a/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
+++ b/cps-service/src/main/java/org/onap/cps/utils/XmlFileUtils.java
@@ -49,9 +49,8 @@ import org.xml.sax.SAXException;
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class XmlFileUtils {
 
-    private static final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
-    private static boolean isNewDocumentBuilderFactoryInstance = true;
     private static final TransformerFactory transformerFactory = TransformerFactory.newInstance();
+    private static boolean isNewTransformerFactoryInstance = true;
     private static final Pattern XPATH_PROPERTY_REGEX =
         Pattern.compile("\\[@(\\S{1,100})=['\\\"](\\S{1,100})['\\\"]\\]");
 
@@ -162,16 +161,21 @@ public class XmlFileUtils {
 
     private static DocumentBuilderFactory getDocumentBuilderFactory() {
 
-        if (isNewDocumentBuilderFactoryInstance) {
-            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-            isNewDocumentBuilderFactoryInstance = false;
-        }
+        final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+        documentBuilderFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
 
         return documentBuilderFactory;
     }
 
     private static TransformerFactory getTransformerFactory() {
+
+        if (isNewTransformerFactoryInstance) {
+            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+            transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+            isNewTransformerFactoryInstance = false;
+        }
+
         return transformerFactory;
     }
 }
"cps"